Ever been surprised by the customised service offers for cabs, loans and food delivery options landing in your phone, almost as if…uncannily…somebody had read your mind? Well, it’s not your mind, but your phone that is being read. And it’s not just Big Brother, that one all-seeing eye of modern nightmares, but a whole noisy brotherhood that is tailing you, watching every move you make. Everything you do is data, and that data does not belong to you. It belongs to the marketplace. And a hundred eyes are reading you, breaking you down, reconstructing your every whim and fancy, your every need, and cooking up an offer that will determine the next choice you make of your own free will.
Indeed, many internet users are now aware of and even used to these pop-ups predicting your consumer needs from your data history. In a more innocent world, it might even seem as if the ‘corporate ‘brotherhood’ is trying to help us best decide what we want by giving us the options. But, it gets creepy when you realise that you’re not the only one with access to the SMS texts in your cellphone, your pocket picture gallery…even your call log. The prying eyes come in cheerful pictograms that are sprinkled all over the menu of your fancy Android or Apple phone.
Remember that innocuous looking pop-up (image on left page) that appears on the screen when you install app ‘x’ from Google Playstore. Yes, the one we are all in a hurry to close by clicking ‘accept’. It has a whole list of approvals you grant to the app. Each time you rush to install a mobile app, skipping privacy policy, you are giving permission to the app to scroll through details that pretty much make up an instant biography—everything from text messages to media files, all sorts of nuggets of information that go way beyond the needs of ‘customising via location’. Everything that a data-hungry business, whether a food startup or an MNC, needs to know about you.
This brings us to the next logical question—why and for what do corporates need all this? The answers are disarmingly simple. “Mobile applications need user information to identify individuals who are using the app. Secondly, they use this information to promote their offers. In some cases, this information is shared with third parties to get additional revenues,” says Nenadd Chandorkar, CEO and founder of HostingDuty.com, who has developed more than 40 apps and 300 websites.
Certain apps require permissions that are a prerequisite for their functioning but most of the apps that come for free, cash in on your data by selling it to corporates. “Apps need access to some personal information to fulfil their functionality. For example, a picture application would need access to your camera and personal photo files in order to use that app. But there are cases where lots of information, which these apps crawl on, is clearly unnecessary and unwanted,” says Gopa Kumar, vice-president of Isobar India, a digital marketing agency.
Where do all these bits and pieces of private information go? Bulk data. That’s what big corporates are interested in. Millions of bytes put together form a larger picture that can offer the outline of what a ‘customer trend’ may look like. And so an app not only caters to a basic micro need, meeting the user’s expectations, but also acts as a sieve through which is filtered personal and often sensitive information that gets aggregated as big data and goes into analysing consumer behaviour.
Of course, it’s all laid out as if it’s meant to indulge us. Raju Vanapala, owner of Way2online which has apps like way2sms that boasts about 10 million downloads, says access to personal information helps in analysing consumer needs and consequently personalising services. Generally, apps do not care about your personal texts, he says. What matters to them is which other services you are using and whether that information can help in the growth of the app concerned.
He explains how, and it doesn’t sound very reassuring—App owners read your transactional messages. When you shop at Flipkart, you get a confirmation message from the app. If the rival company’s app shares space on your phone, it will get to know about your picks and show you advertisements of products similar to what you had purchased from Flipkart, perhaps with more tempting deals. Even your financial messages are analysed. The ethics of doing this without your consent is extremely hazy. One may argue that it’s a natural market phenomenon, done by those concerned directly with finances. For example, it can be understood to some degree (if not endorsed) that companies that give loans want to access relevant messages to check if you are a credit card holder, salaried employee, if you have taken any prior loans etc. But, to think that this piece of information is technically and legally available to all those apps you have permitted to have an access to your text messages is quite discomfiting.
Consumer behaviour analysis is a risky story, says Rakshit Tandon, a cyber security expert and consultant at the Internet and Mobile Association of India. It’s understandable why an app would want to know about your personal likes and habits, but yes, there is a risk involved, he says. “We use a phrase for this: big data analytics,” he tells Outlook. Big data analytics is “the process of examining large and varied data sets—i.e. big data—to uncover hidden patterns, unknown correlations, market trends, customer preferences and other useful information that can help organisations make more informed business decisions.”
Some apps, however, claim they stay away from such analytics that can infringe upon the privacy of the user. Raghav Chandra, co-founder of UrbanClap, says they only go the straightforward way and, if the user insists on disallowing each permission, they can still function. “Our idea of app permissions is only to get automation so that the user has less and less manual tasks to do. As of now, we are only going the straightforward way. We don’t even ask for bank account details. If at all there’s a need to use certain information, we’ll notify the user and make its requirement explicit.”
But that’s just one app. There are thousands others snooping around smartphones the world over. Facebook just got a patent approved through which it can keep a track of your expressions via your smartphone camera while you’re going through content. The app giant calls it ‘techniques for emotion detection and content delivery’. “After analysing if the user likes a particular photo or video or not, Facebook will decide whether it wants to show similar media to the user or not,” says Tandon. It sounds more scary when put simply: if Facebook goes ahead with the patent, it can use your own camera to record you without your knowledge! Isn’t the fact that an app can use your camera to record your activities what 21st century nightmares are made of!
As mentioned earlier, some apps sell your information to bigger corporates to generate revenue. Once you have INStalled an app and said yes to app permissions, you virtually lose all right over the information stored in your mobile phone. “Every company requires information of its target audience to sell their products. This information can be easily bought from app developers at a cheap rate. This helps corporates sell product exactly to the target audience, which reduces their marketing effort and ensures higher sales,” says Nenadd.
“Corporates usually get all the information about people—including their name, address, phone number, credit card details, location, general interests, where they work, who their friends are, which websites they visit, when they are online, and their preferred taste in food and films. In a nutshell, they can have virtually all the information about their customer,” says Nenadd.
Sarfaraz, an assistant manager working for a popular app, confirms this. “Some apps do outsource the job of big-data analytics to smaller app developers who charge relatively less and thus get the necessary information about the user without doing much hard work themselves,” he says.
If we go through the tedious task of reading the privacy policy of each app, we may notice a recurrent phrase—‘third parties’. In some cases, even the bigger apps sneakily retain for themselves the right to sell the user’s information to a third party. Most applications also have the right to have access to your information via ‘third parties’ and vice versa.
This might not be as explicit or transparent as the user would like it to be. These third parties comprise advertisement networks, banks where your credit card details are stored, cookies, web beacons etc. For those who don’t know what a ‘web beacon’ is, Webopedia defines it as “an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, placed on a website or in an e-mail, that is used to monitor the behaviour of the user visiting the website or sending the e-mail”.
Even more worrisome is that all of this rides on legal waters. Hence, even if your information gets leaked or is used by someone with a malicious intent, the user cannot claim a right over it. Zomato’s privacy policy, for instance, states, “We assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorised third-party access, or other causes beyond our control.”
In the face of this shape-shifting enemy with a hundred eyes—a full intelligence-gathering network installed inside you—what can a user do to remain proactively vigilant? “First is to take control and change your privacy settings, and turn off permissions which may not be required. Another is to check disclosures of the app that you use and check how secure they are. Change passwords for the app every 1-2 months,” says Isobar’s Gopa Kumar.
Many cyber experts and app developers Outlook spoke to insisted on the importance of going through every app’s privacy policy. It’s not rocket science. One only has to do a simple Google search on the privacy policy for every single app one may want to install to get a better idea of the terms and conditions. But be prepared to spare a good 20 minutes at least to understand what it says. It is a tedious job and most users do not want to take such pains.
This is what the mobile apps are perhaps taking full advantage of. “Apps are smart. They know you will not spend time Googling and researching what every single tech word means. Nothing, thus, happens discreetly. Everything is already mentioned, in perhaps vague terms, in the privacy policy and terms and conditions. If only you read them,” says Sarfaraz.
In the politest of terms, mobile applications will convince you they are ‘trying their best’ to keep your information safe. Tandon feels that in the end, it is not the app’s fault: “You, as a user, are giving them full control to use, store and, in some cases, even sell your information. The only thing you can do is read the terms and conditions, understand your rights and that of the app and take decisions accordingly.”