Analyzing Privacy in Phone Applications

by Preetisha Sen and Jeanne Kuang

Nine of out 10 American adults use cell phones, but many may not know about the privacy issues that come with them – especially the 56 percent of American adults who own smartphones. As such, we looked at several different phone applications we use on a regular basis to see what kinds of information each application collects, what measures the applications outlined in their policy and what recent privacy issues have come up with the products.

venmo

VENMO

Information collected: Venmo is a mobile social payment app that allows users to connect their bank accounts and pay friends, similar to Paypal. Upon registration it collects your IP address, phone number, name, street address, date of birth and social security number for identification purposes (and to verify the account through the Treasury Department). You can also authorize Venmo to collect your Facebook connect information and other linked social media which would give it access to your Facebook friends’ contact information and friends’ phone numbers. It also collects your bank account numbers, routing numbers and credit card numbers for every account linked to the app.

How it’s handled: Venmo collects so much personal information because it is necessary to access bank accounts, but also to verify your identity to avoid fraud. All information is stored on third party servers that are guarded physically as well as with firewalls and data encryption. Venmo shares some information with other users, such as the number of payments or transactions you have made, but not the monetary amount or the bank account information. Your email and phone number may be shared with Venmo’s parent company Braintree (now owned by Paypal) or companies it might merge with in the event of bankruptcy, but Venmo does not share this information with third parties for marketing purposes. It also doesn’t try to collect information from users under the age of 13.

In the news: Venmo recently introduced a new feature: Venmo Nearby. This feature allows users to find nearby Venmo users for payments (the user does not have to be friends with you). The development has the potential to replace cash in the future—all in-person payments can likely be made on the app. However, the feature raises concerns about privacy. You can choose to turn off the Nearby function, but if left on the app is likely to collect location information wherever you go. Any collected information is usually stored on the phone or on the app’s servers. Additionally, bank information security can be threatened if transactions are made more and more frequently across various mobile devices.

 twitter

TWITTER

 Information collected: Twitter publicly lists names and usernames on its services, such as its search feature. On top of that, Twitter prompts users to include personal information in their Twitter biographies, like current city, website and a photo. Twitter also records all 140-character tweets and direct messages, and knows who you interact with, who you follow and who follows you. Twitter users can choose to have location on in their tweets, which permits Twitter to use and store location information for purposes such as adding more relevant content in each user’s timeline, like local trends or local people to follow.

How it’s handled: Third party services, such as Google Analytics, may collect information to help Twitter improve services such as tailoring advertisements to each user. In addition, when users choose to log in to other websites, such as Instagram, with their Twitter account informations, Twitter has the right to share any information with that third-party. Unlike some companies (such as Apple), Twitter allows users to delete their accounts and in turn, all the information collected. According to Twitter policy, account information will start being permanently deleted after 30 days of a user’s deactivation request.

In the news: Twitter has not had any major breaches of privacy since its founding in 2006, although accounts are often hacked with spam messages. Students at Cornell University were recently faced with a challenge at a case competition last weekend: create a revenue-generating plan for Twitter without violating the privacy of its users. The winning team created a project in which Twitter creates tailors, time-sensitive advertisements for its users. Anticipating negative backlash, the team also included mandatory webisodes that all Tweeters would have to watch so that they understood the new privacy policy.

google

GOOGLE MAPS

Information collected: The Google Maps mobile app collects standard user information from the user’s Google account, as well as the phone number of the device it is installed on. It also collects location information whenever you use it so it can give you directions. This location is determined through nearby phone tower signals, WiFi and GPS information. This information is stored on the device but if you are signed in through your Google account, it can be linked to your name and email address. Of course, most people’s entire cities, including homes, road, offices and other city spaces are displayed on Google Maps’ Street View feature.

How it’s handled: The main thing Google does with your location history is use it to give you more tailored content when you’re searching for other things. If you search for many locations in Washington, D.C., your other search results might be more tailored to Washington, D.C. Your personal information is processed in servers in another country and if signed in, you can review and control what information Google can share. Aside your social shares and the information Google passes along to the domain administrator who manages your account, Google can also share your information with “our affiliates or other trusted businesses or persons to process it for us.”

In the news: There are no publicized data breaches involving the mobile Google Maps, but Google is developing an entirely new Android phone that brings up its own privacy questions. The phone, called Project Tango, is equipped with sensors that “track the full 3D motion of the device, while simultaneously creating a map of the environment,” according to the Google press release. Essentially this phone would be able to map the room around you in 3D. While this may be useful to those who are lost in a building or on an unfamiliar street, or need to remember the dimensions of a room, unanswered questions about the phone remain–where will Google keep the 3D maps of everywhere you go? How would Google share the information for marketing purposes? Is there any way to stop someone from collecting information about the inside of your building?

snapchat

SNAPCHAT

Information collected: On top of standard information such as username, phone number and password, Snapchat temporarily records the contents of each Snap sent and received. Until the recipient of a Snap opens the image, the photos, videos and/or captions are stored on Snapchat’s servers. While Snapchat says each Snap is deleted after that time, the privacy policy also states that it “cannot guarantee that deletion always occurs within a particular timeframe.” Additionally, each time a message is sent, Snapchat collects data such as the time, date sender and recipient of the Snap. It also knows which users most frequently interact with each other and publicly tracks this, as each Snapchat user has a list of best friends that is viewable by any of their Snapchat friends.

How it’s handled: Snapchat says information collected can be used to maintain and improve services, provide customer service and communicate about products, offers and promotions, among other uses. However, the policy includes a blanket statement that Snapchat can use collected information to “carry out any other purpose for which the information was collected,” and with the vague language in the policy this could lead to a variety of data analyses. The privacy policy also states that aggregated data can be shared because the information provided “cannot reasonably be used to identify you.”

In the news: Snapchat had a large data breach at the beginning of this year, when as many as 4.6 million users’ phone numbers and usernames were hacked by a website called SnapchatDB.info. Founder and CEO Evan Spiegel initially refused to apologize for the breach, saying his company was the victim of abuse. But two days after the breach, Snapchat apologized through a blog post, discussing a new feature that “allows Snapchatters to opt-out of linking their phone number with their username.”


Comments are closed.