You’ve seen the notices pop up on your screen – Allow (application) to Access Your Camera.
Or your microphone. Or your contact list. And the list goes on. And if you’re like most, you tap Allow without hesitation. You then start using the messaging application without giving it a further thought.
But what do these notifications mean exactly? And are they as harmless as they seem?
They’re called permissions. And below we’ll explain them, the consequences of not considering them more carefully, and a few steps you can take to better protect your privacy and the security of your data.
Permissions are concessions or allowances that you, the user, agree to in order to let an application perform its full range of capabilities. With each permission description, the app lays out the conditions which it may affect (or may affect it) while the application is installed or in use.
The permission protocol varies across operating systems and can be confusing as multiple permissions are often presented either at once or one after another in quick succession. Even if the language is clear, the exact meaning behind the permission or why it’s suggested is often unclear. What’s more, consideration of the potential consequences is often ignored.
In a perfect world, the requesting and granting of permission acts as a show of transparency and good faith – indicating that the developer has nothing to hide, while at the same time providing the potential user a more thorough understanding of how the app does what it does. Moreover, the permission is designed to ensure that the app in question is given the data and system access it needs to do its job.
Logically, for example:
Unfortunately not. With the boom in popularity of free messaging applications, so too have increased the permissions which these apps request upon download and registration. For example, apps like WhatsApp, Viber, Telegram, Facebook Messenger, and Trillian can request access to:
This doesn’t mean you should rush to delete these apps. What it does mean, however, is that you ought to consider the ramifications of using them – what data the apps have access to, what permissions you’ve given them, what they’re doing with this information, and what could potentially result from providing this access.
For instance, with access to your hardware, features, location, and data:
Let’s be clear – just because an application is asking for your permission doesn’t mean they’re being straightforward about what they intend to do with your data.
For precisely this reason Facebook has been a regular in the headlines. Over the past year, the social media giant has scraped phone and text message data from Android users, provided Cambridge Analytica access to millions of users’ personal data, and most recently, harvested users’ data through a deceptive “Research” VPN; even going so far as to pay users – many of whom are teenagers – twenty dollars to use the application.
Upon “Trusting,” the app, users consented to providing Facebook limitless data – private social media messages, chats from instant messaging apps, shared media, emails, web searches, browsing activity, and even location information. Now banned by Apple – a clear violation of their rules – the application is still running on Android operating systems.
And while Facebook has perhaps been the biggest violator of users’ data and permissions, they’re not alone. Users of the popular messaging app Telegram have reported instances of unsolicited remote camera access without having first provided permission. What’s more, WhatsApp provides Facebook, its parent company, with users’ personal information, including phone numbers. Supposedly, this is in order to allow businesses to more directly target customers. But by also providing permission to access your location, it opens up any number of hypotheticals.
Let’s say you visit a counselor, for instance. You also happen to have the contact information of an addiction clinic in your phone. With access to your contact information and location, not only could any number of conclusions could be drawn from that data, but that data could end up literally anywhere.
In some instances, you can disable certain permissions after the fact by accessing them through your settings. But why take that risk? And by the time you disable the permissions in question, who knows what data will have already been collected?
You’ve seen enough examples of user data misuse and malfeasance on the part of big tech companies and their applications. And you, the consumer, simply don’t have enough information regarding how they use your data and what they do with remote access to your hardware.
By carefully thinking through the permissions these apps request, inspecting the finer details of each application and its permissions, and, importantly, considering the instant messenger you use, you can begin to better ensure your privacy and the safety of your data.