15.5-Beware and very selective about the Apps you install and the accesses you allow! -2016-06-28

There is no FREE lunch in this world! When someone offers you something that cost money and time to develop, and provides it to you for FREE or at a very low price, be on your guards! One of the biggest money maker for software Apps companies these days is selling aggregated user data in addition to advertising. The more personal information you grant them access to, the more money they can make. On the other hand, the more personal information you grant them access to, the more you are exposing yourself. WHAT SHOULD YOU DO? This is what this article is all about.

Example of App company abuse

Lately, one of my friend golfer told me about a FREE Golf GPS App I could install on my smartphone to provide me with the distances to the green. Very useful to a golfer for club selection. This FREE App is GolfLogic, presented as the #1 Free Golf GPS App for smartphones. When I got home, I went to the Google Play store to download this FREE App on my smartphone. Before downloading, the App asked me to allow access to information stored or accessible on my smartphone. I know that a golf GPS App ONLY need access to your smartphone “Location” and/or GPS, nothing else.

To my surprise, here are the GolfLogic requested accesses (before their June 23, 2016 update), followed be my comments in italic:

  • In-app purchases – Allows the user to make purchases from within this app. This will allow Golf Logic, amongst other things, to possibly get commissions if you buy something from within the APP. It also informs them of your buying patterns to aggregate and correlate with other info.
  • Device & app history – Allows the app to view one or more of: information about activity on the device, which apps are running, browsing history and bookmarks. This will allow GolfLogic to aggregate and correlate this information with other info to identify your browsing and purchasing patterns that might be of interest to potential customers. It is quite far reaching for a golf GPS App!
  • Calendar – Uses calendar information. This will allow GolfLogic to add Calendar info when it aggregates and correlates your information with other info. In my opinion, this is overreaching.
  • Contacts – Uses contact information. This will allow GolfLogic to access your contacts info (Names, phone numbers, email addresses, …) which they could use to contact your Contacts by phone or email, sell this info, and God only knows what. This opens a dangerous door and is unacceptable in my opinion.
  • Location – Uses the device’s location. This is the only justifiable and valid request for a Golf GPS App, in my opinion.
  • SMS – Uses one or more of: SMS, MMS. Charges may apply. This is overreaching, to say the least. Why would anyone need access to your SMS and MMS to provide the distance to the green on a golf course? This makes no sense, opens a dangerous door and is unacceptable in my opinion.
  • Phone – Uses one or more of: phone, call log. Charges may apply. Another access request that makes no sense. Why would anyone need access to your phone and who you call, to provide the distance to the green on a golf course? This makes no sense, opens a dangerous door and is unacceptable in my opinion.
  • Photos/Media/Files – Uses one or more of: files on the device such as images, videos, or audio, the device’s external storage. Since the App has access to your smartphone internal storage to store the App’s code and its data, why this access? Does it need to look at your photos and listen to your music to provide the distance you are from a golf green on a golf course? Give me a break!
  • Wi-Fi connection information – Allows the app to view information about Wi-Fi networking, such as whether Wi-Fi is enabled and names of connected Wi-Fi devices. This, in my opinion, is far overreaching, to say the least. These people are far too curious for me!
  • Device ID & call information – Allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call. Another access request that makes no sense. Why would anyone need access to my phone and to who I call, to provide the distance to the green on a golf course? This makes no sense, opens a dangerous door and is unacceptable in my opinion.
  • Other – Receive data from Internet. I don’t know what they are after with this, but I don’t like it.

As you can see from the above, to install this FREE App on your smartphone, you are granting access to almost everything that is stored on your phone. This opens yourself to potential serious dangers if this personal info is miss used. Since the only valid access required to operate a Golf GPS App is your Location, the above requests are, in my opinion, unjustifiable and you should stay away from any such App.

The requested accesses AFTER the GolfLogic June 23, 2016 update

NOTE: the requested access, after the June 23, 2016 update, have been reduced to the following five elements that look much more like what is required by competitive products. I have no explanation as to what motivated the change. Above, I have used the previous access request to illustrate the potential dangers in dealing with certain Apps suppliers and the need to be careful and vigilant.

  • In-app purchases – Allows the user to make purchases from within this app.
  • Location – Uses the device’s location.
  • Photos/Media/Files – Uses one or more of: files on the device such as images, videos, or audio, the device’s external storage.
  • Camera – Uses the device’s camera(s).
  • Device ID & call information – Allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.

What should you do if you would like to use a similar APP?

Since, there is no FREE lunch in this world, you will almost never find an App provider that does not try to exploit you, in one way or another, to cover the costs of providing you with a FREE or low cost App. Since privacy when using the internet DOES NOT EXIST, the ONLY way to minimize your risks is to ONLY deal with market leaders that have too much to lose if they were exposed in a scandal for breach of user data confidentiality. IT IS THE ONLY WAY!

The only safe alternative, if you cannot assume any risk, is to not use the internet and smartphones, which is not an alternative in my opinion. Therefore, what should you do?

  1. First, you have to become VERY SELECTVE in the choice of the companies you deal with.
  2. Second, you have to limit your selection to a MINIMUM number of trustworthy companies.
  3. Third, when selecting and installing Apps, you have to PAY CAREFUL ATTENTION before granting access to your devices functions and personal information.

Selecting trustworthy companies to deal with

Since this subject is covered at length in other articles on this web site, I will refer you to these articles that provide such information. Must read articles:

04.4–How to simplify your multi devices computing environment (PCs, laptops, tablets, smartphones, …) – 2016-03-29

and

04.5-How to take full advantage of a multi-technology environment incorporating Microsoft, Google and Apple products-2016-06-03

and

07.5-Google’s indispensable or very useful FREE Apps universe-2015-07-15

These three articles will provide you with a basic set of trustworthy companies and Apps to start with. In addition, this set of recommended Apps will allow you to become technology independent. This means that you will be able to operate most, if not all these Apps, on any of the major technology platforms: Microsoft, Apple and Android. This technology independence offers GREAT BENEFITS! It will allow you to take advantage of the latest, best and lowest costs devices that are or become available. Please explain to me why would anyone not take advantage of such GREAT BENEFITS? 

The undeniable benefits of large trustworthy companies’ accessing our private info

Don’t get me wrong here, about granting access to large trustworthy companies to our personal info. There are great benefits to be gained from doing so, in addition to the use of the FREE Apps and services that we badly need: Gmail, Contacts, Calendar, Google Maps, … It’s good for us that Google, for example, can make money by aggregating our personal info to provide us and others with valuable services.

As an example: if you use the Google’s Map traffic feature to help you navigate around traffic, Google collects from your smartphone where you are at any one time. Does it care about where I am at any one time? NO. It aggregates your progress on the road, along with thousands of other Google’s Map traffic users, in addition to info from other sources, to provide you with real-time traffic updates. Is it not a great FREE benefit? Google can also sell this info to other traffic info users or providers to make money. Who cares? As long as you get this FREE benefit.

Should I worry about the use of my personal info in this way? NO, because companies like Google have enough large sophisticated competitors that would not hesitate to leek any wrong doing. This is why I don’t worry! I fear a lot more the secret “Wiki leak” type espionage by our governments!

There are thousands of benefits, that users often take for granted, that are provided by large trustworthy Apps suppliers using our personal info.

Virtual Assistants with voice recognition

Virtual assistants with voice recognition is where personal computing is heading and it is available now: Google Now, Apple Siri, Microsoft Cortana and Amazon Echo. For less than U$180, you can buy an Amazon Echo box, put it on your kitchen counter and verbally ask it a multitude of questions, have it play music, check the weather and the traffic, …  and it will answer you verbally. The same with Google Now and Apple Siri, on your smartphones and tablets, and Cortana on your Windows laptop. The more personal information these products use the more pertinent and accurate the answers are and will become. Using artificial intelligence and accumulating personal information about your interests, your habits, your previous inquiries, etc. … these products can refine their answers that will often surprise you. The following two articles touch on the subject:  18.01-Voice on today’s smartphones provides the functionality to be more efficient and maximize your productivity-2015-06-17 and 10.01–Windows 10, why should you upgrade? -2015-08-03. I plan to come out with an article dedicated to Personal Virtual Assistants in the future.

Therefore, not all access to our personal info is bad. Some are even great! The risks arise when small unethical companies want to make quick money and use, in a none ethical way, the personal data you allowed access to. This is what you have to be careful of. These are the ones you have to weed out!

What about selecting ad hoc Apps, such as a GPS App, for example?

To illustrate the recommended approach, let me pursue the Golf GPS App selection process that I started above. As you can surely appreciate, after reading the initial GolfLogic access requests above, the access requirements I had to allow were totally disproportionate to the service I wanted and quite risky, in my opinion. Furthermore, I don’t know who is behind GolfLogic and the access requirements they wanted to impose on me MOST UNCOMFORTABLE. Rightfully or wrongfully, I don’t care! This was a flagrant unreasonable set of access requests that I did not feel comfortable with. This is enough for me for not wanting to deal with such a company!

The advice here is: do your due diligence. If something does not feel right, trust your instincts! Don’t feel obligated to accept things that look unreasonable! If you fail at this, be mature enough to assume the consequences of your decisions. Don’t blame the company for asking, blame yourself for accepting. This is the right to learn for the next time !

Here’s what I went through in selecting another Golf GPS App

I reviewed a reasonable number of the Golf GPS Apps and carefully read their description and requirements. In particularly, the access requests. I selected the Swing by Swing Golf GPS App and here’s why:

I first tried to assess the company to determine if I felt it was trustworthy.

I know Swing by Swing Golf as a company in the Golf game scheduling business. I have had an account with this company for several years now. I have been satisfied with my dealing with this company up to now. Therefore, based on my personal knowledge and experience with this company, I am inclined to thrust Swing by Swing Golf. There are no guaranties here, but I am inclined to have fate in this company. This is only an educated guest! Nothing more.

Then, I assessed the Swing by Swing access requests to determine if I could live with the risks. My comments in italic:

Golf GPS Rangefinder & Scoring App, by Swing by Swing Golf.

This app has access to:

In-app purchases – Allows the user to make purchases from within this app.

This will allow Swing by Swing to get a commissions if I buy something from within the APP. It also informs them of my buying patterns to aggregate and correlate with other info. Since I already have an account with Swing by Swing, I can live with this unappreciated request.

Identity – Uses one or more of: accounts on the device, profile data.

This will allow Swing by Swing to access my identification info. I already have an account with Swing by Swing and they already have my account id data. They will have access to the list of my other accounts, which I don’t appreciate, but I can live with this request.

Location – Uses the device’s location. This is the only justifiable and valid request for a Golf GPS App.

Photos/Media/Files – Uses one or more of: files on the device such as images, videos, or audio, the device’s external storage. Since the App has access to my smartphone internal storage to store the App’s code and its data, why this access? Does it need to look at my photos and listen to my music to provide the distance I am from the green on a golf course? Give me a break! On the other hand, since I don’t have any compromising photo and my music is available everywhere, I don’t care much.

Camera – Uses the device’s camera(s). What can they do by accessing my cameras? I don’t know! I have no idea why they request this access? Anyway, I cannot see how it could arm me.

As you can see from my analysis above, I specifically analyzed each access request to determine the potential risks I could face if the accessed info was miss used. As per the above, even if I don’t like providing the requested accesses, I could live with the potential risks that are limited in this case, in my opinion. Therefore, I am ready to take these risks in order to take advantage of this FREE App.

You saw earlier that I was NOT ready to take the risks that the GolfLogic App was requesting from me. This is for you to assess, since you are the ones that will end up the consequences if something undesirable happens.

Finally, delete the Apps that you have downloaded and don’t use regularly

Remember, Apps that are not installed on your device can’t hurt you! Since you often have to make undesirable compromises to use certain Apps, don’t keep them on your devices if you don’t use them regularly. Since, Apps that are not installed on your device can’t arm you, and since it’s a snap to install or delete an App, why keep risky Apps on your devices? Go through and get rid of the unused Apps regularly. This is a smart practice to avoid problems.

CONCLUSION

I hope the above has enlightened you on the potential dangers of downloaded APPs. I also hope that it has provided you with an approach to help you in the selection of the safer Apps, how to avoid the riskier Apps and the importance of not keeping risky Apps on your devices. Better be safe than sorry!