One of the casualties of living in a world driven by mobile devices is privacy. User personal data is now a commodity and valuable to many companies. Despite providing consent for data access, most users are likely unaware of the amount of data collected by developers. Equally, unaware of how they can find out what information apps are gathering on them. This is especially important during a time when large-scale data leaks have become a trend, resulting in real concerns over the loss of privacy.
Most apps collect some amount of data from the user, and for some apps the data can be crucial for the functioning of features - as is the case with navigation and mapping apps that rely on positional data. However, apps often ask for access to an excessive amount of personal information. Nevertheless, most users doesn't think twice before giving their consent to any information that the app requests. Developers, in turn, sometimes give this data to software giants such as Facebook and Google whose Software Development Kits (SDKs) are embedded in the apps for ease of building - and access to the huge ad platforms of these companies.
This model has resulted in serious ethical and transparency issues regarding user privacy, with accusations of dating apps such as Tinder, Grinder and OKCupid sharing sensitive personal data with advertisers. In a 2018 study, Kaspersky researchers found that more than four million Android apps were sending unencrypted user profile data such as "names, ages, incomes, phone numbers and email addresses -- and, in one example, dates of birth, usernames and GPS coordinates" directly to advertisers' servers. While researchers and software engineers might have their own highly technical ways of finding out who collects what, most users don't know that they can do to identify what data apps collect without having to master coding.
Tools To Find Out Who Collects What Data
AppCensus AppSearch is a web platform that analyzes and reports personal information collected and shared by free Android apps with third parties over the internet. Each app is extensively tested in labs to obtain the nature and amount of information accessed, as well as whom it is shared with. The analysis report also provides the data accessed while in use, as well as the data it had access to but didn't use. A test of Facebook, for instance, gives a result that suggests the app is not accessing or sharing any information that is permission-protected. Of course, most users typically give full permission for Facebook to access their data.
Exodus is another option, and this one searching for embedded trackers that typically collect user data, as well as app usage data. It also checks for various permissions that an app requires for proper functioning in a smartphone. This is a more useful analysis and gives a better idea of what an app can do, since most users (knowingly or unknowingly) hand over data that an app requests. Exodus provides a list of apps that uses the same trackers as the one tested and gives danger warnings for permissions that could be misused. Meanwhile the only way iOS users can find out about the data collected by apps is via the privacy settings in their iPhones, and through their Apple ID accounts. Although, the company recently upgraded iPhone privacy to notify users if an app is tracking their device, and how often it happens.