Smartphone apps are all the rage these days as developers from around the world try their hand at creating the next great app and cashing in on the possible riches that come from being a top app. The problem is that in many cases the users of those apps have no idea where their valuable data could be ending up as most people don’t think twice about that kind of thing as they download and use all those cool apps.
The UK’s The Sunday Times decided to do some app data investigation and track down just where you data being used to sign into those hot apps, or being created by them, is ending up and came up with some surprising finds.
To be clear we are discussing the UK and by default the European Union, which has totally different rules that need to be followed when it comes to your data. As well it is understood that a large degree of smartphone app require you to agree to some sort of data transferring but you can be assured that the majority of people using these apps pay very little, or no attention to what they agree to when they start using these apps.
In many cases it is just a matter of hitting the Accept button or clicking on the Next button with little regard to what they are agreeing to, until things like this come along of course then all hell breaks loose. There are times though when this type of social engineering masks the fact that some of these apps are performing questionable actions with your data.
For this exercise the Sunday Times testers picked 70 basic smartphone apps and using a piece of software called “MiddleMan” they were able to monitor the app data transfers. Out of those 70 apps twenty-one transmitted the phone number, six sent out email addresses, six shared the exact co-ordinates of the phone, and more than half passed along the phones ID number.
When actions like these are taking place within the EU this raises some big concerns given where some of this data is ending up. In order for this type of action to take place and be acceptable under the EU’s privacy laws the destination countries for your data must be on the EU’s list of approved countries, which is very short. As long as your data is heading to servers in one of the listed countries then this is considered to be a free flow of data.
However two countries not on that list are China and India both of which have a large amount of data being sent to them via those cool apps on your smartphone, and in the eye of the EU this not a good thing.
When EU data travels outside the European Economic Area borders, it is said to travel to “third countries.” This can post new risks to the subject’s privacy, and the data enters a minefield of complex legal regulation.
One such regulatory divide is found in Article 25 of the Data Protection Directive (DPD). It demands that the European Commission determine when “third countries” are providing DP standards equivalent to the EU’s DPD.