Nearly 87% of Android apps and 60% of iOS apps request access to device functions unrelated to their performance, new research by NordVPN reveals.
Cybersecurity and privacy researchers at NordVPN analyzed the most popular mobile apps globally in 18 categories. Up to 14% of apps collect more unnecessary than necessary data for the apps’ performance and only 8% of apps collect no unnecessary data. On average, every fifth requested permission was not needed for the app’s functionality.
“A significant number of mobile apps that we use daily request access to device functions unrelated to their performance. And most users give the app license to spy without even reading the terms and conditions. Users should always consider whether the app needs certain data to do its job before tapping ‘Accept,’ because collected data could be used against our interest. It’s especially important to be more attentive to some categories of apps which are more intrusive, such as social media or messaging apps,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN.
The research revealed that 42% of all apps ask for permissions related to user activities outside the actual app, which means that they aim to collect data about users across other applications and websites. In addition, 37% of the studied apps request access to the user’s location, 35% to the camera, 22% to the photo gallery, and 16% to the microphone.
Social Media and Messaging Apps Raise the Most Concerns
Social networking, messaging, navigation, and dating apps require the most significant number of permissions compared to other categories. They are also in the lead by their requesting of unnecessary permissions. On average, social networking apps request ten unnecessary permissions, navigation apps ask for nine permissions, dating – six, and messaging – five.
Android users can be the least worried about gaming apps. They only request 10 permissions and ask for less than one unnecessary permission on average. While food and drink apps on iOS ask for less than three permissions on average, in terms of unnecessary permissions, productivity apps are in the lead because they almost do not collect unnecessary data.
The East Asia Region Is a Red Zone on the Privacy Map
While category is a stronger predictor of how many permissions and data apps ask for, there is also a geographical effect. On average, apps from East Asia ask for the biggest amount of permissions overall as well as unnecessary permissions — Hong Kong and Taiwan dominate both the Android and iOS charts. At the same time, Android apps from Japan and Singapore also make a strong showing.
“This likely stems from two aspects. On the one hand, different regions have different regulatory environments. But at the same time, these numbers are influenced by the nature of the popular apps studied. East Asian countries are worse in terms of permissions because of the blend of the wide use of social media tools as well as manga and other media apps,” says Warmenhoven.
On the flip side, apps from Mexico made the lowest number of unnecessary permission requests and even the lowest number of permission requests overall for Android. For iOS, apps from Spain and the US made the least overall requests, while apps from Spain, the US, Italy, and Poland made the least number of unnecessary requests.
How to Protect Your Privacy on Apps
To protect your privacy on apps, Adrianus Warmenhoven offers these preventive measures:
- Download from official stores. Unofficial app stores won’t always have systems to check whether an app is safe before it’s published and available to download. Moreover, getting an app from an unofficial source carries the risk of it being modified by criminals.
- Get to know your data permissions. When you download an app, you’ll be asked to give various permissions to access your data. Make sure they make sense to you. If you already have an app, review all the permissions and turn off the ones you don’t want or need, and consider deleting the apps that ask for many permissions (especially if they’re not needed for the app’s functionality). You should pay particular attention to permissions like camera, microphone, storage, location, and contact list.
- Limit location permissions. Many apps request access to your phone’s location services, so ensure you know which apps you’ve granted access to. It’s best to allow apps to track your location only when using the app, rather than all the time.
- Don’t automatically sign in with social network accounts. If you’re logging in to an app with your social media account, the app can collect information from the account and vice versa.
- Delete apps you don’t use. If an app is sitting unused on your screen and you’re not getting anything from it, delete it. Chances are it’s still collecting data on you even if you’re not using it.