It’s not your fault: app privacy settings can be really complicated.
Drazen Zigic/iStock via Getty Images
Joseph K. Nwankpa, Miami University
The default privacy settings of popular mobile apps seem convenient because they allow you to control the level of privacy—who can see your actions—for all the app’s features with a single setting. However, the default privacy settings also pose a potential risk to your privacy.
The US app market generated $44.9 billion in 2023, with smartphone users spending 217 billion hours on their apps. The growing popularity of mobile apps is due to their convenience, ease of use, connectivity, and flexibility.
For example, Venmo, a popular peer-to-peer payment app for iPhone and Android users, allows you to send and receive money to and from anyone who has a Venmo account. This is especially useful for transactions involving multiple people or groups, such as splitting bills.
However, mobile payment apps like Venmo present unique challenges. They combine financial transactions with social media, a combination that can significantly increase privacy risk, especially when coupled with often unclear privacy settings.
Complexity of privacy settings
As a cybersecurity professional, I find that the privacy settings of many apps often make end users more vulnerable to having their data exposed, despite being presented as privacy-enabled. These apps intentionally have complicated default privacy settings that paradoxically make the user’s information public rather than private.
Users are often unaware of the additional steps required for optimal privacy settings. Understanding an app’s complex privacy policies may require reading the fine print of each app’s policies.
Acker et al, CC BY-NC-ND
For example, Venmo’s privacy settings require the user to choose whether to share transactions or friends lists publicly, only with friends, or privately. However, users must set their default privacy settings, past transactions, and friends list separately. The default privacy settings do not include all of the app’s features. Additionally, when you create a Venmo account, all of your transactions are public by default, so your financial activity is immediately exposed to anyone online.
Unsurprisingly, several prominent figures, including Ohio Senator and Republican vice presidential candidate JD Vance, have made their Venmo privacy settings public, resulting in their Venmo transactions and connections being visible to anyone who uses the app. These events underscore the importance of understanding these settings to ensure your privacy is protected.
Not just Venmo
But Venmo is not alone in this. Apple released an app called Journal in late December 2023. Journal helps iPhone users write journal entries about their thoughts and feelings. These journal entries can include photos, videos, cities visited, and other personal activities. The app also uses an on-device artificial intelligence feature to provide personalized suggestions on topics relevant to the user.
Users recently discovered that among the complicated privacy settings of the Journal app was a “Discoverable by Others” option, which posed a serious privacy concern. According to Apple, this feature allows other iPhones that are in your contacts and have Journal to detect when you are nearby. The purpose is to prioritize other users’ Journal prompts by including you.
However, the contacts on your phone aren’t exclusively filled with close acquaintances you’re dying to discover and be discovered by. Instead, your phone contacts may include random numbers, like a plumber you once hired to do maintenance on your home, a real estate agent who was recommended but you never hired, and so on. As with other apps, the problem is that the Discoverable by Others feature is the default setting for new users, whether or not you have Journal Suggestions enabled.
How to protect your privacy
The most important step to achieving privacy in a world of ubiquitous digital connections is to take responsibility for your data and your privacy. As mobile apps continue to access sensitive information about users, it’s important to recognize that app vendors and owners may not have the incentives to provide the most robust data protection practices. Failure to effectively manage your app permissions and privacy settings may increase the risk of your data being exposed to third parties, including those with malicious intent.
In addition, users too often find it difficult to separate the content of their apps from that of their device. In some cases, they assume that device-level protections are sufficient to mitigate the risk of a mobile app with inadequate privacy protections. However, this is not the case. A good rule of thumb is to check the default privacy settings of each app after downloading it.
The best practice for protecting privacy is to restrict access rather than grant it. App users often mistakenly assume that restricting access can affect an app’s features and quality of service. Therefore, when faced with the decision to grant or restrict access, users tend to grant access and, in many cases, keep the default settings.
Stay alert
In the age of AI and machine learning, mobile apps can be powerful and provide more personalized services with more data. However, users should be careful of privacy settings that grant more access and permissions than these apps need to function effectively.
It’s important to recognize that the default privacy settings aren’t always in your best interest. Such settings are designed to give an app access to sensitive data that companies can exploit and that can fall into the hands of hackers and fraudsters through data leaks.
As the complexity of these privacy settings increases, app users must be aware that protecting their data requires vigilance now more than ever.
Joseph K. Nwankpa, Associate Professor of Information Systems and Analytics, Miami University
This article is republished from The Conversation under a Creative Commons license. Read the original article.
