Default privacy settings in popular mobile apps seem like a convenience, as a single setting lets you control the level of privacy—who can see what actions you perform—for all of the app’s features. But the default privacy settings also pose a potential risk to your privacy.
For example, Venmo, a popular peer-to-peer payment app for iPhone and Android users, allows you to send and receive money to and from anyone who has a Venmo account. This is especially useful for transactions involving multiple people or groups, such as splitting bills.
However, mobile payment apps like Venmo present unique challenges. They combine financial transactions with social media, a combination that can significantly increase privacy risk, especially when coupled with often unclear privacy settings.
Privacy settings in many apps can often make end users more vulnerable to data disclosure, despite being presented as privacy features. These apps intentionally have complicated default privacy settings that paradoxically make the user’s information public rather than private.
Users are often unaware of the additional steps required for optimal privacy settings. Understanding an app’s complex privacy policies may require reading the fine print of each app’s policies.
For example, Venmo’s privacy settings require the user to choose whether to share transactions or friends lists publicly, only with friends, or privately. However, users must set their default privacy settings, past transactions, and friends list separately. The default privacy settings do not include all of the app’s features. Additionally, when you create a Venmo account, all of your transactions are public by default, so your financial activity is immediately exposed to anyone online.
“Discoverable by others”
Unsurprisingly, some prominent individuals, including Republican U.S. vice presidential candidate JD Vance, have made their Venmo privacy settings public, resulting in their Venmo transactions and connections being visible to anyone using the app. These events underscore the importance of understanding these settings to ensure your privacy is protected.
But Venmo is not alone in this. Apple released an app called Journal in late December 2023. Journal helps iPhone users write journal entries about their thoughts and feelings. These journal entries can include photos, videos, cities visited, and other personal activities. The app also uses an on-device artificial intelligence feature to provide personalized suggestions on topics relevant to the user.
Users recently discovered that among the complicated privacy settings of the Journal app was a “Discoverable by Others” option, which posed a serious privacy concern. According to Apple, this feature allows other iPhones that are in your contacts and have Journal to detect when you are nearby. The purpose is to prioritize other users’ Journal prompts by including you.
However, the contacts on your phone aren’t exclusively filled with close acquaintances you’re dying to discover and be discovered by. Instead, your phone contacts may include random numbers, like a plumber you once hired to do maintenance on your home, a real estate agent who was recommended but you never hired, and so on. As with other apps, the problem is that the “Discovered by Others” feature is the default setting for new users, whether or not you have journal suggestions enabled.
How to protect your privacy
The most important step to achieving privacy in a world of ubiquitous digital connections is to take responsibility for your data and privacy. As mobile apps continue to access sensitive information about users, it’s important to recognize that app vendors and owners may not have the incentives to provide the most robust privacy practices. Failure to effectively manage your app permissions and privacy settings may increase the risk of your data being exposed to third parties, including those with malicious intent.
In addition, users too often find it difficult to separate the content of their apps from that of their device. In some cases, they assume that device-level protections are sufficient to mitigate the risk of a mobile app with inadequate privacy protections. However, this is not the case. A good rule of thumb is to check the default privacy settings of each app after downloading it.
The best practice for protecting privacy is to restrict access rather than grant it. App users often mistakenly assume that restricting access can affect an app’s features and quality of service. Therefore, when faced with the decision to grant or restrict access, users tend to grant access and, in many cases, keep the default settings.
In the age of AI and machine learning, mobile apps can be powerful and provide more personalized services with more data. Still, users should be wary of privacy settings that grant more access and permissions than these apps need to function effectively.
It’s important to know that the default privacy settings aren’t always in your best interest. Such settings are designed to give an app access to sensitive data that companies can exploit and that can fall into the hands of hackers and fraudsters through data leaks.
As the complexity of these privacy settings increases, app users must be aware that protecting their data requires vigilance now more than ever.
- The author, Joseph K. Nwankpa, is an associate professor of information systems and analytics at Miami University.
- This article is republished from The Conversation under a Creative Commons license.
