Every few months, reporting and research uncover a company that has had a data leak or sold its user data. With companies like Facebook, Grindr and others making headlines, it is apparent that customer data is particularly vulnerable as mobile device use increases. Here are several important privacy issues making the news today, as well as things you can do to prevent companies from sharing your personal information.
How Do Companies Collect and Use Your Personal Data
Customer data can be collected in a few different ways: directly asking customers, indirectly tracking customers, and by appending other sources of customer data to your own. There are also many avenues companies use to collect customer information, including:
- order forms
- warranty cards
- customer rewards programs
- customer satisfaction surveys
- feedback cards
- customer competitions
- your website
Companies tend to use your personal information to create a ‘profile’ where they can retarget you for advertisements that match your interests based on your search terms, video views, interactions and more. Your data is also used to measure ad performance and shared with other advertisers so they can create ads that are even more effective.
Facebook Unable to Account for Much of Personal User Data
You may remember that back in 2018, Gizmodo called out Facebook for sharing phone numbers that users’ provided for 2FA and feeding it to its “people you may know” feature, as well as to advertisers. As a personal user, I’m glad the company eventually stopped the practice. So what did the company do now with user data?
According to a report leaked by Motherboard, Facebook is unable to account for much of the personal user data under its ownership, including what it is being used for and where it’s located. The report also shed light on how the platform is often in the dark about the personal data of its estimated 1.9 billion users. The two engineers who wrote the report stated, “We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’” Also noteworthy: a Facebook spokesperson spoke to Motherboard after the document was leaked and said, “Considering this document does not describe our extensive processes and controls to comply with privacy regulations, it’s simply inaccurate to conclude that it demonstrates non-compliance.”
So where is the user data and what is Facebook doing about these accusations? Facebook representatives mentioned on a call to Motherboard that the company is trying to get ahead of data privacy laws and regulations. They admit to not having technical control over every piece of data, but are investing in ways to automate and analyze data. Facebook says they already have mechanisms to manage user data, such as an opt-out flag that lets users opt out of sharing their data with advertisers, as well as disclaimers stating what data can and can’t be used for.
Grindr Shares Location-Based Data
The company Grindr, a popular gay dating app, admitted to sharing location-based data with ad networks since 2017, as originally reported by the Wall Street Journal. While the data that was purchased didn’t include names or phone numbers, the information that came from Grindr was sometimes specific enough to assume romantic liaisons between users based on their mobile devices’ proximity. At the time, Grindr executives believed that the data sharing wouldn’t pose any risk to user privacy. Scary, isn’t it? Grindr claimed they stopped sharing location data two years ago, but historical data may still be available.
Mental Health & Prayer Apps Have Little to No Privacy and Security
In the first year of the COVID-19 pandemic, global prevalence of anxiety and depression increased by a massive 25%, according to a scientific brief released by the World Health Organization (WHO) today. With little to no access to in-person care and long waiting lists for those who saw patients face-to-face, many sought out online support. In the latest iteration of Mozilla’s guide, their team analyzed 32 mental health and prayer apps. And of those 32 apps, 29 were given a “privacy not included” warning label, which indicates the Mozilla team had concerns about how the mental health and prayer application manages user data. With such a sensitive topic as mental health, there is a great concern that researchers found the apps had little to no regard for protecting sensitive information and the security of the apps. According to Mozilla, the apps with the poor data privacy and security practices are Better Help, Youper, Woebot, Better Stop Suicide, Pray.com, and Talkspace.
Take Control of Your Personal Data
Your favorite apps are likely collecting customer information and could be selling personal information to third parties. But how can you keep your information private from corporations and hackers alike? Quokka’s Mobile Application Security Testing (Q-MAST) solution automatically tests the security and privacy of any mobile app, without needing access to source code. Quokka’s platform performs automated Static Analysis and Dynamic Analysis without a human-in-the loop, speeding up security and privacy testing to quickly and efficiently identify known and unknown vulnerabilities in any mobile app.
You can leverage Q-MAST to continuously assess the security and privacy of any mobile device against the highest internationally recognized software assurance standards published by the National Institute of Standards and Technologies (NIST), National Information Assurance Partnership (NIAP), and Open Web Application Security Project (OWASP).