Most desi apps fail on privacy front

Bengaluru: As more smartphone users install apps, privacy concerns are rising around the data being shared while installing these applications. Almost 70% of Indian apps do not take explicit user consent during installation and ask for 3.5 times more permissions than their US counterparts. This was revealed by a study of 100 Indian apps by Arrka Consulting — a data advisory and consulting firm — shared with TOI.

These 100 apps had over 1 million downloads and were spread across various sectors for fair representation — communication, e-wallets, shopping, education, jobs, dating, travel, finance, game, and food & drinks, among others.

Mobile apps often ask for access to your phone camera, microphone, location and call log, among other such things, the study pointed out. In fact, 77% of apps were non-committal when asked what happens to a user's personal data once the apps are deleted. As many as 68% of Indian apps do not let users have a choice to opt out from giving personal information. Essentially what this means is that, after allowing certain sensitive permissions if a user wants to go back and block them, these applications won't allow for it.

For instance, the study said one of the popular weather apps, AccuWeather, was sending location data without users' go ahead. To be sure, there are standard permissions needed by apps before they run on your mobile phones, which are like setting up time zones. But the sensitive ones are like access to the camera (through which the app can create photos and videos), access to microphone, read external & internal storage, SMS and location.

According to the study, this lets apps build a profile of users and can track them. Such apps usually share the data with third-party advertisers and analytics providers. Here, too, Indian apps have a higher percentage of instances of sharing data with thirdparty outlets compared to the US. Almost 94% of such Indian apps share the user data with at least one of the third party outlets.

"There are two sides to the whole issue. First being collection of data and then storage of it. Legislation has to be brought in and then it will create awareness among every stakeholder. The companies need to realise they have to give the choice to the user, and then a user can say whether he/she is willing to share very sensitive data. Bringing legislation can be a good start to address these concerns," said Arrka Consulting CEO Shivangi Nadkarni.

On an average, Indian apps take about almost eight such sensitive permissions before they run on the phone.