If you're on Facebook (FB), chances are you've seen friends post brightly colored word clouds of the most-used terms in their statuses. But aside from sharing their inclinations and hangups, they may also be unwittingly sharing their personal data with the company behind the app.
The "Most Used Words on Facebook" app has been called a "privacy nightmare" by the security blog Comparitech, which cites the app's requirement that users disclose personal information including their entire list of friends, everything they've posted on their timeline, all their photos and more. On top of that, Comparitech notes that the company behind the app, a Korean business called Vonvon, may be able to sell consumers' personal information to third-party companies, although its CEO said that it's not storing personal information and added, "We have nothing to sell."
Regardless of whether "Most Used Words" is selling personal data to other companies, the questions raised by the app brings up an issue that most consumers either ignore or hope for the best: the proliferation of apps that require users to give up personal data. Apps are increasingly a confusing minefield of privacy issues, given that a Pew Research Center survey found that apps are now asking for 235 different types of permissions.
That's all for the good of consumers, who often aren't aware of what types of data or permissions they are giving to app companies, even though they profess to care about the issue.
The most common type of permissions that apps ask for involve giving the app access to a smartphone's Internet connectivity, Pew found in its research, which looked at apps offered in the Google Play store.These include "full network access," which is asked for by 83 percent of apps. Then there are permissions that would give the app companies any user information, with Pew finding that about one-third of permissions fell into this category.
Still, consumers can remove permissions except for their public profile and Facebook timeline posts and still play the quiz, although Comparitech notes that most users may not bother to do that.
In an email to Comparitech, Vonvon CEO Jonghwa Kim said that the company doesn't store data except for generating the world cloud, and that it doesn't store personal information. "We never sold and have no plan to sell personal information whatsoever," Kim wrote.
So how should consumers find out about what privacy rights they are giving up, or which types of data they are sharing? When an app first wants to do something that requires permission, it will ask the consumer (as in, "Instagram would like to access the camera." Consumers on iPhones can also open up their settings to look at different apps' permissions, and then toggle off the ones that they don't want to give. It's also important to check the privacy tab in settings to review what different apps are able to tap, such as your contacts or location.