Taking cognisance of the issue, mobile makers like Apple and Samsung (to name a few) come out with indicators or coloured dots in the notification bars which tell you if your app is using your camera or mic with or without your knowledge. For example, when you open an app with access to a mobile camera, a green dot will become visible at the top right corner of the notification bar.
However, this only helps you identify the fact that you are being spied on or your conversations listened to. Is it illegal? It is possible that you may have been duped into granting permission through the endless fine print in the app agreements that nobody ever reads.
In fact, almost all apps, especially the popular ones, ask for blanket permission. For example, 'bigbasket: Grocery App' collects data about user location, app activity, device or other IDs (!), financial information (user payment information) and personal information, including name, email ID, user ID, address and mobile number. It shares location, personal information, app activity, device or other IDs, financial info and name and user IDs with third parties. All with your consent!
In case you deny it permission to access the data, the app simply won't work!
Another example is 'Blinkit: Grocery in 10 minutes'. This app collects all the info that bigbasket collects, but it also accesses files and docs, photos and videos, and voice and sound recordings from your device! It says the additional data collection points are 'optional'. Unfortunately, most users simply do not check privacy and security features to find out what data is collected from their phones and what is done with it.
'Blinkit: Grocery in 10 minutes' says it collects data from photos and videos for "app functionality, fraud prevention, security and compliance." Seriously? How will accessing personal photos and videos of the user help prevent fraud or help with security and compliance?
Did you know that the voice mode on OpenAI's ChatGPT mobile app runs automatically in the background, even when the app is closed? The app's new feature, 'background conversations', while saying that it 'enhances user convenience', also raises privacy concerns. This feature allows continuous interaction with the app even when the user is not using it or is using other apps. You can, however, turn off 'background conversations' from the settings if you are conscious of these issues.
According to
Block Telegraph, an average smartphone owner uses 10 apps per day and 30 apps each month, so the potential for data collection is vast, and 60% of apps collect data to track users or their devices and share this data across different apps, advertising networks, and companies.
This is true of several apps available on Apple's App Store or Google Play Store. Apple, at least, follows strict norms and scrutinises apps before allowing them on board. On the other hand, given the massive number of apps on its Play Store, it would be very difficult for Google to verify and scrutinise each app with regard to data privacy norms and user safety. The result? Plenty of apps seek blanket permissions to access all functions.
A simple app like a flashlight (not many use it due to the built-in torch feature of smartphones) seeks as many as 25 permissions, on average, that are not even related to its actual use. The majority of free apps seek several permissions right at installation and then monetise your data by showing advertisements or sharing the user's personal data with third parties.
Applications can request permissions to access data or features on devices they need to function properly. For example, the flashlight application needs access to the phone's flash to use it as a flashlight. However, many such applications seek far more permissions than they actually need.
Remember, any mobile app seeking needless permissions to access data is dangerous and can potentially harm you financially or through misuse of your personal data, thus violating user privacy.
Unfortunately, most users are quick and eager to download apps even for things they may use only very rarely. A very small number of phone users are even aware of privacy issues, the misuse of data, or that they can control what data can be accessed by apps, to some extent.
I have also come across naïve users who justify their lack of concern by saying, "I have nothing to hide, so why should I not grant these permissions?" Such 'lazy' reasoning shows complete ignorance of the interconnected and greedy digital world that observes no boundaries.
Apps sometimes request outlandish permissions, but that does not mean they will necessarily carry out malicious activities. However, permissions sought and granted by users to mobile apps are a grey area. For instance, some apps may not work correctly even if a single permission is denied. This needs regulatory attention.
Sometimes, developers who develop 'free' apps integrate software development kits (SDKs) into their code to earn money from advertisers. It allows these SDKs to target users with ads, and thus, the apps request or need countless permissions.
So, what should you do?
1. Before installing any mobile app, make it a habit to read about the app and its reviews. Notice if reviewers comment on whether or not the app does what it says it will do.
2. Check the permissions that the app needs. Granting incorrect permissions can send sensitive data to cybercriminals, including information such as contacts stored on the device, media files and insights into personal chats.
3. Do read the privacy policies and terms and conditions of the app, as mentioned by the developer.
4. Never use any third-party app to carry out critical tasks. If you must use a third-party app for anything on your mobile, check all the permissions required by the app. If you are not comfortable with the third-party app seeking unnecessary permissions, such as the Torch app seeking access to contacts, then do not install the app.
5. If you have already installed such a third-party app, remove it for accessing unnecessary data or information and features, like using a data network, Wi-Fi or Bluetooth.
6. Do not install any app you may have downloaded or received other than from the authentic or official app store.
7. Install a trustworthy antivirus app which acts as a safety net and can identify apps infected with adware or malware.