Yes! Just because she asked

Vaibhav Sharma

We are fast moving towards a world populated by artificial assistants, be it Apple’s Siri, Microsoft’s Cortana or Google’s not-so-creatively named Assistant. Despite the name, the latter is perhaps one of the smartest forms of AI around. It knows where you are, where you’d be going, is smart enough to give you the weather in advance, currency exchange rates and so on. The best or the worst part, depending on how you look at it, is that we are getting used to this kind of automation. We couldn’t be bothered to input our location to see the weather, the app is expected to ping the phone and secure the necessary information automatically. However, there is a huge flip side to this behaviour.

Whenever we install a new application, it requests certain permissions: to access your personal information such as location, contacts, file system, phone calls and messages and other ‘system’ information. The manner in which apps present themselves implies that granting access to all these is pivotal to the app’s functioning — the result is that we say yes without batting an eyelid. The trouble is that we no longer install small simple utilities or games that perform innocuous functions. Every app tries to be an ecosystem in itself these days. It will want you to access your contacts to invite your friends, it will access messages to send them a link, it will like to secure your location to show other users in the area and this process goes on. By the end of the exercise, you’d have given it control of the entire phone without realising it has the keys to the kingdom. It will know where you live, where you work, your email address and your phone number, your phone’s IMEI number and maybe even your health information. A hot new trend is securing access to the camera and microphone.

Contrast this with how we share information in the real world. Information put down on loan documents, hospital records is regularly lifted and stolen in the black market if we aren’t careful. Identity theft is a problem that has been around for a while now, but digitisation is making it even easier. While apps from established vendors are largely safe, our guard must always be up.

Modes of securing access

Device makers have already built certain safeguards into the phone. Whenever an app tries to access your location, contacts, et cetera for the first time, the phone prompts you to allow or deny that request. This is when you should decide for yourself if the permission sought is congruent with the nature of the app. 

Another manner in which apps are getting access to your information is when you they let you sign in via services like Facebook or Twitter. In doing so, they sometimes request for far more information than is necessary e.g. signing in via Facebook might give them access to your full name, email, age, and even your timeline. It is imperative to read the fine print because, at this stage, Facebook lets you modify the permissions and remove fields you think are unnecessary. 

Why they do so

With a proliferation of free apps, developers are fast moving towards an ad-supported model. This means that every app includes a (usually) third party advertising module. This component of the app wants to know every single thing about you so that it can build a profile and then show targeted ads — based on your location, age, gender and other information. 

There are also times when these profiles are shared with or sold to other third parties, who run a similar operation. We would be lucky if this information is only used to show ads, for such detailed personal is extremely valuable on darker areas of the Internet. 

Legal safeguards

Technology usually laps legislation, net neutrality being a prime example. The situation is no different when it comes to apps. While companies like Google and Apple try and act like gatekeepers to keep rogue apps out of the ecosystem, their efforts are voluntary and driven by their own respective interests. There is no legislation that protects users and their information, and the whole system works on a caveat emptor principle — the buyer must beware. Other than that, it’s an open market that you wade through with your eyes open. This is why some apps don’t even come with privacy policies accessible from within the app, and you seldom have little to hold the developer accountable with or allege a violation of. 

How apps work

Given the cautionary tone of the foregoing, things are not full of gloom and doom. Most apps legitimately require the information they request. A game may need access to your photos to save gameplay screenshots and video. It may use the network to include multiplayer gaming, and it may legitimately read your contacts to tell you if you can play against any of your friends. It is all about the trade-off — convenience Vs privacy. Apps like TrueCaller can tell you who is on the otherwise of the phone, but they will also upload all of your contacts to their cloud to do so.

Keeping safe

With great power comes great responsibility is an oft-repeated cliché, but that is what companies are trying to practice. With listening assistants, a lot of what we’re saying is recorded and sent to the servers — it may be deleted or not be accessible to human with algorithms doing the heavy lifting; it is still information that is out of your control. There is no bar on a court to compel any company to hand over those logs or data and the authorities have been in a tussle with giants like Apple and Facebook over access to such information. But this doesn’t mean we need to be wary of apps or smartphones in general, we just need to make an informed choice. Decide what we value more, an extra click or privacy and choose accordingly. But most of all, never say yes just because she asked.