Our smartphones are full of all kinds of applications: cards, banks, games, dating. During installation, many of them ask for access to the camera, location, microphone, list of calls and contacts. Most permissions, which users give, seem quite reasonable: eg, dating app wants to access the camera, so you can upload your photo to your profile. But if the game application asks for access to the contact list or geolocation, it seems strange. How apps handle those permissions, which we give them, and how they can be abused, one of the leading Russian experts in the field of open data told Rosbalt, Director of ANO "Infoculture" Ivan Begtin.
- Why do apps need camera permissions, call log, contacts, geolocation? This is done for technical reasons, as required by law or for something else?
- Usually, applications need permissions to perform some of their specific utilitarian functions. for example, if the application provides the ability to scan QR codes or take photos, it requests access to the camera. If any features are related to your location, it will ask you for access to define your coordinates.
Wherein, certainly, there are applications, who abuse it. They have no real functions, which would require certain permits. it, usually, annexes, related to the advertising market and information business. But more often applications are specially developed by authors in that direction., which allows you to get as many permissions from users as possible, to collect information about them, which is expensive and actively sold.
- Let's look at the example of banking applications. Why they might need access to photos and videos?
- Banking applications are now actively developing towards the collection of biometric data. In particular, access to the camera is needed to identify a person by face. Some of them allow you to scan QR codes or collect check details and ask for scans or. They also request access to the camera.
Important to remember: giving the app permission to access the camera, contacts, geolocation or something else, you give this solution forever. Of course, you can revoke it in special settings, but until then, the application will have access to the camera all the time - even then, when you do not scan the QR code and the application on the phone is not active at all. It's the same with determining your location.. for example, you are using banking application, which helps you find an ATM nearby. It would seem, useful function. But again, if you give the app permission to see your geolocation, it is all the time, while active in the device memory, will collect information about your location, not just at the moment, when you click on the button "find an ATM".
- Why do banking applications need access to contacts and calls?
- First of all, access to contacts provides a quick transfer of funds by phone number from the contact book.
Banking apps are generally pretty good at justifying, why do you need access to this or that information. If we talk about access to calls, I can't say for sure, but I know, that some banks use special mechanisms to combat fraudsters, which require such permission. But in my opinion, this is strange. Call information generally refers to communication secrecy., and only special services have access to it. And here, obtained, we ourselves transfer this information to commercial companies, and, voluntarily.
- It turns out, there are objective reasons, by which mobile applications ask us to give access to certain information, and there is a wider field for its application. Which applications can be given permissions relatively safely, and what - no?
- The problem is, that this whole gray market for data is based on hiding information about, why are these or those applications actually created?. For example, you put a free game on your phone, in which there are not even internal payments. But in this free game, the developer crammed a bunch of tracker programs, sending your data to 40-50 online services, who track, what and how do you do on your phone.
- Let's say, applications know, what am i doing on the phone, know my geolocation. What does it give them?
- Information, which they receive, becomes available to everyone, who wants to buy it. There are analytical aggregator services, who sell databases to large players - retail, advertising market. This allows them to manipulate their audience through social media ads., search engines.
Such data is collected about you, which you yourself do not even know about. for example, capture your propensity for spontaneous purchases, celebrate your real interests. Have you read some esoteric article, you have added the tag "esoterics", and now from time to time you will be shoved with advertisements from this sphere. The main point is to manipulate and push for spontaneous purchases.
Besides, users receive additional loyalty tax. for example, if the service knows, that you order a taxi every day, and ready for price fluctuations, he gives you a higher price. Such precedents were, and quite a lot. So, user, who just created an account in the app, will pay less for a trip from the same place, than the user, who has been using the app regularly for several years.
Strong public pressure needed, so that Roskomnadzor stops ignoring this problem, and it wasn't just internet isolation that was on the agenda, but also disclosure. Russian users, least, should have a right to know, who is following them, what information is collected about them, where is it transferred. Then everyone will make his own decision., agree with it or not.
But, Unfortunately, our regulation is on the way of some kind of insane information security, not protecting the rights of users. Therefore, regulation in this area looks rather strange.. Roskomnadzor found pornography on Twitter, and for this he wants to pinch him. In reality, in the world of Twitter, Facebook accused of collecting and leaking a huge amount of user data, and it is from this position that regulation is carried out there, and quite tough, with gigantic fines.
For ten years we have been unsuccessfully trying to change the current legislation and adapt it to new processes - re-identification, depersonalization, anonymization. All this happens because, that the protection of user rights goes through the structure, which, in fact, deals with information security, and, in a rather archaic form. The very interpretation of privacy in the law is very old. Hence all the problems with the regulation of this area and data protection..
Personal data is associated with full name, but business is not interested, that you are Maria Ivanovna Petrova, they are interested in your unique identifier and a bunch of your individual parameters.
- That is, a lot of that, what needs regulation, in our country they simply do not consider personal data?
- Yes, of course. In any database you have a unique identifier, and your full name is not indicated anywhere. But there is also your gender, age, Date of Birth, typical track during the day. Modern platforms use this data, in order to target you as accurately as possible advertising. This allows you to be manipulatively manipulative to manage you as a consumer.. People are the new oil. It is from them that digital platforms are now pumping money.
In fact, it is a giant commercial digital market with huge capitalization, comparable to the budgets of large countries. As this market has evolved and every economically active citizen has a smartphone with tons of apps, then the situation arises, when the owners of these applications, ecosystem owners accumulate even more data, than cellular operators. They collect data not only on movements, but about calls, about actions, about contact list. And, it may not only be a phone book, but also contacts in messengers. certainly, these data are of great interest to the authorities of any country, and give rise to a struggle for jurisdiction.
With regard to law enforcement, their scope of application of this data is limited to a relatively small number of politically active people. them, of course, it's hard, but there are not many of them. Another thing, if the information is received by the tax.
- Let's clarify: while the tax office does not have access to this data, at least, the law?
- Yes, publicly about the availability of such access is not declared, but in the future in one form or another, I think, this will be possible. I would consider the history of state access to data in the first place there, where can it turn it into money: charge additional taxes, cancel benefits.
- If a person is not interested in politics and is not involved in crimes, comes, such commercial "surveillance" is not dangerous for him?
- We have half the country cheating on each other. the, that now private detectives can buy travel information on the black market, calls, and use this information in divorce proceedings, is it dangerous or not dangerous? Half of the country does not pay taxes on wages in our country. For them it is dangerous or not dangerous, if they are caught by the hand?
If information about citizens can be used, to collect fines more or less efficiently, taxes, the authorities will do it. And every time there will be reinforced concrete foundations for this., which we ourselves will look and think: "Well yes, probably, it's not bad, that the state does this ".
The time is coming for total digital control. There are people, who feel quite comfortable in this situation. In many Western countries, a milder form of such control is present.. Another thing, that this control is compensated by clear rules of life and a guarantee of a certain set of social benefits. Question: and we will have such an exchange? Will the state provide us with the same comfort of life in exchange for our data and tight control? I have big doubts about this., because we know how to provide control, but everything else - alas.