What personal information can mobile apps get from you, and why do they want it?
I have noticed that many apps, the one for the History Channel in particular, want access to my camera, pictures, and phone records. What in god's name do they want with that information? And why are they allowed to even ask?
Why are they allowed to ask? You should be thanking them for the courtesy of requesting your permission. Back in the day, the conniving marketers of the world would simply swipe that stuff off your smartphone without a word and cackle with glee all the way home. So these pop-up access requests, believe it or not, are an improvement. But just as troubling as the all-seeing ad industry, I’d say, is the fact that often Uncle Sam can legally access this information too. The Internet is the Wild West, and we're all just barely hanging on to the bucking broncos of our personal information.
This isn’t a TechCrunch article, so I'll keep things at a level that even non-ironic users of typewriters will understand. Since roughly 2012, when a mobile app called Path was discovered to be uploading users’ entire address books and storing them unencrypted on their own servers, people have been worried about what kinds of data could be taken from their phones, how it could be used, and by whom.
The motivation for gathering personal data is the usual one: money — specifically, the money advertisers can make by matching the right products to the right consumers. Google and Facebook, for instance, both target advertising based on your browsing activity — meaning they can grab information even when you leave their sites. So if you post three Facebook statuses in a day about your love of fried chicken, you'll start getting sidebar ads for weight-loss programs. There’s also internal marketing: apps that involve aspects of social networking want to connect you with other users. Things like Tinder and Google Maps want to use your location. For the 2012 election the Obama and Romney campaigns each created apps that gathered plenty of private voter information without asking.
Generally speaking, we’ve already consented to this. Ever read those endless user agreements when you download apps? Me neither. But if you want the app, you have to accept their terms — all of them, including the parts about them collecting your data. They’re betting you care more about using your phone to find coffee than you do about keeping your searches to yourself, and on balance they’re winning.
Problematically, the apps may well be leaving your harvested data lying around unencrypted, making it low-hanging fruit for hackers or other (legal) investigators. This brings us to part two of your question: privacy laws. In short, they pretty much suck. No one ever claimed Congress acts quickly, but they look particularly poky compared to technology. The two most comprehensive (read: not very) laws on the books are the Electronic Communications Privacy Act and the Computer Fraud & Abuse Act, both of 1986. Neither mentions smartphones, obviously, so recent court decisions have consisted of mostly bemused looks and shrugging. The result is a large gap of lawlessness, currently regulated mainly by damage-control-driven app revisions whenever the truth about personal data storage is revealed.
And one major legal principle in play here doesn’t protect privacy at all: a few 1970s Supreme Court rulings created what’s now called the third-party doctrine, which states that if you allow a third party — e.g., a phone company — access to your information, the government can try to get it from the third party without dealing with you. Thus if cops can’t legally track you, in some cases your phone can do it for them: in 2009 Sprint conceded that law enforcement had made 8 million requests for customer GPS data over a 13-month period. Sure, there’s a positive side — robberies have been linked to locations in status updates, GPS technology has been used to prosecute stalking cases. But it also means Big Brother may not need a warrant to pinpoint where exactly in the park you bought weed off that guy.
One must conclude, in this age of Hobbesian anarchy, that it’s probably best to police yourself. You should understand who might want both your contacts and your cat photos and how they might use it all against you. Feel free to hit "Don’t allow" as often as you like — many apps will still function just fine without access to every nook and cranny.
On a happier note, if History Channel is the app you’re most concerned about, then you’re probably too old to worry about all your “deleted” photos from Snapchat (the company doesn’t guarantee their actual erasure) finding their way to the police, or to hackers, and intimate portraits of otherwise camera-shy anatomy going on public display. Be grateful you spent your adolescence in that bygone era when the stupid decisions of still-developing brains went largely unrecorded. The History Channel may know exactly how many times you’ve called your ex in the middle of the night, but at least the Speaker of the House isn’t looking at pictures of your boner.