Privacy matters. What information apps can collect for tracking users?

We all use mobile phones, loaded with tons of apps. But have you ever wondered what kind of information every app can collect about you? 

Your contacts

Back in the days when we were not yet thinking about smartphones one of the very first features mobile phones got was an address book. Possibility to store your most frequent contacts directly in the memory of your phone instead of a need to carry a notebook was a revolution!

With smartphones, another revolution happened – every app could then read your contacts!

From the beginning, we had two different approaches on two leading platforms: 

  • On iOS, to access an address book, the app had to ask for permission during runtime. And they still do – if an app is accessing address book, you will be asked to grant or deny such access. Keep in mind that, according to App Store Review Guidelines, an app needs to be operational even if the user does not allow it to read contact. 
  • On Android, at first, the user had to agree on every permission when the app was installed. After that, it had never asked for that permission again.
    That has changed in Android 6.0. Since that version, the behavior is similar to what we have on the iOS – apps needs to ask for such permission when they are launched. 

Keep in mind that on both platforms it is best to ask for contact access when you need that. In other words – it’s a bad practice to ask for every possible permission on app start. Your users would be annoyed!

Your location

Soon after smartphones started to become popular, they have started to get tons of new features. One of the first such features was a GPS sensor. While it has not been available on the first generation of iPhone and first Android devices, it is with us since the iPhone 3G. Also, Android devices started to get shipped with it soon afterward. 

GPS is the main source of location information. It allows helping mobile phone users find themselves on the map, tagging photos with the information where they were taken, and many, many more. However, we should keep in mind that location data can come also from a GSM network or a Bluetooth sensor. 

To use location information apps had to ask for user permission on both iOS and Android. However, the way they needed to do so evolved over time: 

  • On iOS, apps had to ask for runtime permission from the very beginning. Starting with iOS8, apps started to ask for two types of location: when an app was running in the foreground, and when an app was in the background. Nowadays, with iOS 13, the operating system from Apple will ask users if they want to grant location permission for just one app session. From time to time it would also ask them to ensure that background location permission they have granted in the past is still valid. 
  • On Android, before version 6 location permission was accepted upon app install. Nowadays, with Android 10 and 11 whole permission system became similar to the one on the iOS. Check official docs for more details. 

Your digital fingerprint

We are all different. Every one of us has a different daily routine, a different set of apps installed, we choose different roads to go from point A to B, we connect to different WiFi networks, we even hold our phones in a different way. 

And, quite surprisingly, that can be used for identifying people, too! That idea is called digital fingerprinting. While powerful, it is something that needs a deep understanding of the behavior of your users – after all the worse thing that could happen would be misidentyfying users. 

It’s all about ethics 

As a company that has helped to build a number of apps, we always have one piece of advice on data collection when our clients ask: be ethical. That is the approach we are implementing with the help of our Handcrafted Platform, which easily integrates with analytics tools like Mixpanel or Google Analytics.  It’s perfectly fine to access the phonebook if your app has asked about it and clearly shows the result – for example, showing your friends that use that app already. 

And that’s not even taking into consideration the legal part, with GDPR and CCPA. Because for that – most likely – you will need help from the lawyer.