Couple years ago, I worked on a mobile app linked to video and audio recording. I quickly see that, once the user agreed for permissions, it can be easy to track personal data without user noticed it. Let see how limit mobile app permissions to maintain user privacy.

The main issue with being always connected, is that there is more and more informations about us going no one knows exactly where. If I check Messenger permission from  Facebook, it has access to almost all my contents:

  • Location
  • Contacts
  • Photos
  • Microphone
  • Camera

But does this app really need to get all of these access?

Mobile privacy

Don’t think so.

Years ago, I worked on an app to detect noise and brightness. I was able to do that by constantly taking pictures from front camera and recording via microphone. For brightness, I applied basic algorithms and filters to get luminance. At the begin, I debugged it by keeping in memory pictures for second analysis if needed.  Then I realized that it could be easy to add http request to upload these pictures to a dedicated server, and “spy” users when using the app.

Hopefully, there is couple thing in iOS to limit records. You can see a red banner when an app is recording in background (like Shazam), and camera automatically stop recording. But in the foreground, user is not notified obviously.

Microphone privacy

Then I was wondering if Apple can check wrong usage of these permissions during the release process.

The answer is probably not. I guess Apple can test the app, and check if permissions asked is matching, in a way, with features described in the release, but nothing more. My app was approved without any issue.

As a mobile user, I started rejecting all asked permissions an app cannot justify. Even for the user experience, it’s really annoying when you install an app, and discover several popups at first launch. Luckily, a lot of apps start explaining first why they need this access before tracking all data.

Today, it seems easier and easier to get access to user data. To mobile developer: choose wisely what permission and when you ask for it. Think about your final user and their trust. To mobile users, don’t always trust every app you’ve installed, you can’t always be sure what they are doing behind.