Most of the top finance apps collect highly sensitive information on users, through permission settings. This has been revealed to Digital Journal byAras Nazarovas, Security Researcher at Cybernews.
Nazarovas explains: “People download finance apps to manage their money, but many users unknowingly grant them access to sensitive data like live location or even camera access. This doesn’t necessarily mean the apps are spying on users at all times. But it does mean that if a cyberattack or data breach occurs, the potential attack surface is much wider. It highlights just how irresponsible some apps can be with user privacy”.
The research analysed 44 of the top finance apps found through the Google Play Store. This showed that the majority of the apps (86%) ask for camera access, while 61% also request microphone access. In a worst-case scenario, a hacker might be able to spy on the user through these permissions without the user’s consent.
Another area of data privacy concern is where 77% of the apps ask for precise location tracking. In addition, 27% also request access to background location tracking, meaning they want to know where a person is 24/7, even when you they are not using the app.
Storage permissions were also common, according to the survey. Here, 68% of apps want to read files from a device, and 61% want to write to them.
Future protection
Going forwards, Google’s new Privacy Sandbox means that ad-related data access has become more privacy-preserving. Instead of apps directly requesting ad-related permissions, they now interact with Sandbox APIs controlled at the operating system level. This means that Android, not the app, manages the data and user controls in a centralised location. This makes things easier to control in terms of privacy permissions.
The downside is that many apps do not request user consent before using Privacy Sandbox APIs, even though Google strongly encourages this.
While users can opt out manually through settings, many don’t even know they are subject to such ad tracking in the first place.
Privacy Sandbox
Google’s Privacy Sandbox project seeks to create new web standards that protect user privacy by reducing tracking, especially through the phase-out of third-party cookies. This process provides alternatives for digital advertising that do not rely on cross-site and cross-app tracking.
Instead of tracking individuals, the new technologies will begin to rely on techniques like interest-based advertising through “cohorts” of anonymized users and processing data on the user’s device.
Furthermore, the initiative aims to reduce cross-site and cross-app tracking, with a major component being the retirement of third-party cookies in Chrome. Yet this is not certain to apply in all territories. In the UK, for example, the Competition and Markets Authority says there are competition concerns with the proposals to remove third-party cookies.
