When Apps Ruin Your Credit Score

Picture: iStockphoto

There’s no doubt that smartphones and apps make our lives easier in many respects: Whether we’re trying to find our way around a strange city, sending free messages to friends via WhatsApp or Facebook Messenger, or searching for a recipe on the fly. But are they really as harmless as they seem? According to data protection specialists and Stiftung Warentest (an unbiased German organization that investigates and compares consumer goods), apps are dangerous “spies”. This article looks at the main risks of apps and explains what you can do to avoid them.

Simone Vintz from Stiftung Warentest looked at the levels of security offered by app stores such as Android Market, Windows Phone Marketplace, and iTunes. Her aim was to find out how much information consumers are given when they purchase an app, what kind of data app suppliers gather from consumer smartphones, and what happens with this data.

Privacy policies that no-one understands

Vintz criticizes the fact that the terms of use (or terms of service) published on app stores are often highly technical, and that some stores’ privacy policies contain vague and ambiguous formulations. Moreover, she found that certain stores’ terms and conditions even contained a large number of legally inadmissible clauses. Be that as it may, she says, “It’s unlikely that any more than a handful of people will wade through 20 pages of terms and conditions.”

If a consumer wants to ask a question about an app or report a problem, it can be almost impossible to make contact with the supplier. Around 50% of the app stores that Simone Vintz investigated did not even contain company information or contact details.

A major risk is posed by apps that do not use encryption, such as WhatsApp and iTranslate. Unsecured wireless networks, such as those that are commonly found in airport terminals and coffee shops, are particularly prone to this threat, because any curious individual can intercept unencrypted texts sent via these networks quickly and with ease. Complete strangers need nothing more than a few simple programs to read private texts and access e-mail addresses and personal data.

However, an even greater danger threatens when passwords − for e-mail inboxes, social networks, and even online banking − are cracked. “Many people use the same or very similar passwords for multiple online activities. But programs exist that enable hackers to try out all the possible combinations of one known password until they find the right password for another site,” says Simone Vintz. She therefore advises everyone to think of a different password for each app and to use as many different characters and numbers in these passwords as possible.

Next page: The market of personal data

The market for personal data

Some apps, such as WhatsApp, pass users’ personal and address book data to third parties without their prior consent. These real names, real telephone numbers, and real e-mail addresses are passed on in clear text and not as anonymous hash values.

The terms of use/service published on app stores often state that the app supplier will share data with “a partner”.  However, it is not always clear who this partner is. In most cases, though, it is a marketing group such as Flurry, Inc. Its objective is to create highly accurate customer profiles that can be sold to advertisers, who then use it to conduct targeted online advertising in a process known as “retargeting”.

Another problem is that data passed on in this way can also be aggregated and evaluated in order to create profiles of entire customer groups – a process that can have negative consequences for individual “members” of those groups. “Consumers get pigeonholed,” says Simone Vintz. For example, a consumer may suddenly find that he or she is unable to make online purchases by direct debit. Why? Because his or her “customer-group profile” predicts that the probability of him or her having good creditworthiness is low – even if this is absolutely untrue. This happens because the consumer’s creditworthiness is not assessed on the basis of his or her individual data but on general parameters for an entire group of people.

Angry Birds works with a device ID that sends all of a user’s game movements to Flurry, Inc. The marketing company then knows how, when, and where each user plays the game. This enables a  categorization process to take place, which can even lead to users being unable to obtain credit.  “The affected person is in a catch-22 situation. Who can he complain to? The app supplier, the bank, the app store?” asks Simone Vintz. She is strongly in favor of greater transparency in this area. App suppliers, she says, should specify whom they pass data to so that the consumer knows precisely which companies have access to their personal information.

Automatic updates are cost-traps

Marcus Pritsch, a project lead at Stiftung Warentest, considers malware as a major threat to consumers who download apps without knowing their precise origin. The larger stores such as iTunes, Android Market, Windows Phone Marketplace, and BlackBerry App World generally check apps for malware before they offer them for download.  It is therefore better to steer clear of downloading apps from private websites, says Pritsch, because nobody can guarantee that they are safe to use.

Many apps update themselves automatically. One example are map services. These updates can rapidly turn into cost-traps, however, if, for example, you want to quickly check your e-mails or surf in social networks while you’re traveling abroad and you forget to cancel your Internet access again afterwards.

Marcus Pritsch advises consumers to look carefully at the access rights they grant to apps when they download them to their smartphones in order to avoid becoming “visible to all”. If in doubt, he says, it’s safer not to download them at all!