In smaller companies in particular, there is often no monitoring of the permitted apps on a company smartphone. Nevertheless, companies and employees should keep in mind which access permissions the apps want to have. heyData took a close look at the access permissions for 100 apps.
On the occasion of the sixth anniversary of the decision on the European General Data Protection Regulation (EU-GDPR), the Compliance-as-a-Service/SaaS company heyData published a study that provides information about the tracking of user data for the 100 most popular apps in the German Google Play Store. After analyzing the access permissions requested by Android apps on smartphones, a ranking of the most data-hungry apps was created. The more access requests are made, the more private user data is tracked.
Social media and messengers are the data octopuses
The study shows that messenger apps and social media are most interested in accessing personal data. WeChat (48 access permissions), Facebook (45), Messenger (44), Signal (44) and WhatsApp (43) are among the ten most data-hungry apps. If you want to use TikTok for free, you have to be tracked in 30 data points.
Applications belonging to the Google group Alphabet, such as Google (75), Gmail (43), Google Photos (37) and Google Drive (34) – also track relatively large amounts of personal data. All Google applications can be found in the top 20 most data-hungry apps. 16 of the 20 biggest data spies belong to a company headquartered in the United States of America, while none of the apps are from Germany.
Companies should pay attention to the apps
heyData's list shows 100 apps that require the most access permissions (Image: heyData).
Although SMEs often use a security app on their employee smartphones, I can usually not control any permitted or prohibited apps. Only larger providers of endpoint security solutions or mobile device management (MDM) offer this. Messenger in particular, such as the popular WhatsApp, must not be used for customer data or consultations because, as a classic app, it is not GDPR-compliant. If the use is mandatory, as is the case with Google, companies should severely restrict the rights within the Google account. With the right privacy settings, you can prevent, for example, location history from being tracked, surfing history from being saved, the digital voice diagram from being recorded, or Google from remembering all the names, addresses and telephone numbers in the address book. A short article at Virus-Hilfe.info gives an overview.
More at heyData.eu