Advertisers Could Be Held Responsible When Mobile Apps Gain Dangerous Permissions From Consumer Devices

Advertisers Could Be Held Responsible When Mobile Apps Gain Dangerous Permissions From Consumer Devices

by  @lauriesullivan, September 25, 2020

Advertisers Could Be Held Responsible When Mobile Apps Gain Dangerous Permissions From Consumer Devices | DeviceDaily.com

With more than 4.7 million apps available in the Google Play Store and Apple App Store, companies are gaining access to an increasing amount of consumer data. The biggest concern is that many of those apps do not reveal their country of origin and the type of consumer data they collect.

Fraud intelligence company Pixalate released a mobile app safety report — H1 2020 Mobile Advertising: App Safety Report — which reveals that in the first half of 2020, 66% of Android apps and 78% of iOS apps had no identifiable address, making it impossible to tell where the apps are registered.

Some 70% of Android apps have at least one “dangerous permission,” such as the ability to access a device’s precise location.

The U.S. is the world’s biggest offender — 77% of U.S.-based Android apps have dangerous permissions, from being able to read the phone’s contacts to answering phone calls.

This is significant for advertisers when considering data protection laws such as General Data Protection Regulations. 

“With GDPR being joined by similar privacy-focused regulations around the world, advertisers would be wise to gain as much visibility as possible into the publishers with which they are doing business, directly and indirectly,” says Jay Seirmarco, Pixalate’s senior vice president of operations and legal affairs.

It’s important to know the country that the apps operate from, and the type of data the apps collect.

For example, apps from Cyprus, a traditional shell company location, have an average of 2.5 million downloads each — more than two times higher than any other app country of registry.

In addition, advertisers can be held accountable if they don’t take reasonable steps to ensure their digital advertisements are not associated outside GDPR regions.  

‘‘Privacy by design is a core tenant of GDPR, and excessive permissioning may be a sign that some developers are not employing this approach,” Seirmarco says.

“In some cases, advertisers may find themselves vicariously liable if they do not take reasonable steps to ensure that data derived from their digital advertisements isn’t tainted by being associated with publishers found to be misusing or selling personal data in violation of privacy laws.”

Among the most common dangerous permissions are the ability to upload and delete files on the devices or to gain precise location or access to camera and pictures, as well as the ability to see the phone number and network information.

MediaPost.com: Search & Performance Marketing Daily

(7)