Common Privacy Violations Found in Apps

Privacy is the selective sharing of information, to the people or entities you choose, at the time and in the method you opt to use.

Digital privacy is not limited to data stored in the cloud or transmitted, but data stored or displayed on your device. As desktop browsers formerly indicated in their private browsing modes, software cannot protect against someone standing behind you, or someone with physical access to your device.

I’ve seen many android apps violating privacy for the sake of higher user engagement. As our smartphones continually more and sensitive information about us, the invasions of privacy of apps has a great impact on our social interactions and potentially even our well being.

Messaging and Photo Sharing Apps

A new trend has messaging and photo sharing apps previewing the latest pictures in your photo library inside of the apps, without any warning. This can lead to embarrassment if you happen to open one of these apps (Twitter, Instagram, Google’s messengers and many more) and happen to have received, saved, or taken photos of a sensitive nature. This could be photos of a significant other, a screenshot taken, an image saved from Imgur or similar site.

What makes this violation especially bad, is these apps provide no context as to why these images appear. A screenshot taken of a social media post using obscene language or making inappropriate comments does not mean you endorse that content – it could be capturing it to show someone who does not have access to it such as a private or since deleted social media post, or to preserve it, like when politicians tweet horrible things we all know they will eventually have to apologize for. A seemingly risque picture may not be as devious as you may think. A man having a picture of a bikini clad woman other than his wife or girlfriend does not mean he’s sexting another woman as the rumor mill may want to think, but it could be the significant other sharing a picture of an outfit they think is cute and are considering buying.

But at a quick glance over the shoulder of an unsuspecting tweeter, and these diminutive previews don’t convey the comprehensive story of the image.

The unpredictability of these previews makes opening your phone in the presents of others a daunting experience. Some apps show any files in your phone’s DCIM folder and others show any recent pictures, even ones cached in apps with a passcode protecting access to them.

Apps that care about the privacy of their users should mandate at least one affirmative opt in to view any pictures – it’s as simple as clicking a gallery icon.

Sharing User Interactions

I’ve always found it to be an incredible violation of privacy and a roadblock to fully utilizing an app to promote your actions and usage of and app or website to your friends and similar users.

Twitter has experimented on and off with pushing actions – User X liked this tweet, or User Y and 5 others RT this – into your timeline. At times, these can be helpful, if you and your friends have similar interests, such as a niche interest site, but in the general use social network like Twitter or Facebook, often your friends will not share many of their interests with you and these recommendations are at minimum wasted, or even annoying. Beyond that, sharing who you recently followed, posts you liked, or other actions that one would not expect to be clearly exposed to other users can promote self censorship in not fully utilizing the app as to hide your actions.

Instagram has always had a Like option. Your likes are publicly visible and are placed in a feed of recent actions for all of your friends and followers. You can find a list of all your likes – but it’s well hidden in your profile settings. Recently, Instagram added a private bookmark option, so you can mark any post for any reason and be able to easily return to it. It could be a picture you cannot like because someone will be angry at it – such as feuding friends, or could be a product you saw and may wish to purchase for your significant other but would not want to alert them to you having seen it.

Information as to how you follow or are friends with is often public. In twitter, it’s public if the single public/private toggle is set to public, private if not, but always accessible to your friends. Facebook has privacy controls for who can see your friends, as well as who besides your friends can find you and how. But regardless of how public this information is, recommending accounts based on the follow action of accounts you follow seems to be a strangely useful (Hey! Your friends found a great new account) but oddly creepy at the same time.

The solution is simple – allow users to opt out of publically sharing this information, without having to have an entirely private account.


In a fight to win the attention wars, apps have struggled to get you to use and rely on them more, with many working hard to build complex recommendations engines, ranging from hashtags and keywords to advanced object detection in photos, to geolocation of the posted item or place it was posted from, as well as remarketing, and keyword and demographic marketing. These’s targeting ads can be outright offensive. I’m personally sick to death of seeing ads for dating apps – especially Russian bride type apps – on twitter. I choose to keep some parts of my life involving some people who aren’t on twitter off that social network, and twitter has determined between my known demographics, demographic information they have purchased and user contributed content (my tweets and profile) that I may want a bride who needs green card. This can’t be further from the truth, but none the less, I’ve had to explain why there’s an ad for Date Asians Today on my screen.

No one wants sensative recommendations on their screen when others are present. This could include dating and personal life choices, medicine and healthcare or accounts that contain potentially sensitive content.

Marking Sensitive information

When real time user generated content is king, it becomes nearly impossible to moderate and the interfaces for this often push content into your screen without action required to fetch it. This leaves room for inappropriate materials to show up at an inopportune time. Tweetdeck, for instance loads the latest tweets automatically, where leaves that up to you to click a notice of new content. Imgur’s app doesn’t allow you to see a preview of the upcoming content, but their website does.

Smartphone use occurs in all environments, at home, the office, the waiting room, the library, on public transportation or out to eat, and the push of information can result in inappropriate information to appear on our screens without warning. While this will likely never go away, giving the user on both ends of the post the control to mark a post as containing sensitive information, and the receiver to have a setting whether or not to show sensative comment, along with a quick response reporting tool to prevent reported content from appearing to others, provides the necessary level of confidence to be able to use the app in public.

Unexpected Sound

As previously mentioned, smartphone use happens everywhere, including places it shouldn’t. Admit it, we’ve all read an article from a news alert while at our desk at least occasionally. But when apps and web pages auto play videos or ads, it endangers the end user. A reader who taps on a push notification only to be greeted with an autoplaying video with sound, may be on their 15 minute break, but if the boss is in a bad mood, that video could cost them their job.


Apps should consider the user in all environments and a variety of content before implementing any feature.

Apps should also have a direct feedback channel for privacy concerns and do intensive beta testing of potentially privacy busting features.


Leave a Reply