What does your phone know about you?

In the past year, smartphone users have downloaded a staggering 204 billion apps - that’s 26 times the population of the Earth - and spent around £93 billion ($120 billion) in doing so.

These downloads have only increased in 2020, up by 40% year on year, likely due to social distancing measures and lockdowns, but what do these apps know about us and what are we agreeing to?

thinkmoney has analysed the most downloaded apps of 2020 to uncover what permissions they ask from users, what the riskiest app permissions are and even if they could be costing us money we didn’t realise.

90% of Brits accept terms and conditions without fully understanding what they mean

The European Commission produced a report on attitudes towards terms and conditions and found that 90% of Brits generally accept them without fully comprehending what they are agreeing to.

It’s been said that the language in terms and conditions could be too complex and wordy, leading to people ignoring extremely important information. The same tale can even be seen across the pond, as another study found that 97% of Americans also agree to terms and conditions without even reading them. But why is that?

It would take 17 hours to read the terms of the top 13 most downloaded apps in the UK

thinkmoney calculated the number of words in the privacy/data policies and terms of services of the 13 most downloaded and popular social media apps, and they totalled 128,415 words - three times the size of a novel. This is also 30,000 more words than J.R.R Tolkien’s book, The Hobbit.

It can take around one minute to read 125 words, meaning it would take the everyday individual 17 hours from start to finish to understand what they are agreeing to when downloading the application. This explains why many are unlikely to read the terms.

Candy Crush T’s & C’s are longer than social media apps analysed

Surprisingly, the privacy policy and terms of service of King – the owners of Candy Crush - are longer than that of all social media apps analysed at 14,189 words - almost half the average size of a novel. Their policy details information on how they share certain personal information until you opt-out, suggesting you do need to read through what you would like to accept before downloading.

You could watch 370 videos in the time it would take to read TikTok’s data policy and terms of service

Of all of the social media apps analysed, TikTok’s data policy and terms of service are the longest. Totalling 11,698 words, it would take 1 hour and 33 minutes to read the important information before downloading the application, so it’s little wonder so few do.

In fact, the average TikTok video length is 15.6 seconds, so you could watch 370 videos in the time it would take to read the policies.

Facebook, Messenger and Instagram’s privacy policies and terms of service are twice the size of the average dissertation

When calculating the number of words making up Facebook, Messenger and Instagram’s data/privacy policies and terms of service, which users have to accept before downloading, we discovered that totalled a staggering 24,003 words.

The average length of an undergraduate’s dissertation is 10,000 - 15,000, which means that the policies for these hugely popular applications are substantially longer - almost double.

So, what are our apps accessing?

92% of the most popular apps ask for camera and microphone permissions

thinkmoney analysed the most downloaded and popular social media apps of 2020* to discover what permissions they required that users might not be aware of or understand what they mean.

Their research found that 92% of the apps analysed asked for access to the camera and photos stored on the phone, as well as access to the microphone. This is due to using apps to create videos, call friends etc. Of all of the apps analysed, only Candy Crush didn’t require camera and microphone access.

The security loophole that could come with granting camera access

Former Google tech developer, Felix Krause, revealed that there previously had been a security loophole within iOS regarding camera access. So, if you had granted permission for an app to access your camera, it could potentially:

• Access both the front and the back camera
• Record you at any time the app is in the foreground
• Take pictures and videos without telling you
• Upload the pictures/videos it takes immediately
• Run real-time face recognition to detect facial features or expression

With new updates, most applications will not have access to do any of the above and will simply use your camera in order to provide full functionality to the app, it’s always worthwhile checking if you are happy with granting camera access. It’s also important to always download official applications which state what and why they use permissions.

Nearly ⅔ of apps analysed can build up a list of places you have visited

A further 62% of apps thinkmoney analysed required your location to enable app functions, including GPS-specific location. Whilst these permissions can be asked to provide full functionality for the user, it’s important to note that once you grant access, your phone can build up a list of places you have been. They can even understand the frequency with which you visit certain places.

Giving apps access to your location means that they are also able to pull in bearing and altitude information on a single location, so they can even roughly guess which floor you are on or happen to live on.

If you don’t want to share your location, you can turn off permissions within the settings of your phone. However, it’s important to note that this could affect the usability of the application.

Beware of older apps that can modify your USB storage

One common Android app permission is to ‘modify or delete the contents of your USB storage’. However, this isn’t as worrying as it may sound. Google has done a lot to make this permission harmless with recent updates, so apps that offer regular updates should not be affected.

This did once mean exactly what it says, but apps now can only gain the information they need to run their app successfully. However, applications that you have downloaded that didn’t come from Google Play could use this for purposes that you didn’t intend. So, always double-check you are downloading applications officially through the recommended channels.

Facebook and Messenger ask for the most permissions

Of the apps that thinkmoney studied, Messenger and Facebook required the most permissions - 46 and 45 respectively.* Some of the permissions included access to your precise location, contacts, phone, microphone and camera, which are said to be some of the more risky permissions. However, they are also required to Facetime or message your friends.

It’s important to be aware of these requirements and know what you are accepting - particularly as Facebook was famously the victim of a hack that exposed the personal data of 50 million users - which is more than the population of Spain.

What permissions should you worry about?

This question depends entirely on the application and learning the finer points of each would take time. ‘Full network access’ is a permission that all Android apps required, but that is necessary for them to connect to the internet. However, if you were to combine that with other permissions, such as ‘read your contact list’, they could send the contents of your contact list over the internet.

But that doesn’t mean any of the apps will do the above, you just need to be aware of what you are accepting, particularly for apps where the permissions don’t make much sense.

Gmail asks for more permissions than Instagram and TikTok

When analysed, Gmail asked for more permissions than both Instagram and TikTok, with TikTok even recently hitting the news due to worries about their handling of data. Similarly, TikTok has just recently been banned in the US. However, it’s important to note that, while they do ask for more permissions, it could be that these are required for the app to work to its full potential.

YouTube is another app with a large number of permissions. This is compared to Candy Crush which asks for the least permissions of all of the applications analysed, requiring just five.

Brits could be spending £16 million on additional data without knowing

In the UK, 52.5 million people own a smartphone and 6% (3.2 million) of those regularly go over their allotted data. With the average GB of data costing £5.03, that’s a staggering £16 million spent on additional data if each of those individuals just required an extra GB.

This could be, in part, because all apps analysed asked for ‘full network access’, which means that the application needs access to the network to send requests and responses. Any apps that connect to the internet or show ads require this permission.

However, these apps don’t know your specific data plan and the amount you have left over for the month. So, this permission, among others, could use your data allotment without you even knowing.

Facebook, Instagram and YouTube have also been recognised as some of the worst apps for using mobile data due to autoplaying videos and more. So, check your plans to make sure you aren’t spending more than you have available and review if you really use the apps you have downloaded.

Are our apps safe?

Our applications are becoming increasingly sophisticated, and so is the information they can gather about us. But that doesn’t mean that you should stop downloading your favourite applications.

Before you think about downloading an application, do your research. You can also manage what permissions you allow within your settings on your phone.

Is it safe to transfer money using an app?

For those who are unsure about permissions, you may be wondering if it is safe to bank online and use your personal details. Banking apps do not hold any of your account details on your phone, which means your mobile will never hold that personal information should you lose or have your phone stolen. Most banks can also protect you with refunds should someone else get hold of your account details.

Additionally, providers – such as thinkmoney – will also provide one-time passcodes, which you will need to access your account. This is an additional method to protect your money.

Jonny Sabinsky, Head of Communications at thinkmoney, said: "Protecting our customers is vital to us. That’s why we have multiple security methods to access your thinkmoney account and dedicated resources to help people identify scams. This is why we feel it’s important to educate people on their phones and applications, as we all use them daily. Hopefully, our guide will help people understand their apps a little better and remember to keep safe when browsing.”

You can also install security software directly onto your phone to protect yourself from any scams, as well as viruses, data protection and more.

If you are still concerned, you can read more about how to protect your money online with our latest guides.