How is the privacy of location data and user consent handled in popular apps?
With SIMPORT, we want to enable users to manage their own location information on their mobile devices. In order to find out where to start, it is first necessary to determine what the status quo looks like for mobile applications. Specifically, the questions arise as to how current apps deal with the data protection of location data and the consent of users to use it.
In a small study, popular apps were analysed with regard to their handling of location-based data in order to answer these questions. For this purpose, various mobile apps were divided into different categories and examined with regard to predefined parameters. For example, it was examined how apps obtain consent for the use of location data and to what extent users are already informed about the handling of their data. At the same time, it is relevant what happens when users do not give this consent. Furthermore, it was analysed how accessible and detailed such information as well as settings regarding position data actually are within the apps. Within the scope of the analysis, these and numerous other parameters in the area of UI and UX, as well as the possibilities that apps give users, were specifically examined. This creates a clear picture of what users are currently confronted with and where SIMPORT can potentially come in.
Even with a few seemingly anonymous positional data, private information such as place of residence or place of work can be derived. App and operating system providers such as Google can also automatically intersect a location history with databases in order to derive, for example, shops and people visited. This is usually used to create advertisements that are individually tailored to each person and represents a deep incursion into personal and collective privacy.
In order to make users aware of the use of personal location information and the associated privacy risks, we are currently developing an app with which you can collect, visualise and evaluate your own location data in a secure environment. The app is only supposed to determine information such as the place of residence and place of work from the existing position data. One goal of the app is to be able to understand how much positional data is needed to make such personal statements. For this purpose, users can limit the analysed period, the accuracy or the level of detail of the location history to be used for the analysis. In the future, the app will be extended with further functionality, such as background information on risks and a metric for displaying the identification risk.
To ensure data protection, the app is run exclusively on the smartphone and does not exchange any data with a server: The collected position data is stored in a database on the smartphone and analysed only there. However, if no position data is to be collected, sample data can be visualised and analysed as an alternative.
The app is open source software; the source code can be found on GitHub.