If you’ve deleted old apps in your Facebook account, don’t forget other apps on your smartphone that soak up too much personal information.
Those programs can raise some of the same privacy risks as Facebook apps if they ask for data that they don’t need to do their jobs—especially if you accepted that request long ago and haven’t checked the app’s settings since.
Remember, any information an app collects doesn't necessarily stay within the app.
And information an app collects need not stay there. The Android version of Facebook Messenger, for example, requests your phone’s calendar, contacts, phone and SMS, which in turn means having your text-messaging and calling history synced to the social network.
You should see a dialog advising you of that SMS- and call-log syncing. But as Ars Technica reported, older versions of Facebook’s core app did not offer any such heads-up to people who opted into its address-book uploading.
Even now, the Facebook help article meant to explain the Android Messenger app’s thirstiness for your data still doesn’t explain that it will sync your call and SMS logs, or why the app wants into your calendar.
Snapchat—a company that had its own data breach, four years ago—is almost as inquisitive. Its Android app’s permissions include your phone’s status and your contacts, and its iOS permissions list is only a little shorter. Its explanation for needing your contacts cites inviting friends to use the app but also includes this open-ended line: “so we can improve the app.”
Snapchat did not answer a request for clarification.
And Uber’s Android and iOS apps make their own dubious permission requests. For instance, they seek calendar access to streamline hailing a ride across town—but is it really that hard to type in an address or a point of interest?
Fortunately, both iOS and Android make it easier than Facebook to review and revoke these permissions by providing an overview of which apps can employ which types of data and device features. You don’t have to inspect each app’s permissions individually to see how many can see your contacts list.
In iOS, open the Settings app and tap Privacy. You’ll see a list of core iPhone apps and components, like the Contacts program or the camera; tap one to see which apps have access to it, as indicated by a slider button highlighted in green. To revoke the app’s permission, tap that slider so it’s no longer green.
To see all of any one app’s permissions, however, you need to return to the first level of Settings and scroll down to the entries for individual apps.
In Android, open the Settings app and search for “App permissions,” and you should be pointed to a similar list of phone capabilities, like the microphone or SMS. Below each, you’ll see how many apps now use it and how many could. The app-permissions screen should also offer a complete list of installed apps; to see the full set of permissions for each, tap its entry.
In both iOS and Android, these system-level app permissions override an app’s own settings. That may break some convenience features; for instance, denying camera access to apps that let you pay for things will prevent you from adding a credit card by taking a picture of it.
In apps that still haven’t been updated to work with the app-permissions system Google introduced in 2015—for instance, Snapchat—revoking permissions may result in app crashes or things failing without an error message.
Don’t forget that uninstalling an app also works to end its access to your data.Rob Pegoraro is a tech writer based out of Washington, D.C. To submit a tech question, e-mail Rob at firstname.lastname@example.org. Follow him on Twitter at twitter.com/robpegoraro.