Most mobile apps requiring more permissions than needed

A new report has been published by the Data Protection Commissioner saying mobile apps are not respecting users privacy, with many seeking more personal data than needed.

According to the report by Global Privacy Enforcement Network (GPEN), a select few of mobile apps actually provide clarity on how exactly they use peoples personal information.

As part of the GPEN, an initiative which encourages organisations to comply with privacy legislation and to enhance co-operation between privacy enforcement authorities, 26 different privacy enforcement authorities carried out a ‘sweep’ in May, with Irelands Office for Data Protection taking part.

1,211 apps were investigated by the teams, a mix of iOS and Android, free and paid, public and private sector, from health and fitness apps to games, news and banking.

Recently retired, Billy Hawkes said; “The teams looked at the types of permissions apps were seeking, whether those permissions exceeded what would be expected based on the apps’ functionality, and most importantly, how the apps explained to consumers why they wanted the personal information and what they planned to do with it”.

“In the case of 13 of the 20 Irish apps checked, permissions exceeded that which the sweeper would expect based on the app’s functionality after reviewing the app” he added and confirmed follow-up action was being considered in four cases.

The most striking finding” according to the commissioner’s office, was that 55% of apps examined were only given a score of 2.

Meaning the privacy information provided only partially explained the app’s collection, use and disclosure of personal information, with questions remaining with regard to some of the permissions requested.

“Many offered little information about why the data was being collected or how it was being used prior to download, or provided links to webpages with privacy policies that were not tailored to the app itself.”

The sweep examined two apps which relate to personal finance – the Ulster Bank and Tralee Credit Union App and found that both scored highly in their explanation of how they collect, use and disclose the data gathered.

However, the DPC has said that “at the other end of the scale”, just 15% of apps examined failed to provide adequate information to the customer, while a further 5% provided no privacy information whatsoever”.

Most apps examined in the survey requested one or more permissions, the most common of which included location, device ID, access to other accounts, camera and contacts.

The proportion of apps requesting permissions and the potential sensitivity associated with the information highlighted the need for apps to be more transparent, the survey said.

To stay up-to-date with the latest data protection news visit