Tuesday, May 24, 2016

Latest web app highlights privacy differences between native apps and web apps.

I'm often reluctant to install apps as you really don't know what you're giving away. Information/data is often sent to unknown organisations for collection and sharing. You simply don't know what others are doing with the data your apps use or collect.

As an example I was able to show someone using their Fitbit data what time they went to the toilet in the middle of the night. Something they'd never have expected and this same data is being stored, collected and use in who knows what ways.

It occurred to my after I completed my latest web app, Where Did I Park My Car, that web apps can offer far more privacy than native apps.

There is still some data that can be collected because you're using the web. You've connected to a site and that connection is logged. The site however only knows your rough location based on the IP address you use to connect to the internet. It doesn't know your exact location. There are also Google ads and Google Analytics being used on the page, so Google is collecting certain information, but no more than it does when you move around the web.

Now here is what I found interesting. When you click on the link to get your current location, that is done completely within the web page by the mobile phone and that information is not sent back to me. I could write the web page so it is, but I haven't. No information is collected or retained as to your exact location. Personally I thought that was pretty good.

Many web apps that use your location send information back to a server. The most obvious are mapping apps that help to crowd source traffic information. You are helping to create the traffic information, but it does mean you're sending information back to some unknown servers for sharing in ways that you probably didn't expect.

When installing native apps I'm often reluctant because I simply don't know the ramifications of the permissions I'm giving to go others and how the information will be used. As much as privacy notices say the information collected will be anonymous, reverse matching can be used to easily match anonymous data back to an individual.

The web apps I write have very limited access to the sensors in the device. No list of permissions are requested. It is very easy to know the information that you are sharing and thus may be available to  others. When the web page is closed it doesn't exist on the mobile phone. With a native app I would have no idea. I often see native apps that want access to the camera or other access and there's seems to be no reason for such permission.  Native apps can sit in the background collecting information. Web apps therefore can offer far greater privacy than native apps simply because you control a specific and limited permission requirement. You can also easily deduce what you are sharing and if it matters to you.

The web app Where Did I Park My Car (www.WhereDidIParkMyCar.com.au) enables me to know the location of my car without giving that information to others. I thought that was pretty neat and thought the observation may interest others.

Kelvin Eldridge

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.