Risk is a function of the potential impact of something happen and the likelihood that the thing will happen.
We also know that digital privacy is the assurance that the system you are using only uses the data you intend in the way that you consent.
Let’s apply these concepts by examining the privacy disclosures in an Apple App Store listing.
The App
We’ll use the App of the Day for Apple’s iOS as our example.
Today, it’s Explain Everything Whiteboard. This app is an award winner and aims to help you “teach, present, sketchnote, record videos, and work together.”
App Store Disclosure
A required part of the App Store listing is the “App Privacy” card. This critical tool that helps you evaluate the potential impact of a breach or issues with the app.
“Explain Everything Whiteboard” tracks some data that isn’t directly linked to you; contact info, usage data, identifiers, diagnostics.
Digging deeper we find out that they collect a user ID, device ID, email address, diagnostics data (like crash data), and product interactions.
This “App Privacy” card is really a cheat sheet. For specifics, we’ll have to read the developer’s privacy policy (yes, really). This is a legal document that explains what’s legally possible from the app.
Impact
Given that the app allows you to collaborate with others and share your whiteboards, it’s reasonable to expect the collection of information in order to enable that.
The device ID, user ID, and email address are the pieces of information that are needed to do that.
If this data was exposed would it impact you?
Probably not. Your email address is public. You enter it everywhere. The device ID and user ID are also reasonably public as any app on your device is potentially going to have access to those as well.
The other information collection by the app is data designed to help optimize the app and focus the developers efforts. There’s nothing really sensitive there.
The App Privacy card has given us the information we need to understand how this app uses our data. With that, we’ve made a reasonable evaluation of the impact this app could have on our privacy…which is negligible.
Rinse and repeat this process for any app you’re interested in using from the App Store.