What social media apps know about us
There are 73 million Facebook users in the Philippines. Indeed, Filipinos are true social media fans.
How much data do applications keep about us? I looked at the various permissions requested by top apps at the Google Play store and a few Pinoy favorites: TikTok, Grab, Zalora, Lazada, and Shopee.
The most common permissions these apps request are network information and access to storage and camera, which means access to pictures, recordings, documents, and the camera on our phone. That’s a lot of information!
These apps already have access to so much information about us because we freely hand it over to them. According to a social experiment by ProPrivacy.com, 99 percent of users “agree,” without reading, to the terms and conditions of app use, even if such agreement requires naming rights to their firstborn child.
Some apps have client-to-server encryption, like TikTok, which means an unencrypted copy of our messages can be seen by the servers of Chinese company ByteDance. Chat apps, like WhatsApp and Viber, support client-to-client encryption but back-up copies of conversations can be stored elsewhere. Social messaging apps, like Facebook, Twitter, and Instagram, clearly have content visible to themselves as platforms. Shopping apps, like Grab, Lazada, Zalora, and Shopee, have copies of transactional information and our product browsing history.
Have you ever wondered if websites and social media could read your mind? For example, I browse for travel destinations on a search engine. When I visit Facebook, I get advertisements about a particular vacation spot that I’ve been looking at. What is this wizardry?
This “mind reading” is made possible using HTTP Cookies, a small piece of data stored on our computers by browsers when we visit websites. This cookie contains pieces of information, like the website visited, transactions, and search terms.
Third-party ad-tracking cookies, on the other hand, are a special kind of cookies dropped on our computers by ad-tracking services that online platforms use. So, if we use different platforms that use the same ad-tracking networks, we can be served targeted advertisements based on information obtained by the ad network from other platforms; this results in effective advertising. So, in my vacation search example, the search engine and Facebook could be using the same ad-tracking network to ensure that I get personalized ads. The ad-tracking network is the glue that binds the different platforms together.
Some practices of ad-tracking networks seem to go against what we expect when we give consent to share information to a particular platform. It does feel like being digitally stalked. I consciously granted consent to the search engine but not to the ad-tracking network or to Facebook.
As a result, we are seeing moves across the industry to minimize, suppress, or find alternatives to this behavior, such as the push by popular browser makers Apple and Google.
It’s safe to assume that platforms have more information than what we explicitly give to them. The more information they have, the better they get at serving the appropriate content and advertising to us. This is like digital “dugo-dugo,” the modus operandi where exploiters come under one pretense, then users end up being victims because of personal information they unknowingly provide.
Interacting with friends and family online provides a wealth of information about us and other people, which in turn grows the network and may lead to an ad impression. Why do you think all apps request “Contacts” permission? As the saying goes, if you do not pay for the product, then you are the product.
Why do Lazada and Shopee need access to our microphones? Your guess is as good as mine.
* * *
William Emmanuel Yu, Ph.D., is a technology professional, professor, and researcher who is a passionate advocate of shaping internet and technology policy. He is part of Secure Connections, a cybersecurity project of The Asia Foundation-Philippines. The views expressed in this article (with inputs from Sam Chittick) do not necessarily reflect the views of The Asia Foundation-Philippines.
