When a smartphone user wants to install the Flashlight App, the app may ask to access the call logs and the contacts. Again that same user might want to launch a newly installed Calendar App that wants access to the user's camera or asks to read the messages. This kind of permission is very familiar to the smartphone or tab users. According to Singapore's 1st Privacy Survey on Mobile Apps which is done by 'Straits Interactive', 7% apps want access to users' call log, 10% apps want to see what the users' mobile cameras see. An interesting fact is that 9% apps want to see the contacts saved by the user and 4% wants to see the messages send and received by the user.
Application permission is that which a user agrees to, in order to use a mobile application or to enable a mobile application to perform its task. Each permission sets out the conditions that the application may affect during the installation or use of the application. But when an app wants such permission that is not needed to perform any task, then how is the developer going to explain that? If the developer asks permission which is not fundamental to the user's safe and adequate use of the app, then what can be a possible explanation for keeping it? According to the Global Privacy Enforcement Network survey, of the 1211 apps surveyed, almost one third lacked a credible justification.
Our country has entered into the digital era and many web developers and companies are creating their own apps. This is one of the latest techniques of business but when any company or developer asks permission for accessing personal things like contacts or messages (without a justifiable reason underlying it) through the app, it is completely illegal. This is true that they are asking permission and it is up to the users whether they want to give it or not but what will happen if the user gives that permission accidently? As a developer or company, nobody can hold access to the personal information because the same can prove to be harmful for that user. Personal information is as valuable as property and in order to get the same, one should ask for permission through cumbersome legal process.
In recent times, we got the newly enacted Digital Security Act 2018 and through this Act, we may get remedy if any developer collects our information which is not necessary or unrelated to the performance of the supposed task of the app. According to section 26(1) of the Act, 'if a person collects, sells, possesses, supplies or uses the identity of another person without legal authority, then act of such person shall be an offence.' The illustration of this section mentions about the things which are not allowed to be used by the developers through the app. If the offence is committed by a company, the company's owner, chief executive, director, manager, secretary will be deemed to have committed this crime, unless he can prove that, this information has been stolen stealthily or he tried his best to prevent it (section 36).
We have laws but as users, we need to be more careful regarding the installation of an app. Users should be aware of their rights given by the Digital Security Act and use this when they noticed their personal information has been collected through a mobile application.
The writer is a legal intern, Bangladesh Legal Aid and Services Trust (BLAST).