Do you enter your personal data in apps? A German research team advises people to prefer to give false information on Facebook and Co. Many developers neglect their legal obligations to provide information. A look at the researchers’ long-term study.

Data security and privacy are obviously a big problem. As a research team from the universities of Bamberg and Berlin found out, many app developers do not take their legal obligation to provide information about personal user data seriously.

The research team headed by Dominik Herrmann, Professor of Privacy and Security in Information Systems at the University of Bamberg, and Jens Lindemann and Jacob Leon Kröger, conducted a long-term study from 2015 to 2019. During this study, they registered user profiles in 225 iOS and Android apps with false information.

After a certain amount of time, the researchers then asked the app developers for exactly these profiles. They asked to send them all the personal data stored. One third of the apps came from Germany.

Wrong data: App developers do not check information

According to Herrmann, the results of the study were sobering. He summarized in a 15-minute video that his team often received only incomprehensible answers. In addition, 20 percent of the providers had not responded to the inquiries at all.

Frightening: In one case, the researchers are even said to have received data from another person. With other providers, alleged links to the requested information would not have worked.

But Herrmann was particularly struck by the fact that about three-quarters of all the developers who had been asked did not even check whether the person inquiring about the data also matched the user profile and was therefore even entitled to request the relevant data.

In plain language, this means that criminals can theoretically request data from external user profiles arbitrarily without the developers verifying their identity.

The DSGVO has brought no improvement

The European data protection basic regulation (DSGVO), which came into force in May 2018, has not helped at all to better protect our data.

On the contrary: the useful responses from app developers have actually declined – from 53 percent in 2018 to 41 percent in 2019.

The researchers define a useful answer as when a developer sent them the requested user data or could credibly justify that the data was no longer stored.

Researchers guess: Users should provide false information

Every app user has the right to request their data from the respective provider. If the developer does not respond to this request or does not respond adequately, users should contact the relevant data protection authorities and report the violations, according to the researchers.

However, the authorities are generally understaffed in this area. It is therefore not possible to carry out the necessary checks.

For this reason, the researchers recommend not installing every app on the smartphone at once. But even if the installation is well thought out, users would be better advised to provide few or even incorrect information. This would protect their data as far as possible.

Otherwise, we run the risk of our data being passed on to third parties without our knowledge in the worst case. This information can then be misused for phishing attempts. Therefore, caution must be exercised.