Red Flag No. 1: Complexity
Complex policy apps that bury exactly what a person agrees to (such as sharing their data with third parties) are unfair to the company and should be avoided, Henein said.
"If the language is complex, and you read the first paragraph and it doesn't make sense to the average person, that tells me the company really didn't take people into account," Henein said. "You must be on your guard."
Red Flag No. 2: Implicit Agreement
Policy that wants an implicit agreement or implicit consent must raise a red flag. This means that you do not actually "give" your consent, but your consent is implied by a particular action or situation. Henein says that this would look like a terms of service agreement that says, "By viewing this web page, you agree to A, B, and C." This type of language is unenforceable and should not be enforceable, he said.
Read more: Most Americans don't think it's possible to keep their data private, says
Red flag No. 3: Data collection and monetization
What a policy agreement says about data collection is another important factor to consider before the download is achieved, according to Engin Kirda, a professor at Khoury College of Computer Sciences at Northeastern University. Going hand in hand is how the app earns money, Kirda said – especially if it's free to download.
Generating revenue with an app with advertisements can mean that it offers a better service, but it can also mean that it benefits from selling your data. But there is a difference between collecting some necessary information to help the app be useful versus collecting a lot of information that is sold to third-party advertisers or potentially stolen.
Other app warning signals
Although it is important to know what is in a policy agreement, there are other red flags that you can recognize without reading the document, Kirda said. Another big red flag is what rights an app requests. For example, a calculator app does not need access to your microphone or location. Also note if you can use the app after denying permissions, he added. If you ask for unnecessary permissions, this can, for example, signal unwanted activities such as an app that has access to your call logs or collects data from your Wi-Fi connections.
Michiel de Jong, one of the volunteers according to the Terms of Service; Unread – a grassroots project where everyone can help view the terms and policies of a website together – said it is important to see that a policy should not be changed randomly .
"Many services reserve the right to change the policy the day after you sign up and will never conform to the version you read when you signed up," de Jong said.
In addition, de Jong said he was looking for sites that would make you sign a waiver of class action, which means they could sue you, but you can't sue them.
What you can do
To help you deal with the legal jargon of service agreements and privacy policies, Henein suggested downloading the Terms of Service; Did not read the browser extension, which gathers the documents that may require your compliance and make them fast and legible. ToS; DR sorts privacy policies and website terms into different classes, with class A being very good and class E being the worst. In addition to the class score, contributors may rate sections of the terms as Good, Bad, Blocker or Neutral.
For example, the site classifies Google as a Class for reading a user's private messages, following a user on other websites, and more. Stack Overflow received Class E because of its third-party tracking methods, which required an exemption from class action and more.
In addition to ToS; DR suggested the Young DuckDuckGo & # 39; s Privacy Essentials browser extension. The service combines data from ToS; DR with data from various other sources about coding, trackers and more. LegiCrowd is another project that demystifies the terms of service that the ToS; DR team works together, but de Jong said it is more focused on researchers.
Tosback.org is a site that maintains change logs of legal policy, sometimes according to De Jong. The project was started by the Electronic Frontier Foundation, but is now part of ToS; DR.
For more information, visit: