To kick off the thread here is an issue I had with my Samsung Galaxy S7 today, while creating a post in the Dark Patterns thread.
My Gallery app is just a simple picture management tool, right?
Wrong!!
In the EU, as you know, the GDPR privacy regulations kicked in on 25th of May 2018. As a result many apps on my phone have been updated. When I created a screenshot on my mobile and accessed it on the Gallery app (which is installed by Samsung as part of the default software package), I got the following notification:
A strange notification. First of all, I didn’t know that Gallery app was provided by Foursquare, and the message “More detailed location information than the region information will also be shown.” is not very clear as well. So I went to the privacy policy page link that was displayed: Consumer Apps & Website | Foursquare
And here it says the following (among a whole mumble jumble of legal texts):
If you use our Apps and have enabled background location services in our Apps, you have permitted us to collect the above Data about you in the background even when you do not have the Apps open (as permitted by your device settings).
In the privacy policy are a whole bunch of other potential ways that Foursquare may obtain information from you. like from any other apps that use their API.
Who is Foursquare, btw? It is a restaurant-finding service: “Find the best places to eat, drink, shop, or visit in any city in the world.”. What the hell is it doing in my image Gallery app?
Luckily I have location services disabled by default (hope this is sufficient to block their data harvesting), and the app says ‘No location data’ for my images, which seems good. But I checked ‘Gallery Settings > About Gallery’ anyway. No mention about Foursquare, but there are links to the general Samsung Privacy Policy there… which says nothing at all about Gallery, but pages full of anything Samsung may do in general with all of their combined services. Which is a lot.
From the ‘About Gallery’ page I went to ‘App Info’ using the button, and noticed something else which is strange:
Notice the permissions: Contacts, SMS and Storage. I know why these are needed, but I have a huge problem with the scope of these permissions.
- Storage is easy: Need to store images on your phone. But gives access to ALL data on your phone
- SMS: Probably needed to allow an image to be sent via ‘Share > SMS’. I disabled this permission, because it also allows access to ALL your SMS messages
- Contact List: Probably needed for the sharing of images too. I also disabled this, as this could too easily lead to the situation where my contact list is uploaded to Samsung or some 3rd party
And finally: ‘Change system settings’ is On. Why would my Gallery app need to change system settings? (might be to automatically switch on Bluetooth, if you seletct that for the Share functionality). I disabled that as well.
Oh, to top it all off… the Galley app - being part of the system software - CANNOT be uninstalled!
I currently have an 1.3 GB completele upgrade of my Samsung OS ready to install, but I dread installing it as I probably have to spend a full hour again going through my entire phone to find subtle privacy-invading setting changes.
Dark patterns here: With updates/upgrades you can’t see full info of what is changed, you are continuously reminded to upgrade or postpone, and after a while you are forced to upgrade.