Skip to main content

What App Users Care About When Sharing Personal Data: Permissions

Written by Jane Haviland

The latest Pew Research Center Report relayed useful information regarding application users’ concerns with sharing personal data.  Ninety percent of app users indicated that how their personal data will be used is “very” or “somewhat” important to them, and influences their decision to download an app.  Sixty percent of users decided against downloading an app when they saw how much personal information they would need to share.  Android 6.0, or Marshmallow, should abate users’ concerns.

The Report looked at the type of permissions sought by apps available in the Google Play store—largely because the public availability of this data and the popularity of the Google Play store.  Google Play apps request a total of 235 unique permissions to access users’ information or phone hardware.  The most common permissions relate to accessing the device’s internet connectivity.  The average app sought five permissions.  The most common permissions sought access to the device’s hardware (i.e., controlling vibration, adjusting volume, etc.) as opposed to personal information.  The Android permissions structure is currently “all or nothing,” meaning the user must grant the app all permissions requested in order to install the app.  The permissions appear at the time of installation, requiring the user to accept them in order to install the app, and can be viewed at any time on the app’s page in the Google Play store.

With Android 6.0, or “Marshmallow,” Google will allow users to pick and choose the permissions they wish to grant.  Permissions will be displayed not at the time of download, but at the moment when the app requires the permission to perform a particular function.  Users can grant or deny the permission, then change the permission setting later.  For instance, the user can allow the app to access the user’s location when using the app, then turn this permission off afterwards.  This change makes the Android permission scheme more like Apple’s.

This change may result in more users for Google Play Store’s apps.  Those users who decline to download an app because of their wariness of sharing too much personal information can take control of what they share at any given time.  Users can refuse to allow access to data, including personal information, all together, or pick and choose when to allow access.  App developers can be less concerned with scaring off potential users by requesting multiple or broad permissions.  This development is good news for users and developers alike and will likely encourage increased and repeated app downloads.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.