Privacy issues in meeting apps

Privacy 3225688274_a05fdd9079_o

I’ve written before about the lack of information about who has access to attendee information, and I’m concerned about the ramifications of the growing trend for meeting apps to offer login via one of the established social media networks, typically Twitter, FaceBook, and LinkedIn.

Perhaps you should be too. Social check-in is touted as a plus for event attendees, allowing them to:

  • discover friends, contacts, followers, and followees who are also attending the meeting;
  • provide in-app social network functionality; e.g. the ability to tweet from inside the app; and
  • be notified (in some apps) when social network contacts are in the vicinity.

These features are, indeed, potential pluses for an attendee. But there are downsides too, which are rarely mentioned.

When you authorize an app to access your personal social network information, you are allowing the company that created the app access to that information. At a minimum, this includes read access to your social media contacts in that app, which may (e.g. Twitter) or may not (e.g. FaceBook, LinkedIn) be public. If the app also requests write access, it can, in principle, do things like sending tweets from your account.

There’s potential for abuse here. An app developer can copy all the information that you expose to them and keep it forever, even if you de-authorize the app from access to the network later. Some questions that come to mind:

  • What will be done with the information I make available to your app?
  • Who will have access to it? For example, unless you pay LinkedIn big bucks you do not have access to every member’s information. But an app can (and in one case I’ve seen, does) expose every attendee’s LinkedIn profile to all other attendees.
  • For how long will that access be made available?
  • Will the app developer eventually destroy the information retrieved during the event?
  • What are the consequences if the app’s security is breached? Can the attacker take over the compromised social media accounts?

Clear answers to these questions are rarely given before you’ve (perhaps reluctantly) given the app permission to access your social media account(s).

In addition, some apps don’t give you a choice; you can only use them if you provide the app login via one of your social media networks. And if you want to share other social media IDs with attendees, e.g. your Twitter ID, you can’t just add the ID into a data field for your information but have to give the app access to your entire Twitter account.

I understand there are more stringent data protection standards in Europe, but the state of affairs I’ve described above is common in many of the U.S. apps I’ve seen.

I think it behooves app developers to provide clearer answers to these questions, and allow us to opt out from providing forced access to our social media accounts when we use a meeting app.

What do you think?

Photo attribution: Flickr user michellzappa