Privacy issues in meeting apps

Privacy issues in meeting apps: photograph of a crowd of people indoors with a photographer pointing his camera directly towards the viewer. Photo attribution: Flickr user michellzappa

There are privacy issues in meeting apps. I’ve written before about the lack of information about who has access to attendee information, and I’m concerned about the ramifications of the growing trend for meeting apps to offer login via one of the established social media networks, typically Twitter, Facebook, and LinkedIn.

Perhaps you should be too. Social check-in is touted as a plus for event attendees, allowing them to:

  • discover friends, contacts, followers, and followees who are also attending the meeting;
  • provide in-app social network functionality; e.g. the ability to tweet from inside the app; and
  • be notified (in some apps) when social network contacts are in the vicinity.

These features are, indeed, potential pluses for an attendee. But there are downsides too, which are rarely mentioned.

Potential for abuse

When you authorize an app to access your personal social network information, you are allowing the company that created the app access to that information. At a minimum, this includes read access to your social media contacts in that app, which may (e.g. Twitter) or may not (e.g. FaceBook, LinkedIn) be public. If the app also requests write access, it can, in principle, do things like sending tweets from your account.

There’s potential for abuse here. An app developer can copy all the information that you expose to them and keep it forever, even if you de-authorize the app from access to the network later. Some questions that come to mind:

  • What will you do with the information I make available to your app?
  • Who will have access to it? For example, unless you pay LinkedIn big bucks you do not have access to every member’s information. But an app can (and in one case I’ve seen, does) expose every attendee’s LinkedIn profile to all other attendees.
  • For how long will you make that access available?
  • Will the app developer eventually destroy the information retrieved during the event?
  • What are the consequences if someone breaches the app’s security? Can the attacker take over the compromised social media accounts?

Clear answers to these questions are rarely given before you’ve (perhaps reluctantly) given the app permission to access your social media account(s).

Give participants a choice

In addition, some apps don’t give you a choice; you can only use them if you provide the app login via one of your social media networks. And if you want to share other social media IDs with attendees, e.g. your Twitter ID, you can’t just add the ID into a data field for your information but have to give the app access to your entire Twitter account.

I understand there are more stringent data protection standards in Europe, but the state of affairs I’ve described above is common in many of the U.S. apps I’ve seen.

There shouldn’t be privacy issues in meeting apps. I think it behooves app developers to provide clearer answers to these questions and allow us to opt-out of providing forced access to our social media accounts when we use a meeting app.

What do you think?

Photo attribution: Flickr user michellzappa

2 thoughts on “Privacy issues in meeting apps

  1. Hi Adrian,

    a great post! It’s a fairly complicated issue here in Europe too. At Confrenz, we make event apps for conferences and trade shows and most of the time, we get these questions.

    I think the most important thing is transparency, but from my point of view, event organizers should put more effort in explaining what’s happening to personal user data to their attendees. For example, as the app company, by any contract we enter we are not allowed to do anything with any data we may get access to. Also, we use hash functions for all user passwords and other security measures, which in turn mean it’s safe and we ourselves don’t have access to these areas.

    However, a lot of this information gets lost along the way and I understand event attendees having reservations about putting their login details in an app.

  2. You’re asking hard questions. Very commendable! Flagrant abuses of privacy pervade the world of consumer-oriented apps (Uber is a case in point). The event app provider that makes privacy protection a pivotal part of its brand will win in the race to market share.

Leave a Reply

Your email address will not be published. Required fields are marked *