The National Privacy Commission (NPC) has asked developers of Instant Messaging (IM) applications to put boundaries in asking permissions for its users, fearing that the data privacy rights of the users are being compromised.
IM is a form of text-based communication in which two persons participate in a single conversation over their computers or mobile devices within an Internet-based chat room, which currently plays an important role in our daily lives to adapt to the restrictions limiting physical interactions, especially this time of the Covid-19 pandemic.
These IM applications often seek permissions to access features in a user’s device, such as contacts, microphone, location, camera, photos and files. Though they ask permission from the user to grant access to certain features of their device, a denial would prevent a user to effectively use such application.
As a result, the concerns of the citizenry on how private and secure these apps emanate from their fear that their data privacy rights might be violated due to the permissions required by IM applications.
The NPC believes that limiting access to the full features of IM apps due to the user’s denial to grant app permissions may be unnecessary, but they are encouraging these IM developers and their companies to revisit their policies and allow users who opted to refuse to grant app permissions, due to data privacy concerns, to allow them full access to their app’s features.
“The Data Security and Technology Standards Division of the NPC hereby recommends these guidelines for developers of IM to respect the users’ privacy by allowing them to opt-out of device permissions that can track, store and access their data.
Guidelines being imparted by the NPC to developers include: request minimum permissions; asking for access only in appropriate timings; plan for users to select deny while using the app; avoidance of locking out users from using the app; accessing sensitive permissions only when the user expects it; paying attention to libraries; and practice privacy engineering.
Privacy Commissioner Raymund Liboro stressed that the responsibility of protecting the data privacy rights of IM users does not fall solely on the developers.
“Simple configurations to the instant messaging app such as setting off your active status, sync contacts, who can see your birth date, and location help maintain your privacy. Applying a passcode or fingerprint lock as well as two-step verification are examples of adding another layer of security to the app you are using,” Liboro said.
Users are also advised to examine and tweak the privacy and security settings of their IM by being vigilant when conversing with strangers and practicing caution when joining group chats. Members of group chats will gain access to your phone number once you permitted to join. However, some IM allow users to prohibit anyone from viewing their phone number.
“Do not click links and files sent via IM apps from unknown senders or if you are not expecting to receive them. These links and files may be attempts to phish information from you, or they may carry malware that can infect your device,” Liboro warned.