The UK’s Secretary of State for Digital, Culture, Media, and Sport (DCMS), Matt Hancock, has released a mobile app that has left cybersecurity experts shaking their heads in disbelief. The Minister for Digital has released an App designed to allow people to find out information about his political progress. He is the first member of Parliament ever to release his own app.
The software launches with a video of Hancock welcoming people to his digital forum. “Hi I'm Matt Hancock and welcome to my app,” he declares, before adding that his app is:
“A chance to find out what's going on both in my role as MP for West Suffolk and as culture secretary, and most importantly it's a chance for you to tell me what you think, and to engage with others on issues that matter to you."
Sadly, those jovial beginnings are precluded by something far more sinister. The Hancock experience actually begins by asking users to accept a whole host of invasive permissions. The appalling software asks users for access to their photos and contacts information.
I’ll Have it Anyway
Unbelievably, according to users the digital minister’s app even helped itself to their photos after they specifically denied permission.
Silkie Carlo, the director of civil liberties group Big Brother Watch has expressed concern at the critical flaw:
"It is quite fitting, given this Government's incompetence on digital privacy issues, that our Digital Minister's app steals a bank of users' personal photographs, even when permission to access them is denied."
The senior advocacy officer goes on to describe the app as a "fascinating comedy of errors.” She isn’t alone in her opinion because the app is undeniably amusing. For example, the choice to call the app “Matt Hancock MP” means that when the app is launched it causes a few giggles:
“Matt Hancock would like to access your photos” and “Matt Hancock would like to access your camera,” the software informs users.
Data protection consultant Pat Walshe, has gone on the record to criticize the app. Walshe said the app had some of the worst permissions he had ever seen:
“I’ve been doing this for a decade and I’ve worked around the world with different regulators on mobile app privacy design guidelines, and this is some of the poorest practice that I’ve seen in a very long time."
Walshe says the app accesses user location as well as the type of mobile device. He is convinced that Hancock should suspend the app at once:
“For a Secretary of State that is responsible for data protection law, I would expect very clear leadership. I would expect the highest of standards and it’s clearly not here."
So, what can users expect from the app if they do decide to let Hancock have their data? The app has been described as a Facebook clone. It allows users to watch and comment on live streams, create posts on a news page called “Have your say”, and to socialize with other users and have group chats.
So far, interaction with the app mainly appears to be trolls accessing the platform to make fun at the West Suffolk MP. Users pretending to be Donald Trump, Boris Johnson - and other political figures - currently feature on the app’s algorithmically curated “hottest posts" page. The second most liked comment on the app is by someone pretending to be Ed Balls, the comment quite simply says “Ed Balls”.
Labour MP Liam Byrne has already raised concerns about the app with DCMS minister Margot James, commenting that:
“It does not require email verification, so people are already posting hardcore pornography.”
Nothing To See Here
Matt Hancock has attempted to come to the app's defense. According to Hancock, the app is safe because it has been certified by Apple and "uses standard Apple technology, for example, iOS photopicker technology for access to the camera".
Apparently, Hancock doesn’t realize that apps aren’t specifically disallowed from asking these types of invasive permissions. Isn’t that exactly the type of thing that a digital minister should know about? I would have hoped that Hancock understood the difference between a) permissible and b) frowned upon by privacy advocates. Apparently not.
In his statement, Hancock goes on to state that he believes his app is better than other social media apps because it will allow him to have "complete editorial control". In his opinion, this will allow him to exercise high levels of community moderation. Considering that users are already uploading porn, one can't help wondering whether Hancock will have enough time left to do his job once he has performed his moderation duties.
In his position as DCMS, Hancock oversees the government's approach to protecting UK citizens’ personal data. In August of last year, it was Hancock that published the UK’s draft version of the EU’s soon to be implemented GDPR rules. That EU legislation is a code of conduct designed to protect and give people control over their digital privacy.
Hancock’s version of GDPR has come under fire from advocacy groups who feel it isn’t as effective as the EU version. According to groups like Privacy International, the UK’s version is bloated and includes unnecessary derogations that make it much less effective.
Hancock’s app demonstrates that the man in charge of protecting the UK’s digital privacy is woefully out of touch with app permission data considerations. For a man in his position, one can’t help feeling that an appropriate amount of data for an app would have been none at all.
Opinions are the writer's own.
Title image credit: Screenshot of Matt Hancock app permissions.
Image credits: Screenshots from Matt Hancock app, ashva/shutterstock.com, Martial Red/shutterstock.com