(Credit: Yevhenii Strebkov/Shutterstock)

When an app developer wants to make a living through their work, there are a few ways to do it without charging the user any money -- but these users are increasingly learning that using these apps can cost you in other ways. Because one of the most popular alternatives to charging a subscription or one-time fee is to collect massive amounts of user data and sell it to advertisers and other parties in bulk.

When done responsibly, data collection is limited to what would be relevant within the app, and this data is anonymized to protect the privacy of the user. But the South China Morning Post warns of an unsettling new report from the China Consumer Association, or CCA, a national standards body for consumer rights. The CCA says that over 90 of the apps it recently tested were collecting what it said was an excessive amount of data.

SEE: Apple wipes more than 700 apps from Chinese App Store for security violations

Location information, phone contacts, and phone numbers were particularly sought after by the app developers who were investigated for the study.

The Google Translate version of the report also identifies frequent collection of "personal photos, personal property information, biometric information, job information, transaction account information, transaction records, internet browsing records, educational information, vehicle information, and SMS messages."

The apps evaluated in the report are almost all specific to the Chinese market, with particular criticisms for Netease Lottery, Gitzo Express, and Meitu XiuXiu. WeChat, QQ, Taobao, Baidu, AliPay, and ther popular apps reaching international audiences went under the microscope as well.

For the China Consumer Association, these violations of app user privacy aren't just a moral issue. The CCA is behind the implementation of the nation's Personal Information Security Regulations created in May 2018, as the country's version of the General Data Protection Regulations passed in the European Union around the same time. This latest report is a judgment on how closely China's new regulations are being followed.

It may sound curious to Western audiences that Chinese citizens actually have privacy rights that are being enforced by their national government, given that the government itself has indicated a habit of monitoring its people to a degree that would make most Westerners uncomfortable. But the People's Republic apparently draws a line in the sand between the information that it collects on its citizens, and the information that third parties are allowed to have.

The data collection practices of the Chinese government itself were not evaluated in this report.

FOLLOW Download.com on Twitter for all the latest app news.

How much privacy can you have online?

Unfortunately, even with anonymization, inferences can be made, especially on social networks. For example, if you don't list your political affiliation on Facebook, but all your Facebook friends are members of the same party, it's reasonable to infer that you are a member as well. The same inferences can be made about your income, age, marital status, educational level, general location, and other personal info that you may not necessarily want advertised or used against you.

For Facebook, this inferred data goes into what's known as a "shadow profile." And it's one of many types of profiles that can be created on your behalf by other personal data collectors, without your consent, with no knowledge of who has that data, what legal rights they have to it, how long they are allowed to keep it.

That's why it's important to never give an app a permission that it should not have, like a video player app asking for your location. Despite the unusual source of this latest report on app data collection, its fundamental warning is sound: Once your personal info is collected or inferred, who it's sold to and how long they keep it are generally open questions.

So all things being equal, one should avoid volunteering more info than an app actually needs to do its job.

Takeaways

  • A report from the China Consumer Association indicates that an excessive amount of personal data is being collected by popular Chinese apps such as Netease Lottery, Gitzo Express, and Meitu XiuXiu.
  • This is in violation of privacy regulations passed in China in May 2018 -- even though the Chinese government may not be applying those regulations to itself.

Also see

Tom McNamara is a Senior Editor for CNET's Download.com. He mainly covers Windows, mobile and desktop security, games, Google, streaming services, and social media. Tom was also an editor at Maximum PC and IGN, and his work has appeared on CNET, PC Gamer, MSN.com, and Salon.com. He's also unreasonably proud that he's kept the same phone for more than two years.