In my last blog post, I talked about how consistently using the same interfaces and devices for specific tasks can boost your productivity: How to Use Digital Context to Reduce Distractions. Today, I want to address a related but often underestimated topic: the choice between a mobile app and a web interface for a service.
Many providers offer both a mobile app and a web version of their services. However, which one you use can make a huge difference – both in terms of functionality and regarding privacy and security.
When I talk about “apps” here, I mean mobile apps for smartphones and tablets – not desktop apps for PCs or laptops. Mobile apps can access specific APIs (interfaces) of your device, making them particularly attractive to companies as they can learn more about you than you might like.
What Device APIs Can Mobile Apps Access?
Here are some examples of APIs that a mobile app can access:
| API | Description | Privacy Risk |
|---|---|---|
| Camera API | Access to the camera for photos and videos. | High Risk (Facial images, private content) |
| Microphone API | Recording of ambient sounds or conversations. | High Risk (Eavesdropping on conversations) |
| Location API | Real-time location tracking. | High Risk (Movement profiles, tracking) |
| Motion & Orientation API | Detection of movements and orientation. | Medium Risk (Analysis of movement patterns, potential tracking) |
| Bluetooth API | Connection with nearby devices. | Medium Risk (Device identification, location tracking via beacons) |
| NFC API | Reading or writing NFC tags. | Medium Risk (Contactless payments, ticketing) |
| Battery API | Retrieving battery status. | Low Risk (Profiling possible but limited) |
| Storage API | Access to local storage. | High Risk (File access, potential data loss) |
| Clipboard API | Access to clipboard contents. | High Risk (Passwords, sensitive data) |
| Biometric API | Fingerprint, facial recognition, or iris scan. | High Risk (Biometric data is unique and irreplaceable) |
| UWB API (Ultra-Wideband) | Detects nearby objects with high precision (e.g., AirTags). | High Risk (Can be used for hidden tracking) |
Why Is This Problematic?
Some apps – especially those with access to the camera, microphone, or GPS – can expose sensitive information. But even without direct permission, apps can combine various sensors, such as magnetometers, barometers, Wi-Fi, and Bluetooth APIs, to identify devices or even determine locations. Many free apps make money by creating user profiles and selling them to advertising companies or major platforms like Facebook or Google.
iOS offers better protection against unwanted access to critical device functions through targeted security settings per app. While Android has been improving its privacy measures, depending on the OS version, it can be difficult to track exactly which app uses which permissions. Although it is possible to manually restrict access for each app, this is often time-consuming and cumbersome depending on the operating system.
The Strategy: Use as Few Mobile Apps as Possible!
A simple but perhaps initially radical-sounding rule: Only use mobile apps when absolutely necessary. Many services can also be accessed via a web browser – which is not only safer but also saves you time managing app permissions. While browsers can also access device APIs, they do so to a much lesser extent and for much shorter intervals (often only during an active browser session).
Advantages of the Web Version Over the App
By consciously deciding when to use an app and when to prefer the web version, you can significantly improve your security and productivity. Reduce the number of apps on your smartphone to the essentials and use the browser for all other services. This not only protects your privacy but also makes it harder for distractions to take over.
Here is a quick overview of the advantages of web apps over mobile apps:
- Centralized Control: You only need to adjust your browser’s security settings, not those of each individual app.
- Less Tracking: Mobile apps collect significantly more data than web apps.
- Fewer Distractions: It’s easier to open an app than a website, making it less tempting to constantly use certain services.
- Simpler Management: No separate updates or permissions for device APIs are necessary.
Of course, you should also be cautious when browsing. Regularly delete your cookies or set your browser to do so automatically.
Checklist
- Keep only the most essential apps on your smartphone: Messenger, phone, contacts, photos, navigation, and browser.
- Delete all other apps or at least remove them from your home screen (although this does not prevent unauthorized access to device APIs).
- If you use a specific service intensively for three weeks, you can consider installing its app – but exclude social media apps, as they are the biggest time and data drains.
- If you don’t use the apps removed from your home screen regularly, delete them entirely