Protecting your privacy online: How to manage what you reveal

Even if you only downloaded a handful of apps last year, do you remember what permissions you granted to each? The start of new year is a time to reset — and the perfect time to unlearn all of the bad privacy habits you've picked up.

CBC Marketplace used an app to test how much people unknowingly reveal

How much do we reveal when we use smartphone apps? CBC Marketplace did a test to find out. (Carl Court/Getty Images)

Even if you only downloaded a handful of apps last year, do you remember what permissions you granted to each? 

CBC's Marketplace recently tested how much personal information we can unknowingly hand over to apps.

The start of new year is a time to reset —  and the perfect time to unlearn all of the bad privacy habits you may have picked up. Here are a few tips to get you started.

Review your privacy settings

Both Android and iPhone have a settings page where you can see which apps have access to everything from your heart rate to your home's lighting system. It's here that you can review which apps have access to what, and disable permissions you don't remember granting.

Apple even offers an option to reset all of your phone's privacy and security settings at once, so that the next time you open an app that needs access to your microphone, camera, or other data, it will ask for your permission as if you were just using the app for the first time.

In terms of what apps can do, there are some differences between Android phones and iPhones to keep in mind. Apple, for example, doesn't allow developers to access the camera unless an app is open and in use, nor access iMessages or SMS messages.

Stick to app stores

Apple and Google maintain app stores where most people buy their apps. It's a way for the two companies to control what people can do on their platforms — for better and for worse.

One benefit is that, as part of the app store review process, Apple and Google vet apps for potential security or privacy issues — essentially, screening out apps that would otherwise be classified as malware, or try to access user data in a way that violates their terms of service.

While you can disable the security settings on Android and iPhone that prevent you from downloading apps from other sources, you probably shouldn't unless you really know what you're doing. There's no one watching to make sure that app you got from a friend is really doing what it says it does.

Do Google and Apple know where you've been?

Both Android and iPhone provide a number of ways for apps to access your location — which you can check in your phone's privacy settings. But both Apple and Google also have their own location-tracking settings that are separate from third-party apps.

On iPhones running iOS 7 and higher, there are a number of location-based tracking options under the "System Services" section of your phone's location privacy settings (pay close attention to the "Frequent Locations" setting in particular). On Android version 2.3 and up, you'll find "Google Location History" under your phone's "Location" settings.

Apple and Google use your phone's location so their apps better understand the places you frequently visit, and for advertising purposes, but you can turn this off.

Get yourself a password manager

Writing down your passwords on a scrap of paper that you keep in your sock drawer is never a good idea. But storing all your passwords in a password manager is smart.

Think of it is a digital vault, secured with one really long passphrase, that holds all your other passwords inside.

Instead of having to remember a bunch of short, insecure passwords, you only have to remember a really long one instead. A good password manager won't just store your passwords, but will help you generate stronger, more secure passwords, too.

Protect yourself with 2-factor authentication

The best thing you can do to stop attackers from getting into your accounts with Facebook, Google, Twitter, Dropbox, and other services is to setup two-factor authentication. Each time you attempt to log in to an account protected by two-factor authentication from a new phone or computer, you'll be asked for the password you know, but also an additional, temporary password that you don't (that's the second factor).

The idea is that this temporary password is generated by an app on your phone, or sent via text message — meaning that even if someone learns your password, they'll still need access to your phone to get into your account.

Want to know what data your apps have collected? Ask!

In Canada, there's legislation called the Personal Information Protection and Electronic Documents Act (PIPEDA), which "gives people a general right to access their personal information held by businesses subject to this law."

In other words, if you want a record of all the information that your favourite emoji keyboard, banking app, or social network has stored about you, can send the company a letter and ask. The process might take a while — and there's no guarantee you'll get a response back, even if it is Canadian law — but it's a great way to exercise your right to privacy and learn just how much of your personal data is under a company's control.

How did Marketplace conduct its app experiment?

5 years ago
Duration 4:56
CBC's Diana Swain explores the ethics of the app experiment on The Investigators 4:56


Matthew Braga

Senior Technology Reporter

Matthew Braga is the senior technology reporter for CBC News, where he covers stories about how data is collected, used, and shared. You can contact him via email at For particularly sensitive messages or documents, consider using Secure Drop, an anonymous, confidential system for sharing encrypted information with CBC News.