When I went to The Exchange Café at Rotman for lunch last month, two nice PayPal representatives approached me and handed me a flyer. The flyer was an offer for a $5 credit towards my food or beverage purchase at select campus shops if I downloaded and used the PayPal app on my smartphone.
It seemed like an intriguing offer. I mean, that’s good for a nice medium latte right? I asked about the catch and was told there wasn’t one, they just wanted people to start using their mobile app. Amazing, I thought as I quickly pulled out my Android phone and searched for PayPal in the app store.
Prior to installation, I was confronted with a long list of permissions that the PayPal app requires in order to function. These included permissions like having unrestricted access to my text messages, contacts, camera, and accounts on my phone, and there was the catch. Furious, I asked the reps why such permissions were required.
One had no idea, while the other kept insisting on the fact that these permissions are required for the app to verify my identity. The representatives were quick to ask why it mattered to me when I had the opportunity to save $5 — I was skeptical about the loss of my privacy, which in my mind, is relatively more valuable. I refused to download the app.
The same night, I emailed the company looking for a justification for the invasion of privacy required to use the app. I was told that, “Device & app history, Identity, Contacts/Calendar, Location, SMS, Device ID & call information are all about identity verification. Our system is sensitive whenever it comes to account access that’s why we need those information from you to ensure that you are the real account holder.”
But that did not really answer my question. How exactly does having access to my text messages help verify my identity? So, I replied by asking for further clarification. This time, I received an even more surprising response: “we appreciate the time you’ve taken to write us with your comments about the PayPal app for your mobile phone, however as much as I would like to discuss the permissions, I have limited resources.” And that was it — no justification offered and I was more or less told to stop asking questions.
Who knows why such permissions are necessary? PayPal’s employees certainly don’t.
Call me pessimistic, but do I really want Paypal, or any other service for that matter, to have access to sensitive information on my phone? The last time I checked my privacy was worth more than $5 and that is why I refused to download the app.
If it is too good to be true, then it probably isn’t. There is always a catch. The catch can simply be gathering more information about you as the user. I am not saying you shouldn’t download the PayPal app specifically. I’m merely saying we should be more vigilant about the applications we install on our mobile phones and question the intentions of those who would like to access it.
Peymon Montazeri is in his second-year of the Master of Information program at U of T’s Faculty of Information.