Ever just skip the reading part and hit the Accept button after one of your favorite apps changed its terms and conditions? Yeah, you're not alone.
But you should know these updates do more than revise the apps' software. They may also let the app grab more of your personal information, including your location, personal contacts, the device you're using and your photos. All without you ever even noticing.
That's what happened with some of the most popular apps in 2016, including WhatsApp, Uber and Pokemon Go. They each asked for data that privacy advocates and many users say crossed the line. Still, many of us wouldn't even have noticed the changes if someone hadn't drawn attention to them, forcing companies to publicly defend the changes or stop collecting so much information.
Privacy policies go unread by 99.9 percent of users, said Serge Egelman, who focuses on user-friendly security and privacy as a researcher at the International Computer Science Institute. Fortunately, though, "there's a very small number of users who do, and when they see something egregious, that information gets disseminated quickly."
Expect plenty more of our favorite apps to get caught in privacy flaps next year.
After all, apps are really online services that can track our movements, learn our daily habits and access the histories of our lives -- basically everything we store on our phones and other devices. What's more, as we bring more connected devices into our homes, our lives will become even more documented through digital services that beam our data to companies. That's the word from Adam Levin, who formerly ran New Jersey's consumer protection division and is currently chairman of the board for IDT911, a company that focuses on preventing identity theft.
So if you're not really ready to dive into all the terms and conditions, how can you have more say in what information you share with your apps (and their advertising partners)? For now it's all about outrage. That starts with someone noticing the change in the terms and conditions, and then consumers, advocates and regulators speaking up, complaining and forcing companies into taking action.
"We have to disable what we want disabled, speak out against what we find intrusive, and be careful," Levin said.
In the next few years, researchers like Egelman hope to have tools that will scan those terms and conditions agreements and give you a shorter version of what they're really all about. But for now, vigilance is key.
Here are the three most eyebrow-raising privacy flaps from 2016, and where they stand now.
Uber got in hot water in November when a software update asked passengers to agree to have their locations tracked after their trip ended.
Privacy advocates and customers raised a ruckus. People took to Twitter, calling the tracking "unnecessary" and "creepy," while also threatening to quit using Uber. Privacy group the Electronic Frontier Foundation called on the company to roll back the update. "There are many legitimate reasons that a rider would want privacy in their final destination," Kurt Opsahl, the EFF's deputy executive director, wrote in a blog post.
Uber said the additional location tracking is intended to "improve pickups, drop-offs, customer service, and to enhance safety." In a subsequent app update, the following month, the company was more transparent about what it was trying to do.
"Uber relies on location services to ensure safe and accurate rides," the company wrote in the app update information. "You'll now be asked to allow location information collection from the time you request a ride through up to five minutes after it ends."
Bottom line: Despite the backlash, Uber continues to track your location for a limited time after your trip ends. Privacy advocates warn the company has the power to track you whenever they want.
When Pokemon Go debuted in July, the game was an instant hit. But privacy advocates were alarmed that the game's developer, Niantic, had full access to users' Google accounts if they were playing the game on an iPhone. Cybersecurity expert Adam Reeve noted Niantic could read your email, and maybe even send messages from it.
Niantic said the setting was an error and began limiting the amount of info the Pokemon Go app could access. "Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access," Niantic said at the time.
But people who didn't want to take a break from collecting 'em all devised ways to revoke access manually.
Bottom line: Pokemon Go scaled back how much data it was collecting after users and advocates raised a ruckus.
Why's privacy darling WhatsApp on this list? The app made a splash in April for making end-to-end encryption, the gold standard of online privacy, the default setting for messages sent from WhatsApp. That meant WhatsApp didn't have access to any of the communications its users were sending. If the company got hacked -- or subpoenaed by the FBI -- its records wouldn't spill the beans on users.
"The idea is simple: When you send a message, the only person who can read it is the person or group chat that you send that message to," WhatsApp co-founders Jan Koum and Brian Acton wrote at the time.
But lest we forget, Facebook owns WhatsApp, and the social media giant soon made a move to do something with WhatsApp users' account information. WhatsApp announced in August it would share user phone numbers and data about the last time they used the app with Facebook. The content of messages would remain unreadable to both WhatsApp and Facebook by default.
"By coordinating more with Facebook, we'll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp," the company wrote in a blog post. "And by connecting your phone number with Facebook's systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them."
Privacy advocates immediately criticized the move, which could apply Facebook's big data techniques to one of the most private messaging services out there for the sake of advertising.
The Electronic Privacy Information Center filed a complaint with the Federal Trade Commission (PDF) over the changes, and some of the data sharing between WhatsApp and Facebook has been stalled in EU countries because of privacy regulations.
Bottom line: Outrage hasn't put a stop to data sharing between WhatsApp and Facebook, but regulators are monitoring the situation. Stay tuned.
Correction, December 16 at 5:41 p.m. PT: This story has been amended to indicate that Serge Egelman works at the International Computer Science Institute.