The App Hack

Rita Personal Data

too good to be true?

This company raised 1M€ in funding 3 years after its foundation. This Netherlands-based software startup promises to give users visibility and a choice over the personal information Google has of them. It also gives the choice to sell the data for rewards to the company partners. But how safe is it?

Privacy · Data · Transparency ·

The users need to give Rita Personal Data’s app access to all the previously downloaded information Google has about their Google account, which can be concerning at first glance, but let’s dive into this mobile app’s privacy policy to see if Rita Personal Data is really too good to be true. To make this possible, we’re going to look into Rita’s privacy policy to check for:

  • Third-party sharing.
  • Trackers and cookies.
  • Data storage.
  • Overall transparency.

Abstract
Key Concepts

By default, all the user’s data is stored and encrypted on their personal mobile device, which unless it is explicitly consented to, will not be shared with third parties. 

Similarly, the app claims to ask for explicit consent before saving and sharing personal data and assures it doesn’t identify close contacts or perform any action on the behalf of its users. What now constitutes a growing risk among websites and applications is the use of trackers and cookies, yet another point worth noting is that Rita Personal Data does not use any.

Why is it important to know what is Google doing with our data?

“Google controls about 62% of mobile browsers, 69% of desktop browsers, and the operating systems on 71% of mobile devices in the world. 92% of internet searches go through Google and 73% of American adults use YouTube. Google runs code on approximately 85% of sites on the Web and inside as many as 94% of apps in the Play store. It collects data about users’ every click, tap, query, and movement from all of those sources and more.” – EFF

The AppHack


62%

of mobile browsers are controlled by Google

69%

of desktop browsers are Google’s

92%

of internet searches go through Google

73%

of American adults use YouTube

Sharing data to a third party

As we explain in our report My body, my data, their rules, even period apps share personal and sensitive data with third parties. It is the main source of income for many platforms that don’t want to make use of advertising. Remember, when a product is free, you’re the product.

This is not exactly the case for Rita Personal Data. Although they profit from selling personal data collected by Google accounts, the mechanism is different.

The user decides after handing the app their Google account information whether they want to sell it to a third party or just see the dashboard with info Rita offers. It is the user who decides what to do with the data, and if there is explicit consent, Rita sells the data to a third party -what they call partners- and take 10% of the transaction, giving the user 90% of the profit. That way is the user the principal benefactor of their own data. It is worth noting that if the user doesn’t consent to sell their data, this data will remain stored just on the phone.

The user decides after handing the app their Google account information whether they want to sell it to a third party or just see the dashboard with info Rita offers. It is the user who decides what to do with the data, and if there is explicit consent, Rita sells the data to a third party -what they call partners- and take 10% of the transaction, giving the user 90% of the profit. That way is the user the principal benefactor of their own data. It is worth noting that if the user doesn’t consent to sell their data, this data will remain stored just on the phone.

Privacy-by-design

Ok, this is starting to look like a paid partnership but we swear it’s not, Rita Personal Data is good but it also seems to be true.

It uses privacy-by-design, a way of developing systems that incorporate this methodology into every product or service concept, making privacy protection the focus of all development, including this idea in their values and guiding their ethical conduct.

Where is our data stored?

Overall transparency

This is a tricky one. The user’s personal data is by default stored on their phone or device.

In the first place Rita will store the user’s email, password, and date and time the account is created and will remain like that unless the user wants to share the data with a third party for rewards. In this case, the data is stored in a server provided by AWS (Amazon Web Services).

Rita Personal Data’s privacy policy is easily accessible and clear when it comes to data management, third-party sharing, the GDPR, and the source of income of the company. 

An email for contact is constantly provided for questions or complaints, and they go a step further and offer the data protection authorities’ email address in case any user wants to file a complaint. 

We can conclude that Rita Personal Data is a good choice in case you hold a Google account and want to discover how many companies are using your data, which ones are those, or how much money has Google made out of your personal data. As we always say, the best option is not to share personal data at all, but in case you decide to do so, this is an interesting option to be aware of what is being done with your data, and, with Rita Personal Data, at least you can be the one making money out of your own data! 

Between the lines

Keeping all these findings in mind,Eticas recommends:

  • Paying attention to app permissions for privacy policies and unwarranted data collection when you install them.

 

  • Uninstalling unused apps.

 

  • Closing accounts that are no longer in use. Unused accounts contain private data that can soon become unsafe when you’re no longer monitoring them.