You are here: Home » Technology » News » Apps
Business Standard

Games like Candy Crush can be used for data harvesting, warn experts

Several apps on mobile phones and Facebook use data harvesting techniques and take users' consent in terms and conditions to access their data, including name, age, 'likes'

Press Trust of India  |  New Delhi 

candy crush saga
candy crush saga

Free mobile and as well as games such as Candy Crush, Ludo and Chess can be for data harvesting, say cyber security experts, warning in against the seemingly innocuous everyday pastimes.

The warning comes as debates on data intensify following giant Facebook's reported data breach by UK-based analytics firm to influence elections and market campaigns.

"There are a lot users who play games like Candy Crush, Chess, Ludo, or other war games like Some people click on 'free' like 'How would you look 30 years from now' and all that stuff.

"But we must remember one thing. Nothing is free in life. If you think the product is free, sorry, then you are the product!" leading cyber security expert told

India's "most active" users spend four hours a day on mobile apps, according to an article on the website of the (ITU), the UN's specialised agency for information and

Indians also downloaded 6.2 billion in 2016, up from 3.6 billion in 2015, as they led the field in the "most time spent" on devices by clocking 145 billion hours, it added, indicating the massive spread of and games in the country.

Several apps on and use data harvesting techniques and take users' consent in terms and conditions to access their data, including name, age, 'likes', friends and messages, posing a threat to privacy, cautioned Jain.

"Data harvesting" is the process of extracting large amount of data for analytics by "consent" of the user, sometimes even by tricking them, Jain said. "Data theft", on the other hand, is the unauthorised use of that information for commercial or any other purpose, he explained.

Data harvesting, Jain elaborated, is mostly by some sort of consent, while data theft is largely by unauthorised access or hacking into a user's profile or device.

It is imperative that data subjects become vigilant about their while visiting a website, added Jaspreet Singh, partner, Cyber Security,

"Users should make sure they are validating the terms and conditions of any personal information provided online especially on social media," he said.

Read policies of websites and understand how they may use or share their personal information in the future, Singh said in his "advisory". Users should also be wary while sharing their location on the internet.

"are used to de-anonymize a user and track their Users may use private browsing or browsers with add-ons to block monitoring using cookies," he said.

According to Rama Vedashree, of of India, youths comprise the majority of in the country and it is imperative to increase awareness about

"Make sure that all of them have adequate awareness, knowledge and skill to leverage the power of these technologies and platforms (analytics and social media) but also stay safe -- both from security perspective and privacy," she said.

On platforms, for instance, users can control their posts, choosing to make them visible only to their friends or friends of friends or everyone.

Pavan Duggal, who specialises in cyber issues and argues for dedicated legislation for data protection or data privacy, said users should think through the terms and conditions before granting any apps access to their personal pictures or documents.

"Do not wait for the law to come in for it will take its own time. Be conscious about what you share online. Be aware that you are not being respected and seen only as a 'data subject' or 'data object' who is only providing them data on a 24*7 basis," Duggal said.

"You should understand the internet as a paradigm never sleeps, and never forgets," he said.

What's will remain there for a "long, long time", he added.

There are several cases pending in courts where people's data has been unauthorisedly accessed and they have sought either damages or other relief, he said.

"Since the Act does not have very effective remedies, we haven't yet seen much successful judgements. Further, there are no convictions in the country for breaches or misuse of personal data on social media," Duggal said.

According to ITU data, by June 2017 as many as 830 million young people were online, representing 80 per cent of the youth population in 104 countries. In and alone, up to 320 million young people use the internet, it said.

First Published: Tue, April 03 2018. 18:45 IST