Would you give an airline and their partners access to all your phones images and files?
Air New Zealand has the best customer flight experience I’ve ever experienced during my global travels. I feel very lucky to live in the same country where I fly often on this superior airline.
However, at the end of last year, a recent change to their very useful little smartphone app requesting a new permission created a small but massive privacy issue for its users.
The new update requests access to all images and files on my mobile (see opposite). Why?
Well, I tweeted asking for clarification and the reason: access will give me the user an opportunity to add an avatar and / or change background images of destinations (although the app will never see anything but those images selected).
So that’s full access to a users images and files on a users phone for a little customisation.
That’s like giving your house keys to a friend who has agreed to hang a painting for you. Although in doing you have to agree they never return your keys. They state it’s ok as they only will ever go in and do what they promised.
You kind of trust them although they have the keys to your home.
They can share these keys at any time with other people.
You won’t ever know unless you ask them.
That’s what Air NZ just did.
Of course this is probably a limitation of the software and operating system they are designing in although certainly not something to just accept without further exploration.
Lots of other tweets followed after my initial queries above which then switched over to Twitter DM discussion (which you can download and read yourself here) during which time I was given the email address of the Privacy Office to pursue further.
Here’s the questions (in bold) I posed with the airlines responses (in italic):
1. It’s been stated a couple of times that the app permission request ONLY sees the single image file used to create a new avatar not all files which is stated in the permission update. Please would you evidence this via a video or software workflow please (bearing in mind I’m not a coder or app developer).
The Air New Zealand android app does not access a user’s photos without their knowledge, and does not access a user’s gallery folder. In order for a photo to be uploaded to the Air New Zealand android app, the image must be saved locally within the app on a user’s device. The process required to save the image locally is declared by the Google Play Store as an ‘Access to photos’ permission, hence why the permission is sought during the update process.
The online team and the Privacy Office have confirmed that the image is only saved on a user’s device, and Air New Zealand has no access to user’s photos (including the image chosen by a user)
Due to the commercially sensitive nature of the information, Air New Zealand is unable to provide the position stated with a video or software workflow. We hope the detailed explanation provided by Air New Zealand in this, and your earlier correspondence suffice in covering your query.
3. It was mentioned access to all information held by AirNZ could be gained although there’s no specific route for this. Would you please outline via a simple graphical workflow of how to gain this information plus the timelines involved (again, I have requested it through the means described in previous conversation and at time of writing still no response)?
I can appreciate the intellectual property nature of some of the software stuff and hesitation in illustrating what’s happening openly, however, the option still remains that at anytime the app could change it’s function and then access the files / photos as no further permission would be needed or requested from its users (as that has been agreed to). Again, a future scenario which is probably not intentional, however, with foresight this should become obvious in terms of the privacy issue it’s creating.
As an ironic aside, the above response from the airline wasn’t signed and / or named. I requested a name so I could direct my response personally but they stated: “The Privacy Office email is a shared inbox, we do not disclose the names of individuals.”
As a further aside, I requested all information that the airline has on me on 19 December 2016 although at the time of writing this blog post I have yet to receive anything.
I finally got the names of those in charge of Privacy which are the GM Governance, Risk and Compliance and the Senior Manager Data Protection (thanks public affairs office as privacy office wouldn’t share). Can imagine they are good humans and interested in responding in the comments about the above and looking forward to them doing so.
So for any Air NZ customers reading this: did you allow the app update and think about the above? Did you think about the consequences and others I haven’t thought about? Would you like the options to roll back the update if it was granted?
Just before making this blog post live today I checked the update and permission request again on my mobile.
As you can see from opposite it seems someone else also challenged them about the above in the app comments.
Furthermore, it appears the airline has admitted it was a fault plus rolled back the permission requests.
Fantastic news and a wonderful surprise.
Obviously, there’s been a great amount of energy expended on all those tweets, conversations, emails (from myself and the staff at Air NZ) not to mention the crafting of this blog post, however, it’s so important to keep asking these types of questions related to personal privacy of companies with whom are requesting more and more data from us.
At the time of posting no-one has gotten back in touch with me personally to cite this mistake and reversal of requested permissions.
*all of the above related to using Android.
Had a personal email response from the GM Governance, Risk and Compliance, apologetic as to the delay in the airline sending through my requested data (it’s now two months since the original request). Someone else from the Privacy Office then got in touch requesting lots of data already held by them via my Koru membership. They also requested I email them a scanned copy of an ID or mail it.
The above citation for extra information is not anywhere online or explained as a process which a user has to go through. The data the airline already holds is enough to qualify the request.
Obviously, I welcome any instances where clarification of identity is needed to combat fraud, however, actions which undermine personal privacy should always be refused. I responded stating this and also offering two solutions: the first to show my ID to any of their colleagues when I fly for validation and then for that person to send an email or call any person to qualify it, or to take a phone call to answer any personal identifiable information held by them.
Still waiting on a response.
Am hoping also my pro bono offer of assisting them in the human centred design approach of them reimagining their current data request process will be taken up. Truly keen to assist in making this airline a fully rounded excellent company.
Also received the following response from Senior Manager – External Communications | Group Communications:
“Thank you for getting in touch with your queries around the photo permissions on our android app. Our developers have been working on an update to support the ‘avatar’ functionality without the need for the user to provide access to their files/photos and, as you may be aware, a new version of the android app (v 3.19) was released early this month. Installs of the updated version, or any new installs, will ensure that the user’s permissions will be updated and it will no longer request access to their files/photos.
Please be assured despite the relatively broad permissions with respect to photos on the app previously it was never our intention to collect any personal information from the files or photos on our customer’s phones and we certainly didn’t do so.
We take privacy very seriously and privacy is designed into all of our systems that collect, process or store our customers’ personal information.”
Good to have the reversal of the app design and it’s questionable permission requests validated.
Would be great to know if the decision was due to internal work on road mapping and realising it’s impact or users asking questions like myself and others via Twitter / app comments / other avenues (or maybe a bit of both)? Would also question if this case has created a new thinking about feeding back to those who have raised points which are now resolved (as again, I didn’t get any personal responses but found out of the changes after my own research)?
Don’t want to diminish the decision here, more keen to celebrate the impact of procedures which are at work here.
Brands struggle with these things. Of reversing decisions. Of getting things wrong.
We should celebrate the new decisions and actions which rectify mistakes. Show gratitude and humanise the instances (and encourage similar language from people representing the organisations). Because every company, no matter how large or small, are built and moulded by infallible and glorious humans.
Well done Air NZ for fixing an error in their app design. Looking forward to seeing the same rigour and simplicity applied to the personal data information request.
Got confirmed with a phone call I am who I am so hopefully the personal data request will be put through and all information received in due course.
Got my personal data via email from the privacy office. Lots to wade through although there’s nothing about app use.