Comment by sbarre

There you go, getting to the meat of it..

So your position is that an app installed on my phone is not able to track or collect any more data, and does not have access to any other information, than a website that I load in my device browser (assuming I log into that website with the same credentials I use in the native app)?

I agree that this might be true in some cases. Note that I never said or implied that an app could do things without permission - but my fault if that wasn't clear.

Now, that said, would it perhaps be fair to say that the average user is much more likely to grant additional permissions to a native app on their phone than they would to a website?

If a website asks for your location, or access to the camera or to your contacts or whatever, I think many people would refuse. There's still a sense that a website is "out there" on the Internet, and you shouldn't necessarily trust it.

But when an app you've installed on your device asks for these things, in order to "operate properly" or provide functionality, then I think people are much more likely to grant it.

After all they've installed the app on their device, they've already trusted the vendor that much, it's only an incremental step at this point.

And once the device does have this elevated access, and access to more data, then there are absolutely more opportunities to collect data on users without their understanding.

I say "understanding" here rather than "consent" because typically consent is given via some long and complicated T&Cs that no one reads. Which is of course on the user, but again if you don't grant permission in the first place (because you're on a website not an app), it's not a problem.

And we have historically seen that some companies (not all companies of course) take advantage of this app access to collect data for themselves without your knowledge. I hope that part isn't up for debate here..