What a Hancock-up: MP's social network app is a privacy disaster

Digital secretary ups ante, but users say it's riddled with bugs

Screengrab from Brit MP MATT HANCOCK's new app

Move over, Zuckerberg, there's a new social media overlord in town: grime aficionado and Tory MP Matt Hancock.

In his new role as the UK government's digital secretary, Matt Hancock has decided to up his tech game by launching his very own app – but reports have emerged that it doesn't adhere to the data protection policies he touts in his day job.

Purportedly meant to help people from his constituency "engage" with their MP, the app seems to be swamped with lobby journalists and people (possibly the same lobby journalists) pretending to be other politicians.

There's at least one Donald Trump, a Boris, an Ed Balls (whose contribution, predictably, is "Ed Balls"), as well as a couple of Liz Trusses flagging up cheese import and pork product news.

As well as the Facebook-style newsfeed, there's also a "live stream" section, which – although lacking an actual live stream – has a running mid-'90s-style chatroom thread where a Jeremy Corbyn is asking "a/s/l" and MattHancockFan69 is chatting with LizTrussFan123UK.

Despite the excitement it has generated, though, his app hasn't reached all corners of the Westminster bubble.

Ed Vaizey, Hancock's predecessor as digital minister – famed for his weekly sector newsletter – told El Reg he hadn't heard of the app but didn't plan to follow suit.

"I was very flattered when Matt copied my newsletter but I have no plans to develop a app. I don't want to get in an arms race with Matt and I have my hands full just staying ahead of him in number of Twitter followers!" he joked.

Those who do sign up to the app are greeted by Matt's earnest face giving a cheery intro spiel in front of a psychedelic background.

But then things take a more sinister turn, and the app starts asking for a whole host of access permissions that we're not sure are entirely necessary for its functionality.

And, as Twitter users have pointed out, the name of the app gives these requests a slightly more creepy air.

Privacy concerns

El Reg – not being the type to sign up to an app without checking the privacy policy first – took a deeper dive into the policy (with the assistance of a friendly lawyer, Neil Brown from decoded:Legal). But as the minister trumpeting the UK's data protection reforms, the app is sure to be pretty clean, right?

Welllll... the phrasing and words chosen for the policy aren't likely to go down a storm with privacy watchers.

The first line says that "by accepting this Privacy Policy, among other things, you consent to us..." sharing and processing data in a variety of ways, while the list of third parties it will share info with begins with "including" (i.e. this might not be a comprehensive list of who it passes your info to).

Later, it says that information collected "may" include a whole host of things – even your financial and credit card information. "May" being a word that European data privacy watchdogs have strongly discouraged companies using when the General Data Protection Regulation comes into effect.

Personal info that's automatically collected includes contact information, friend lists, check-ins and other fairly intrusive deets – and it's not immediately clear why these are necessary for the listed reasons ("for system administration purposes and to report aggregated, anonymised information to our business partners").

Other users and news outlets have also reported a bug in the iOS version that seems to allow the app to access to pictures even when permission is denied.

It has also been pointed out that the developer, Disciple Media Ltd, which pinches off dime-a-dozen apps for anyone who will pay them, does not appear on the data protection registry of the Information Commissioner's Office. Under the Data Protection Act, all data controllers have to register with the ICO.

But the biz told The Register that it has been registered with the ICO since October 2015. "Our registration was renewed recently but this has not been reflected on the ICO registry yet," a spokesperson said.

It also seems that Disciple Media Ltd uses the same standard set of terms for all its clients, whether that's an MP, a "fitness guru", the Rolling Stones or a questionably named band.

Which leaves you with the delightful idea that Hancock might have a rights image company or record label (yes, yes, the policy does say "where applicable").

It also means the functionality cookie served to your device says it "registers information such as your login status, and the music usage licence you have been granted for access to our music catalogue".

And let's just hope that these cookies are necessary for the service that the app delivers because if you exercise your "choice" not to accept cookies, it means no access to the app – thus depriving you of the latest Matt gossip.

But even if users sign their info over to the app, some people – including your correspondent – have struggled to upload a profile picture, being faced instead with the somewhat ominous warning that "Matt Hancock keeps stopping". ®




Biting the hand that feeds IT © 1998–2018