•   Data access by smartphone apps
Warning against data access by third-party smartphone apps for students

Warning against data access by third-party smartphone apps for students

The University of Passau wishes to share the warning notice of the Computer Centre of the Bavarian Academy of Sciences (Leibniz-Rechenzentrum):

Recently, there has been an increase in the number smartphone apps that contravene the ZIM's regulations on use of the computing facilities (German) and may potentially jeopardise data privacy, the technical infrastructure, devices and services. One such example is the UniNow app offered for android and iOS devices. This app promises to make it easier for students to organise their studies and student life. Its features include an up-do-date refectory meal plan, as well as timetabling functionality, fetching examination results and marks, e-mails forwarding to the mobile device (e.g. via a push service).

Data protection

From the perspective of data protection this and similar apps should be considered highly risky, since the entire communication is relayed to servers hosted by the app provider (e.g. UniNow GmbH). According to the app's own data privacy policy, users expressly agree to having the data fetched from the university systems at the time of registration, or at the latest when the user starts using the app.

The app then fetches the following personal information:

  • Name of the university
  • The user's family and given names
  • The user's matriculation number
  • The user's degree subjects
  • Lectures
  • Examinations and results
  • The user's username and password for the university's online services, libraries and send/receive e-mails
  • and more.

Using these data, third parties not only gain access to users' marks and other sensitive information but can potentially make changes on behalf of their users, such as address changes or exam registrations and de-registrations.

No passing on of user credentials

The ZIM's regulations on use of the computing facilities expressly prohibit the sharing of access credentials (usernames and passwords) with third parties. As a result, users are not permitted to use UniNow or similar apps requiring this kind of automated access to the users' personal data.

Prevent apps from accessing the University servers

If you have already installed and used any such apps, we ask you to take steps to prevent these apps from accessing our servers. Moreover, if you have been affected, you should change your passwords for all services of the University. Please remember that contravention of the regulations on use of the computing facilities may result in the user being banned from using the facilities and services.

Author of the German text: Thomas Simon, Managing Director of the Centre for Information Technology and Media Services (ZIM)

Regulations on the use of computing facilities of the University of Passau

Regulations on the use of computing facilities of the University of Passau (German)

The Centre for Information Technology and Media Services (ZIM) is the Computer Centre of the University of Passau.