Security

Apple, Google, and Others Agree to Limit App Privacy Invasions

If you've been waiting for government regulators to step in and do something about apps that collect and transmit your data without telling you, here's good news: The state of California, along with a number of major tech companies, together Wednesday agreed to strengthen privacy protections worldwide for consumers who buy smartphone and tablet apps.

According to a statement released by California Attorney General Kamala Harris, the state--with Apple, Amazon, Google, HP, Microsoft, and Research in Motion--will work together to make sure that any apps sold through the companies' respective app markets will conform to California state law.

California law requires that any app that collects personal information has to have a privacy policy that outlines what information it collects, and what it does with that info.

This means that app makers will no longer be able to do as they please with your personal data without informing you ahead of time--unless they want to incur the wrath of the state of California. And since these app stores are accessible from just about anywhere in the world that you can get an Internet connection, California residents won't be the only ones to benefit from these new guidelines.

According to the statement, under this agreement, the app markets must give you a chance to review an app's privacy policy before you install it onto your smartphone or tablet, and it must be placed in "a consistent location for an app's privacy policy on the application-download screen" so you'll know where to look.

App makers that don't conform to these standards could be prosecuted under California's Unfair Competition Law or False Advertising Law. These changes should roll out over the next few months.

The agreement is the product of six months of voluntary collaboration between the State of California Office of the Attorney General and the six companies. According to California Deputy Attorney General Alexandra Robert Gordon, Attorney General Harris invited the companies to sit down and devise ways to improve mobile app privacy.

"Privacy is incredibly important, and we need to give users the tools and information to control how their personal data is used," Robert Gordon told PCWorld. "These mobile privacy principles will help protect the millions of users who are downloading billions of mobile apps."

According to existing California law, Robert Gordon explains, if a website or app collects any personal data from even a single California resident, it must provide a privacy policy for its users. So in a sense, this agreement should bring mobile apps more in line with existing laws.

Mobile App Privacy: An Ongoing Problem

In the last year or so, a number of app makers have come under fire for collecting or sharing personal information without telling their users. Earlier this month, the Path social networking app got caught uploading users' address book data without asking for permission (the company has since stopped the practice and apologized); and last April, the federal government investigated the privacy practices of a number of smartphone app makers, including Pandora.

As it stands, no standard across smartphone and tablet operating systems determines how you are notified when an app wants to use the personal information you've stored on your phone. Some mobile OSs are better than others in this regard.

If you buy an app from the Android market, for example, you can see what information that app will be able to access, be it your GPS coordinates, your contacts list, or whatever (though, as one app maker has pointed out, users often ignore this information).

On iOS, you don't get this sort of information before you download and install an app; that said, in some cases--such as when an app wants to track your location--it will ask you before it uses that data. Apple recently stated that apps that collect your address book information without your consent violate the company's App Store guidelines, and that it will soon release an update that will prevent apps from harvesting personal information without your permission.

Welcome Progress

The agreement announced Wednesday is a good first step toward improving mobile app privacy across the board, and since it involves just about all the big players in the app market scene, virtually all smartphone and tablet owners should win out. But more work remains to be done. As PCWorld's Mark Sullivan recently said, we need more legal protections in place to safeguard user data.

[Read: Protect Our Data! A Digital Consumer Bill of Rights]

And we would go one step further: Companies need to write privacy policies that mere mortals--and not just lawyers--can decipher. After all, for most of us, having a privacy policy (or a terms of use statement) loaded up with jargon is about as good as having no privacy policy at all. But Robert Gordon tells us that the next phase is to "get privacy policies to do what they're supposed to"--that is, to ensure that they're useful and clearly state what's happening to your data.

We look forward to seeing what comes from this agreement, and hope that it helps keep companies honest.

[State of California via New York Times and Gizmodo]

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Subscribe to the Security Watch Newsletter

Comments