Skip to main content

Security

Report urges better rules for mobile privacy: App developers and mobile device companies to be more transparent

Report urges better rules for mobile privacy: App developers and mobile device companies need to be more transparent

Isaac M. O'Bannon

Feb. 10, 2013

With about 217 million smartphones in our pockets, Americans are more connected to the world, our families and friends than ever. We’re also more connected to our bank accounts than ever.

While that helps many consumers stay in better control of their finances and budgets, it also means that the power to spend is as easy as the click of a button, whether intended or not. These smartphones, mobile devices and the multitude of apps and other online functions also usually include never-read disclosure agreements that allow developers to sell and share sensitive consumer data.

None of that is news, of course. However, what we don’t read (end-user license agreements, and such) can hurt us. And although we may accept that companies will use our data in some ways, one needs look no further than t he recent outcry that resulted when online photo sharing site Instagram announced that it would be selling the photo’s of its users, without compensation to them.

There are many other examples of consumers concerned over the use of their private information, which is why the Federal Trade Commission has developed a list of recommendations that it believes developers should follow in order to help protect consumer data and diminish the chance of unintended spending.

In its latest report, Mobile Privacy Disclosures: Building Trust Though Transparency, the FTC addresses many of the potential risks consumers face:

“When people use their mobile devices, they are sharing information about their daily lives with a multitude of players. How many companies are privy to this information? How often do they access such content and how do they use it or share it? What do consumers understand about who is getting their information and how they are using it?”

In 2000, the agency started considering privacy implications related to the use of mobile devices. Just last year, it hosted a mobile privacy panel discussion. The new report is based on the feedback they received from the panel and on prior studies.

One of the primary focus areas of the report is on the developers of the mobile platforms and operating systems, such as Apple, Google, Microsoft, BlackBerry, Amazon and Samsung.

The report states that, because these companies give app developers and others access to user information (location, contact lists, calendar info, photos and other data), and because their app stores reach millions of consumers, they have an important role.

As such, the report recommends they should:

  • Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation;
  • Consider providing just-in-time disclosures and obtaining affirmative express consent for other content that consumers would find sensitive in many contexts, such as contacts, photos, calendar entries, or the recording of audio or video content;
  • Consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded;
  • Consider developing icons to depict the transmission of user data;
  • Promote app developer best practices. For example, platforms can require developers to make privacy disclosures, reasonably enforce these requirements, and educate app developers;
  • Consider providing consumers with clear disclosures about the extent to which platforms review apps prior to making them available for download in the app stores and conduct compliance checks after the apps have been placed in the app stores;
  • Consider offering a Do Not Track (DNT) mechanism for smartphone users. A mobile DNT mechanism, which a majority of the Commission has endorsed, would allow consumers to choose to prevent tracking by ad networks or other third parties as they navigate among apps on their phones.

The FTC has suggestions for app developers, too, suggesting that they:

  • Have a privacy policy and make sure it is easily accessible through the app stores;
  • Provide just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information (to the extent the platforms have not already provided such disclosures and obtained such consent);
  • Improve coordination and communication with ad networks and other third parties, such as analytics companies, that provide services for apps so the app FTC Staff Report developers can provide accurate disclosures to consumers. For example, app developers often integrate third-party code to facilitate advertising or analytics within an app with little understanding of what information the third party is collecting and how it is being used. App developers need to better understand the software they are using through improved coordination and communication with ad networks and other third parties.
  • Consider participating in self-regulatory programs, trade associations, and industry organizations, which can provide guidance on how to make uniform, short-form privacy disclosures.

These aren’t the only two groups that the FTC noted, however. The agency also noted that advertising networks should better communicate with app developers and should work with platform developers. Additionally, app developer trade associations, academics, usability experts and researchers should come up with better short form disclosure notices, create standardized and uniform privacy policies, and better educate app developers on privacy issues.

The full report can be read on the Federal Trade Commission’s website.