Mobile Apps Come With Huge Privacy Loopholes, Little Transparency

Start your day with TPM.
Sign up for the Morning Memo newsletter

Any time Angry Birds or Yelp is opened on a smartphone, information is being sent to marketers — and app developers aren’t required to reveal it. Apps running on the iPhone, Android and BlackBerry platforms often collect personal information to be resold to marketing companies and initiatives such as Google’s AdMob. These apps and others work in conjunction with in-phone GPS chips to give marketers detailed information on smartphone users’ locations, gender, ages and, in some cases, personal contacts and use of other apps.

Marketers reselling personal information from smartphone apps are working with a massive market of often-unaware users. For instance, as of December 2010, an average of 300,000 Android phones were activated daily.

Although exact figures are not available, advertising and marketing resales have become one of the largest app revenue streams for developers, with a steady stream of financial incentives existing to encourage the sale of information.

The executive branch now appears to be getting involved. In late December 2010, the Department of Commerce announced their intent to overhaul data privacy laws — which will include smartphones — following queries by lobbyists and interest groups. A recently released 88-page report from the department calls for the creation of a national Privacy Police Office and demands that companies, either through legislation or self-regulation, ask for customers’ permission to collect data from them for marketing purposes. The largest current set of laws relating to online privacy, the Electronic Communications Privacy Act, was originally written in 1986 and has large gaps in coverage of web-era and post-web technologies.

Data mining from smartphone apps is endemic: A recent investigative piece in the Wall Street Journal discovered sensitive personal information was being sent to marketers by popular applications such as Angry Birds, Pandora and Yelp. This information often includes users’ contacts, geographical location and a mobile phone ID unique to each user.

In many cases, smartphone app developers send collected data to third parties for profit. Neither Apple, Google nor Research in Motion’s policies require app developers to explicitly inform customers that personal information may be resold. In July 2010, Apple revised their privacy policy in regards to iPhone tracking following a formal request for information sent to the company by the House Bipartisan Privacy Caucus. The letter was sent to Apple by Representatives Ed Markey (D-MA) and Joe Barton (R-TX). Downloaders of Android apps are informed that software may access certain information but are left unclear that it may be resold.

One industry group plans a self-monitoring scheme. According to Greg Stuart of the Mobile Marketing Association, “The industry recognizes that in order for marketers and publishers to responsibly and sustainably engage consumers through and with the mobile channel, we need to continuously update how we address the collection, management and use of personal data or related consumer information.”

However, the Electronic Frontier Foundation sees a more systemic challenge facing customers from smartphone app marketing. The EFF’s Chris Palmer told Talking Points Memo that he is “worried about the weird economic incentives that make this kind of tracking necessary,” and referred to the resale of personal customer information by smartphone app developers as “frankly predatory marketing.”

Requests for comment sent to Apple, Google and Research in Motion were not returned as of press time.

Latest Idealab
Comments
Masthead Masthead
Founder & Editor-in-Chief:
Executive Editor:
Managing Editor:
Associate Editor:
Editor at Large:
General Counsel:
Publisher:
Head of Product:
Director of Technology:
Associate Publisher:
Front End Developer:
Senior Designer: