Mobile data privacy is terra incognita to users and developers

Pitfalls lurk for even savvy consumers

President Obama's move Thursday to establish a so-called Privacy Bill of Rights for the Internet can be seen as the consolidation of decadelong efforts by disparate groups to improve privacy protections via countless browser add-ons, settings and privacy policies. But while it's possible to guard privacy on the desktop, the rapidly growing mobile space is still the Wild West, with an almost endless landscape of privacy pitfalls that challenge even the most vigilant consumer.

Today's mobile phones collect an enormous amount of personal data -- from the user's email address to his or her location, contact list, calendar and even photos -- and tether it to a single unique device ID number. One location-based photo-sharing app reportedly activated users' microphones to narrow down their location beyond what GPS data could provide. There is as yet very little to protect the valuable data on these most personal of devices.

The news this week that California will require mobile apps to post privacy policies was widely praised, but also underscored just how much of a free-for-all the space is now. A developer survey conducted by the Future of Privacy Forum found that 60 percent of all mobile apps don't even have a privacy policy that would notify consumers which of their data the apps access. A study by TrustE and Harris Interactive found that 95 percent of all apps lack a privacy policy.

Given California's plan, and the major mobile platforms' participation in it, developers who market their apps in the App Store, Android Marketplace or any of the other major platforms will have to establish and disclose these policies, but there is still no requirement for them to limit the data they grab, store or share.

"The only piece of information that's restricted by the operating system is location information," said Ashkan Soltani, an independent researcher and consultant focused on privacy. The restrictions on what developers can share with third parties are minimal and not always clear.

As for protecting one's private data, "The industry tools don't even exist yet," said Jules Polonetsky, who runs the Future of Privacy Forum. For example, "It's nearly impossible" to opt out of tracking on a mobile device.

Data driving innovation

Ironically, unfettered access to hardware and data in smartphones has driven much of the innovation that has happened in the mobile arena. A flashlight app must have access to the phone's flash to work. Social networks need access to contact information to suggest friends for new users. And apps like Yelp use location data to ensure users get relevant information.

Privacy expert Ryan Calo, at Stanford University's Center for Internet and Society, described the challenge for regulators as protecting consumers while remaining "flexible enough to permit innovation."

Polonetsky, of the Future of Privacy Forum, which helps developers establish privacy practices, suggested that irresponsible privacy practices threaten innovation as much as clumsy regulation does. "The data that's there has been what's allowed [developers] to do really cool things," he said. "But if data is your fuel, you better treasure it or you might lose access to it in the future."

Sebastian Holst, a mobile apps developer and the chief marketing officer at PreEmptive Solutions, put it this way: "Absolutely collecting personal data is a means to fuel business. Labor is great fuel for business, too, but does that mean child labor is okay?" Regulation of mobile privacy is just as necessary as child labor laws, he said.

Both Holst and the California attorney general characterized the belief that users must choose between protecting their privacy and accessing innovation as "a false choice."

Just ask

Most privacy experts agreed that when asked, users will usually agree to share their private information with apps when the apps offer them value in return. But asking is essential, as the mobile social network Path -- which markets itself as a more private social network than Facebook -- discovered earlier this month when bloggers and users flogged the company for grabbing and storing users' contact lists.

"It's been good practice for apps to prompt the user," explained researcher Soltani. "It's like having privacy manners."

He gave the analogy of grabbing a soda out of the fridge at someone else's house. Doing so without asking would provoke irritation, but when asked, "most people would say yes."

The Path brouhaha showed another level of social ineptitude as well. When they learned what Path was doing with the data, coders and privacy experts alike wondered why the app maker hadn't bothered even to encrypt the information. Polonetsky called it "clueless behavior."

But because users rarely read privacy policies, experts, including Justin Brookman of the Center for Democracy and Technology, suggest that getting meaningful consent from users to share their data will require a more interactive form of notification -- a matter that poses significant logistical challenges given the tiny screen size of the mobile phone and the fact that users quickly tire of pop-up windows.

But some responsible practices are relatively straightforward. Limiting applications' access to user data to those bits of information that improve the user experience would ensure that the benefits businesses derive from data streams go to those who provided the raw material, experts said. It would also limit the surprise factor when users learn, for example, that a photo application accesses their microphone.

Others proposed limiting how long personal data can be stored and when it can be sold to advertisers.

Calo, of the Center for Internet and Society, also thinks lawmakers will have to expand the definition of what constitutes harm and use it to evaluate when regulations and/or sanctions are necessary.

Changing culture

The most important aspect of the agreement in California is that the platform operators "will send a signal to developers saying, look, privacy is important, you need to address it," Calo said -- though critics of Google's own privacy practices may find it a less-than-ideal messenger.

But as users become more educated and lawmakers are increasingly willing to regulate digital privacy, software companies big and small will be spurred to make the trade-off with users more transparent -- and possibly juicier. Tech companies benefit from "your private data," said Brian Blau, an analyst at Gartner. "So they're going to give you a good deal. In the future they may have to give you more value."

Some app makers could change more radically.

"We have to be careful not to think that the way we are doing things is the way they have to be done," Calo said. Targeted advertising currently draws on consumer data stored on advertisers' servers, but it could happen "on the client," he said. It's one of any number of ways users could get more control over their data.

Developer Holst argued that seeing consumer data as software's only value actually puts a drag on innovation. "There's tons of innovations that could be happening," he said, "but because the only check that's being written is for personal information, it's not."

Even so, Blau predicts that "During this period when technology is advanced enough to take advantage of the data, and until the laws catch up," mobile apps will continue "to catch as much data as they can get away with."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Cameron Scott

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?