It’s that time of year when electronic devices of all kinds – smartphones, tablets, maybe even an Ultrabook™ if you’ve been really good – make their way under the tree. Along with these fantastic toys come a veritable blizzard of app downloads; anything from Netflix to Angry Birds to Drawing with Friends. With literally hundreds of thousands of apps available to download, it’s only logical to assume that there are privacy guidelines in place for apps, especially for apps aimed toward children. However, this assumption would be incorrect, as seen in a recent study released by the Federal Trade Commission (FTC). In this first in a series of articles, we’ll take a look at app privacy, especially how it affects users and developers.
Too big, too fast
The app ecosystem has grown up almost literally overnight. As of September 2012, there are over 700,000 apps (and counting) in the Apple Store, close to that number in Google Play, and a growing surge of apps available in the Windows Store and other app distribution centers. In short, in the last couple of years, we’ve seen a virtual tidal wave of apps made available in the marketplace. This unprecedented growth, so fast and furious, has unfortunately not brought with it any kind of thoughtfully planned privacy framework; in fact, for the most part, it seems to be the very opposite, industry-wide.
A growing problem
Studies from the FTC and other industry pundits have found that there is little to no information available to users about the privacy policies of the apps that they are about to download, and this is especially true for apps aimed towards children. A survey taken in the summer of 2012 looked at over 400 different apps and how they dealt with privacy, actually downloading and testing them out to see if information was collected and shared inappropriately. Out of the more than 400 apps surveyed, most did in fact utilize user data without permission, collecting and sharing it with ad networks, analytics firms, and other third party companies without permission or notification.
How most people view privacy within apps
Nine out of ten U.S. adults own a mobile electronic device of some kind. As the app marketplace is embraced by the public, concerns about privacy and how information is shared have also risen sharply:
“A recent Pew study found that 54% of app users decided not to install an app once they discovered how much personal information the app would collect. The study also showed that 30% of app users have uninstalled an app that was already on their cell phone because they learned that the app was collecting personal information the users did not wish to share. Consistent with these findings, a recent study by the Berkeley Center for Law and Technology showed that most consumers consider the information on their mobile devices to be private.” - Source
In addition, although it might not be exactly based in fact, most people consider the information on their mobile devices and apps to be private, and treat it as such. In a recent study by the Berkeley Center, 78% of survey respondents considered the information on their apps and mobile devices to be “at least as private” as the information on their home computers. This isn’t just the “average” user, either. Consider the recent brouhaha from Randi Zuckerberg, sister of the founder of Facebook, who posted a family picture to her Facebook which was then shared to other social media accounts without her express permission:
“Randi herself had posted to Facebook, the confusing-to-use social Web site created by her strange, reclusive brother. Randi was furious because she wanted the photo to be seen only by her friends, but someone who is friends with Randi's sister saw the photo on Facebook, assumed it was public, and spread it on Twitter.Randi complained that this was "way uncool." The friend apologized for her mistake. Lots of people had a laugh about how this just shows again how stupid and confusing Facebook's privacy settings are, as in, "Hey, even the Zuckerbergs can't figure this stuff out!" - Source
Privacy and kids’ apps
Most children’s apps don’t give parents and guardians even the most basic of information about what, if any, privacy practices might be attached to the app. Most apps also don’t give out any information at all about data collected; in fact, the FTC survey found that many apps share information like device IDs, phone numbers, and geo-locations to third parties completely without disclosure. Many apps with interactive features, such as social media links, in-app purchases, and advertising don’t disclose these before the initial download, so any privacy issues are potentially swept under the proverbial rug since information starts instantly being collected upon download.
The problem is not going away
Obviously, apps and even the most basic of privacy practices are in dire straits. While there exist many government entities and business organizations calling for more transparent data collection frameworks, hardly any progress has been made. The app ecosystem is simply growing too fast, and there are no regulatory agencies overseeing even the most basic of boundaries.
The FTC has put out a call for app industry best practices in regards to privacy. These would include “privacy by design”, i.e., integrating privacy protections into the apps themselves, information about how any data is used (especially in apps aimed towards children), and complete transparency about what information will be collected within the app itself. It’s a good start that will give users greater confidence in the app industry as a whole, however, these principles are easier said than done.
In the next article in this series, we’ll take a more in-depth look at the findings from the FTC privacy survey, and track what kind of privacy practices app developers should start thinking about implementing within their own apps. If you’re an app developer, share with us how you feel about in-app privacy: is it a right? A privilege? Something that users should have complete access to or something completely different all together? Share with us in the comments section below.