Privacy Protections for Mobile App Users Pledged By Vendors

California's Attorney General, Kamala D. Harris, is working with six major players in the mobile applications market to create a set of privacy-protection standards for users of smartphone apps.

The companies in question--Amazon, Apple, Google, Helwett-Packard, Microsoft and Research in Motion--have all pledged to support a set of principles described in California state law that requires a privacy policy for commercial web sites and online services.

Under the new agreement, users will have the chance to review an app's privacy policy before they download or install the app (rather than after). They will also be afforded a consistent method of access to that policy from the app's download screen, as opposed to the app maker's web site or another source.

In turn, there will also be a push to educate app developers who write for the platforms about how to respect user privacy and how to handle information gathered from users. App developers that fail to comply with the law could be prosecuted under California laws governing unfair competition and false advertising.

A recent FTC report entitled "Mobile Apps Are Disappointing" expressed dismay at how little respect for privacy there was amongst apps that were created for and marketed to children. They cited not just the breadth of data that can be automatically collected from phones that run apps--geolocation, call histories, contact lists, etc.--but how unclear it was what any given app might be doing with that information, or where to find out such things.

The FTC report made recommendations similar to what was agreed upon by Harris and the six companies in question: that app stores and developers should provide more detailed information about data practices.

What's more, the report also noted that the policy should be written in the plainest possible language, and in ways that are particularly suited to mobile devices with small screens. A footnote that is nominally visible on a web page might well vanish on a cellphone's smaller screen, so mobile users may need a different way of being notified effectively.

Online privacy issues remain a constant concern, with each season bringing a new wrinkle to the issue. Most recently, Google was recently chastised for allegedly bypassing privacy settings on the Safari web browser by exploiting a bug in said browser. Google claims that was a mischaracterization of what happened, and that they were simply using a known workaround to allow signed-in Google users access to certain Google-specific features like the "+1" button.

The vagaries of who is responsible and to what extent make it clear that proper protection of end-user privacy--regardless of the law's specific wording about it--requires a more all-hands-on-deck approach. The sheer number of parties involved in mobile apps ensure it: the app makers, the providers of services, the handset manufacturers, the carriers, and the end users. Harris's attempts to bring many major players to the same table is a step in the right direction, but still only one step.