Why the Mobile App Industry Needs to Address Privacy — Now

The fallout from the FCC’s order on net neutrality stole the headlines in the mobile industry last week, but it overshadowed this great piece from the Wall Street Journal examining the privacy concerns surrounding the mobile app industry. The journal tested 101 iPhone and Android apps and found that more than half transmitted the phone’s unique device ID to third-party companies without users’ awareness or consent. Forty-seven shared location information, while a handful sent age, gender and other personal details to outsiders.

One consumer watchdog group said the story demonstrated why smartphones should be added to the Federal Trade Commission’s proposed “Do Not Track Me” function, which would enable users to opt out of having their web activities tracked for advertising purposes. And the Mobile Marketing Association promised to develop guidelines “to address the growing need for marketers and consumers to have a transparent, accepted understanding as to how consumer information is collected and used” to target consumers on their phones.

The privacy controversy will only grow as mobile data usage and advertising ramps up. And it’s the kind of squabble that politicians and other Beltway regulators love to weigh in on, because it gives them a chance to jump on a soapbox on behalf of the consumer. So the industry would be wise to rein in the marketers — and before federal regulators step in. Which means the MMA’s guidelines should include — and the industry should heed — these key provisions:

  • Transparency: Apps should be absolutely transparent about what they share with third parties, every time they are used. Typically users are informed of such information upon downloading the app, but the terms are generally forgotten afterward. Users should be reminded of those terms every time the app is launched.
  • Choice: Consumers should be able to choose what is shared in every app. App developers are free to distribute their offerings on their terms, and I understand that some existing business models require the sharing of some information. But making users accept an all-or-nothing proposition isn’t always necessary. Instead, some apps could give users the flexibility to choose what they want to share and what they don’t. For instance, a user of a location-aware app may have to disclose his whereabouts but should be able to opt out of sharing information such as gender.
  • Accountability: Apple, Google and other retailers should offer users a master dashboard for privacy, then present app libraries based on what kind of data users are willing to divulge. (Google provides some helpful tools for its online users here; replicating that for mobile app users shouldn’t be difficult.) Distributors could even make apps available at various levels and price points based on what information a user is willing to share. Consumers willing to divulge all sorts of personal information could download free, ad-supported games, for instance, while those wanting to keep their information private would be charged a few dollars for the same game. And app distributors must aggressively enforce their own policies.
  • Compliance. The industry needs to embrace a standardized system for identifying the apps and developers who play by the rules, creating a way to assuage the concerns of consumers and those who want to protect them. TRUSTe earlier this year launched a certification system for apps that meet certain requirements regarding sharing user data. I don’t know that TRUSTe’s solution is the right one, but something must emerge. Even Apple, with its strict policing policy, can’t keep the junk out in a warehouse of hundreds of thousands of offerings. Google’s laissez-faire stance with Android Market is even worse. If Apple and Google can’t (or won’t) come up with a kind of Good Housekeeping Seal of Approval for mobile apps, somebody else needs to.

The bottom line is that the current system not only lacks transparency, it is flat-out deceptive to consumers. If mobile marketers and their partners don’t move quickly and effectively to clean it up, federal regulators and policy-makers will be happy to step in. And that’s a “solution” that nobody in the industry wants.

Question of the week

What steps should the mobile app industry take to ensure a legitimate privacy policy for users?