Mobile Data Privacy is Terra Incognita to Users and Developers
Pitfalls lurk for even savvy consumers
By Cameron Scott
February 24, 2012 — President Obama's move Thursday to establish a so-called Privacy Bill of Rights for the Internet can be seen as the consolidation of decadelong efforts by disparate groups to improve privacy protections via countless browser add-ons, settings and privacy policies. But while it's possible to guard privacy on the desktop, the rapidly growing mobile space is still the Wild West, with an almost endless landscape of privacy pitfalls that challenge even the most vigilant consumer.
Today's mobile phones collect an enormous amount of personal data -- from the user's email address to his or her location, contact list, calendar and even photos -- and tether it to a single unique device ID number. One location-based photo-sharing app reportedly activated users' microphones to narrow down their location beyond what GPS data could provide. There is as yet very little to protect the valuable data on these most personal of devices.
Given California's plan, and the major mobile platforms' participation in it, developers who market their apps in the App Store, Android Marketplace or any of the other major platforms will have to establish and disclose these policies, but there is still no requirement for them to limit the data they grab, store or share.
"The only piece of information that's restricted by the operating system is location information," said Ashkan Soltani, an independent researcher and consultant focused on privacy. The restrictions on what developers can share with third parties are minimal and not always clear.
As for protecting one's private data, "The industry tools don't even exist yet," said Jules Polonetsky, who runs the Future of Privacy Forum. For example, "It's nearly impossible" to opt out of tracking on a mobile device.
Data driving innovation
Ironically, unfettered access to hardware and data in smartphones has driven much of the innovation that has happened in the mobile arena. A flashlight app must have access to the phone's flash to work. Social networks need access to contact information to suggest friends for new users. And apps like Yelp use location data to ensure users get relevant information.