Mobile Apps Take Data Without Permission

by NICOLE PERLROTH and NICK BILTON,   New York Times

The address book in smartphones — where some of the user’s most personal data is carried — is free for app developers to take at will, often without the phone owner’s knowledge.

Companies that make many of the most popular smartphone apps for Apple and Android devices — Twitter, Foursquare and Instagram among them — routinely gather the information in personal address books on the phone and in some cases store it on their own computers. The practice came under scrutiny Wednesday by members of Congress who saw news reports that taking such data was an “industry best practice.”

The U.S. Congress recently sent Apple a letter asking how approved apps were allowed to take that information without users’ permission, especially when Apple’s rules on apps expressly prohibit that practice. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release,” say Apple’s Tom Neumayr.

Although Google forces Android developers to ask users for permission to access any personal data up front, they often are not told how the information will be used or how the company plans to store it. “It’s time for app developers to take responsibility for ensuring that users know what they’re doing, rather than leaving it to the platforms to play a game of Whac-A-Mole,” says Future of Privacy Forum director Jules Polonetsky.

Many developers are changing their apps before Congress steps in, making updates and warning users about how the information is collected.  …………………………..

Google has tools built into the Android platform that forces developers to notify people what data, if any, they plan to access. Once they have users’ permission, Android developers can access everything from a phone owner’s call logs to their text messages. But users of many apps — including Hipster, Locale, Uber, Yelp, Taxi Magic, Picplz, Scrabble and Waze — are often not told how the information will be used or how the company plans to store it.

“What separates malicious use from legitimate use is the element of surprise. If a user is surprised, that’s a problem,” said Kevin Mahaffey, Lookout’s chief technology officer, who said that in many ways, standards and rules for data on smartphones were still being debated. “It’s a new industry and it’s still in many ways the Wild West out there. The iron is still hot.”  User beware

Related Posts

Written by

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.