Mobile Applications and Online Privacy

How Mobile Apps and Online Privacy are Intertwined

With Christmas just around the corner, millions of Americans are eagerly anticipating a shiny new iPhone, Android, Palm, or Blackberry under the tree. For anyone expecting such a gift this year or already in possession of one, it’s interesting to think about the past, present, and future of smartphones, the astronomical advances of this technology in only a few short years, and the seemingly endless cache of mobile applications just waiting to be downloaded.

According to a March 2010 Nielsen survey, 17 percent of Americans already own smartphones, with an expected jump to 50 percent by Christmas 2011. One year from now, half of the U.S. population will possess the latest technology in mobile communications, meaning tens of millions of new consumers for the burgeoning mobile application marketplace.

Unsurprisingly, a host of new and disconcerting online privacy issues have popped up, specifically tied to downloadable mobile applications, or “apps”. In this article, you will explore some known privacy flaws of smartphone apps, what the industry is doing about them, and how you can better protect your sensitive data from prying eyes.


A brief overview of mobile applications and online privacy

Since the launch of the Apple App Store in July 2008, the number of available mobile applications for the iPhone alone has increased from 500 to more than 300,000, according to internal data.

For the most part, Apple keeps tight controls over what mobile applications can be distributed to the marketplace, with a lengthy approval process for each new submission. iPhone apps can be rejected for various reasons, such as those related to content and functionality, though each rejection letter is subject to a nondisclosure agreement between Apple and the developer.

As a result, you only have limited information on what can and cannot be sold through the App Store, including mobile applications that contain obscene content, duplicate the functionality of existing Apple-developed applications, or are of “limited utility”.

Lesser known are the applications rejected or later removed from the App Store due to violations of user privacy. One of the first to be removed, a mobile game called Aurora Feint, disappeared from the App Store after Apple discovered that the program illegally gathered user email addresses and phone numbers. Upon updating its privacy policies to reflect the company’s collection of personal data, Aurora Feint was allowed back into the App Store.

In July 2010, Apple removed numerous, unnamed mobile applications from the App Store, citing widespread violations of online user privacy. Steve Jobs himself railed against privacy violations by iPhone apps in the same month, singling out Flurry Analytics for compiling sensitive information without proper disclosure to application users.

Despite Apple’s best efforts, a December 2010 investigation by the Wall Street Journal revealed that out of 101 popular iPhone and Android apps surveyed, 56 of them transmitted unique device IDs (UDIDs), 47 of them sent user phone locations, and five distributed gender, age, and other sensitive user information to unidentified third parties.

Perhaps surprisingly, there is little distinction between free and pay-for mobile applications when it comes to the collection of private user information. The same privacy situation – or lack thereof – applies to mobile applications available for Palm, Blackberry, and Android devices, though to a lesser extent.


Who gets your private data?

In short, data miners and Internet marketers purchase private data from various online entities to create highly targeted advertising for individuals, be it through unsolicited email, strategically placed banner ads, or other channels of direct communication. On its face, advertising relevant to your interests is not necessarily a bad thing, but it becomes worrisome when you don’t know how they got your information, where they got it from, how much of it they have, and who has it.

In the U.S., a company’s adherence to accepted international online privacy standards is largely regulated by private entities, either by the company itself or a trustworthy third party that specializes in the evaluation of privacy policies. Unfortunately, this leaves several loopholes in the process, all of which are frequently exploited. The present state of online privacy applies to all facets of Internet activity, whether on a desktop computer or smartphone.


How to guard against privacy breaches from mobile applications and online privacy

While you cannot ever be assured of total mobile privacy, primarily due to lax federal and industry oversight, a few steps can be taken to maintain better control of personal information.

Limit your downloads. This may be the toughest pill to swallow, but it’s easily the most important. Unless you are willing to read a given app’s privacy policy in full, it should be assumed that its revenue stream might include third-party data miners as a source. Along with this rule, it might be wise to delete those mobile applications that you rarely or never use.

Adjust all available internal privacy settings. For a detailed list of privacy issues concerning mobile phone Internet browsing, please see this article in the ReputationDefender Resource Center.

Be smarter than your smartphone. Above all, use common sense when downloading mobile applications. If it looks spammy, if it’s free, or if it comes preloaded with a host of advertisements, it may be a good idea to think about what you’re willing to give away, especially if you don’t know what sensitive information you’re giving away.

To read more on matters of mobile applications and online privacy or to protect your digital self, check out MyPrivacy from ReputationDefender.