Rules for Mobile Data Privacy Lacking: Latest Research on Android and iOS Apps Proves It

This image described by iOS, Apple, Android, mobile advertising, rogue apps, TantDroid, online privacy, Screen shot 2010-09-30 at 4.20.01 PM

The digital world, especially when it comes to smartphones, advertising and distribution is still relatively new territory, especially when compared to much older mediums such as print. Rules and regulations are always being figured out, and sometimes it seems that the people in charge are still trying to figure out how things fit.

Collecting my data for advertising?

Mobile advertising, for instance, it’s fairly new ground where the rules haven’t quite been built yet. A recent test conducted by researches at Duke University, Penn State and Intel Labs has found that several popular Android apps actually transmit user data without clearly informing them of what is happening. For their study, they built an application called TaintDroid, which can discover whether or not an app is sending what can be potentially sensitive information to remote servers. 

While the intent may not be malicious, being that most of these are just ways of targeting relevant ads to certain consumers (this is much like what has been going on with the internet for several years now) it may raise a brow to see how easily personal data can be transferred without a user realizing it. The other issue here is that it becomes apparent that there are no clear guidelines for when such action is acceptable or when it’s just snooping through sensitive information that belongs to the user. After all, this is the kind of thing we have come to expect when browsing the internet, which is pretty much just a huge public area, but how about your smartphone for using a free wallpaper app as was the case a few months ago? That same application was removed and reviewed by Google. It was later found that the makers meant no harm and there was no malicious intent and the application went back online. Even so, Google is no stranger to removing apps it deems suspicious or dangerous, even direct from user’s phones and sending them a notification.

How about Apple?

This image described by iOS, Apple, Android, mobile advertising, rogue apps, TantDroid, online privacy, Apple-iad-vs-admob

Apple isn’t immune to security issues either, even apps that make it through their approval process can turn out to have potentially dangerous problems. iPhones can become even more vulnerable when users who jailbreak their phone don’t protect their device properly.

Apple’s advertising guidelines mention such regulations for third-party ad networks by saying the following in their TOS:

3.3.9 You and Your Applications may not collect, use, or disclose to any third party, user or device data without prior user consent, and then only under the following conditions:

– The collection, use or disclosure is necessary in order to provide a service or function that is directly relevant to the use of the Application. For example, without Apple‚Äôs prior written consent, You may not use third party analytics software in Your Application to collect and send device data to a third party for aggregation, processing, or analysis.

Still, we are not entirely sure that they are enforcing those a this time since news came that AdMob CEO Omar Hamoui spoke at the MobileBeat conference saying that it didn’t seem that Apple was yet pushing these regulations. (Editor’s Note: Apple recently changed their stance on that)

More surprising was a recently published paper that showed that 68 percent of the top free applications in the App Store “were transmitting UDIDs to servers under the application vendor’s control each time the application is launched.” Each iOS device’s UDID is unique and cannot be changed. In addition, the transmission is out of the user’s control short of not using the app altogether.

What now?

Advertising brings in money. It’s hard to say no to money. If this allows companies to use more relevant ads on people, even if it means collecting private data, you can bet that companies will fight to ensure that this remains fair game.

Even so, end-users should be given say in what data they share with advertisers. This because if companies like Google, Apple and the rest of the mobile software providers and advertising networks’ operators do not allow for privacy controls, they may quickly receive the same backlash from customers that Facebook did for their attitude towards user privacy. Interestingly enough, the certain tools on a jailbroken phone can prevent certain data from being shared. 

About 8bitjay

Google + Profile