Skip to content

FTC finds kid apps’ privacy practices ‘disAPPointing’

The US Federal Trade Commission has turned this week’s wakeup call about mobile-app privacy into a conference call, adding kids’ privacy to the conversation. The title of its just-released report “Mobile Apps for Kids: Current Privacy Disclosures are Disappointing” (that’s the FTC authors’ cute italicization) summarizes the Commission’s conclusions well. But to make their point crystal clear, the authors state that their report is “a warning call to industry ["all members of the kids app ecosystem – the app stores, developers, and third parties providing services within the apps"] that it must do more to provide parents with easily accessible, basic information about the mobile apps that their children use.” That warning plus the Commission’s first COPPA-enforcement action against a mobile app developer and the notice it issued that COPPA (the Children’s Online Privacy Protection Act) would be amended should make the signal pretty clear.

But they’re not done. This survey was just about what developers disclose (and don’t disclose) about their data practices. The FTC didn’t yet test what data, if any, kids’ apps actually gather and what they do with it if collected. That’ll happen in the next six months, the authors say – as well as a look at “whether there are COPPA violations,” “whether enforcement is appropriate,” and whether the industry has heeded this first warning.

This week possibly a tipping point

That was the kids’ apps part of this week’s call for better mobile privacy. What started this latest conversation was a programmer’s discovery that an iPhone/iPad app called Path “automatically uploaded your entire address book to its servers. Without asking,” according to Joshua Topolsky at the Washington Post. The difference between this and Facebook privacy flaps in the past, he writes is like the difference between one big fish and a whole school: thousands, maybe tens of thousands, of apps “dealing with the same kind of access to your data that Facebook enjoys but with far less scrutiny.”

This plus the FTC report could represent the tipping point for the mobile app industry (including app stores). Sure, Path’s CEO “quickly apologized for the practice and immediately issued an update that removed the offending functionality,” the Post reports, with Path promising “to delete any data it had stored.” But if it takes this week’s kind of scrutiny for a company to get it right, what can app users count on, with 500,000+ apps in Apple’s App Store and 400,000+ in Google’s Android Marketplace? How can the app stores and the industry as an “ecosystem,” as the FTC put it, help app developers with good privacy practices rise to the top? Global coverage of bad practice out of Silicon Valley + a US government report may add up to a tipping point for app privacy in general.

Avoiding the bad apps

Larger companies may help. TrendMicro says it will be helping cellphone owners and app stores identify apps that very definitely should not rise to the top. The computer security firm just announced new “cloud-based” (not-installed-on-phones) technology that analyzes apps for “malware threats, privacy risk, and resource consumption impact [battery life, memory, bandwidth],” the company’s press release says. I’m not sure how parents will be able to use it yet (will let you know as soon as I hear back from TrendMicro), but this is a sign of a developing privacy-protection ecosystem. Apple apparently has plans too. In a separate article, the Washington Post reports that Apple is planning to release a product called Gatekeeper that will “give users more control over the apps they download” to iPhones, iPod Touches, and iPads.

Maybe next steps for mobile data protection are 1) a service that – in addition to detecting app code that places bad stuff on your phone, as TrendMicro’s does – one that detects app code that sucks data out of it, and 2) a community or service that identifies and celebrates apps with good privacy practices.

Related links

Share

Leave a Reply

You may use basic HTML in your comments. Your email address will not be published.

Subscribe to this comment feed via RSS