Mobile privacy: Cover yourself, even if users tend not to do likewise

A lesson app developers can learn from the Path privacy kerfuffle is that confirming every data access event is probably a smart move.

It's an odd quirk of Internet outrage that it often gets stirred up around fairly common events. All it takes is for somebody to point out (loudly enough) what is going on and the choruses of "What the @&%^#@?" can get deafening.

That's one way to look at the ruckus earlier this month over the "revelation" that the Path mobile social networking application was uploading iOS user's contact information without asking them if it was okay first. The fallout included an announcement by Apple that collecting contact information without user permission is against its policies (even though it wrote the OS that allows it to happen) plus a promise of a software fix, and of course the obligatory inquiries from headline-scanning legislators.

And then comes the aftermath coverage, like this piece at PCWorld that notes Path is in no way alone in the practice of accessing snippets (or even chunks) of "private" data for the purposes of promoting relevant content and offers to users.

Most observers agree that it's best if developers ask first before accessing information about you, and it's best that platform providers simply require it as part of their environments. This seems obvious enough. Android tends to be better about this than iOS, at least at this stage of the game. But lest we appear to be crucifying Apple, remember that ease-of-use (Apple's calling card) is always at odds with tedium like asking for permission to do nifty stuff in the background. (We can't help but link to this South Park gem, which is of course NSFW, here.)

ZDNet blogger James Kendrick notes that even when presented with a comprehensive list of app permission requests, most users will just say "yeah, sure" in their hurry to find the best Thai restaurant in the neighborhood. He uses the Android install permissions check for the Twitter app as an example, adding that some declarations may be a little unclear to many users (although "modify/delete USB storage contents" seems pretty lucid to us).

Kendrick also makes the comment that "Twitter is a well known service so it's no problem." Bear Stearns was a well-known financial services company. If users are truly concerned about their "privacy" — whatever that means in the era of social networking and smart advertising — they must be meticulous gatekeepers of their personal data, even with big boys like Facebook and Google. Path, after all, is no fly-by-night operation.

And as Kendrick puts it, many developers take a "CYA" approach about confirming every data access event, even if the OS does not mandate it. It sounds like a plan. Otherwise, you might find yourself getting an email from a concerned legislator one of these days.

Also read: Tech firms agree to privacy protections for mobile apps

Note: CNET, ZDNet, and TechRepublic are CBS Interactive sites.


Ken Hardin is a freelance writer and business analyst with more than two decades in technology media and product development. Before founding his own consultancy, Clarity Answers LLC, Ken was a member of the start-up team and an executive with TechRe...

Editor's Picks

Free Newsletters, In your Inbox