Privacy advocates like to call mobile phones by a more menacing name: tracking devices. Mobile apps log the pages people browse, the products they buy, and the videos they watch. Many apps also note their users’ locations and, over time, glean their daily routines.
Concern about this kind of data tracking has pushed smartphones and tablets to the front lines of the privacy debate. Critics say companies need to do a better job of disclosing the kind of information they collect and with whom they share it. The industry, on the other hand, worries that too many restrictions could interfere with its growth.
“A lot of companies are trying to do the right thing and step up to the plate,” says Maneesha Mithal, the associate director of the Federal Trade Commission’s privacy and identity protection division. “But there’re a lot of practices out there not being disclosed to users.”
And there are a lot of users. Americans own more than 125 million smartphones and 50 million tablets. Among them, more than half have uninstalled an app or declined to download one because of worries about sharing personal information, according to a survey of nearly 2,300 adults last year by the Pew Internet & American Life Project. Meanwhile, one in five cell phone users have turned off location tracking on their device to prevent apps from logging their whereabouts.
Last month the FTC issued privacy guidelines for mobile app developers, which are intended to curb abuses. They’re not legal requirements, only suggestions. The agency proposes that app makers publish privacy policies that are easily accessible through app stores, which many already do. It also recommends that apps disclose whether they share user information with third parties like advertising networks, which is also fairly common.
The FTC’s most radical suggestion is that app developers get express consent before accessing such sensitive data as location information, calendar entries, and photos. In the agency’s ideal scenario, before consumers download an app they would get a pop-up notification that briefly explains the type of data to be collected. Those who are uncomfortable could decline to download. These are called just-in-time notifications, and they’re intended to supplement privacy policies, which most people don’t read.
Greg Stuart, chief executive officer of the Mobile Marketing Association, a trade group for mobile advertising companies, agrees that more needs to be done to enhance privacy. A lack of trust by consumers, he says, could hurt the industry in the long run. His group pushes its members to consider privacy before they start developing a new product, for example. Privacy policies are another important element that builds trust with consumers, he says.
Stuart’s group, which has issued its own set of privacy guidelines, supports more self-regulation. Collecting user data is important in making ads and content more relevant to consumers, he says, and in giving them a better experience. Sacrificing privacy and transparency is not required.
“It is difficult to place limits on an industry that is just coming into its stride and gaining momentum,” Stuart says. “Marketers will continue to be attentive and vigilant about privacy in general and define stronger policies so that consumers are aware of how their data trail is being used.”
That’s not necessarily true, according to Jeff Chester, executive director for the Center for Digital Democracy, a digital rights group, who adds that regulators should go beyond suggestions and pursue the industry’s intrusive behavior. Mobile phones are like “spies in our pockets,” he says. Quibbling over privacy policies does not address the fact that the companies are “harvesting tremendous amounts of data about our lives.”
Many apps stumble on privacy issues, particularly when it comes to apps for children. By law, companies must get parental consent to track minors under 13 and post privacy policies. In examining hundreds of children’s apps last year, however, the FTC found that only 20 percent disclosed anything about their privacy practices. Many of the apps, it turned out, failed to disclose that they shared location information and phone numbers with third parties.
Dan Grigorovici, CEO of AdMobius, a company that helps mobile publishers and ad networks better target their advertising, says the industry could do a better job of educating the public about privacy. Few people know they can opt out of tracking, for example, or what it actually means.
Grigorovici says AdMobius only sifts through data with no name attached. Instead, it builds anonymous profiles based on the apps individuals use, the content they look at, and their location over time. Someone who visits a number of states may be categorized as a jet-setter, for example. In all, his company has more than two dozen categories.
More regulation would create more standardization in the industry, Grigorovici says, but he raises concerns about some of the FTC’s proposals. For instance, just-in-time notifications could become annoying if they are too frequent or come in a variety of formats.
Still, “I wouldn’t mind a little forcing,” Grigorovici says. “We are a 15- to 20-year-old business, and we haven’t shown much proactivity.”