Google to Apple Gird for FTC-Led Mobile-Privacy Crackdown

As the government clamps down on alleged privacy violations by mobile applications, Google Inc., Apple Inc. and legions of software developers are girding for fines and rules that analysts say threaten to stifle growth.

The U.S. Federal Trade Commission, which this month fined Path Inc., a social-networking site, $800,000 for unauthorized collection of user data, is investigating a rising number of mobile apps for privacy violations. California Attorney General Kamala Harris is stepping up scrutiny of app makers, and congressional lawmakers are planning legislation that would require programmers to bolster disclosure and data protection.

Developers rely on tools that track users’ whereabouts, surfing habits and buying preferences to pack their apps with ads and features. Yet, with vast amounts of personal data bought and sold over the Web, user privacy is at risk. Therein lies a conundrum: More fines and tighter rules to protect consumers could boost costs for small companies whose apps are fueling demand for mobile advertising, tablets and smartphones.

“Privacy measures could directly impact the development of the mobile-advertising market,” said John Jackson, an analyst at Framingham, Massachusetts-based researcher IDC. “Any legislative actions could lead to very heavy setbacks.”

That has big implications for Google and Apple, which together account for 91 percent of smartphone operating systems. Google’s Android is the most widely used software for the devices, followed by Apple’s iOS, according to IDC. The companies keep part of the revenue generated by app sales while making money from ads embedded in certain applications. Facebook Inc. and Twitter Inc. also make app versions of their social-media services available for download on mobile devices.

Safeguarding Data

These companies are taking steps to safeguard user data and lessen the likelihood of a raft of new rules.

Apple’s efforts include “limited ad tracking and the ability for customers to manage their privacy settings for location, contacts, photos and more,” said Tom Neumayr, a spokesman for Cupertino, California-based Apple.

The company vets all apps before they’re made available in its App Store and offers a tool called Restrictions, which lets parents prevent kids from installing or deleting apps, making in-app purchases and accessing certain other features.

Google updated its developer program policy in August to prohibit apps that disclose personal information without user consent. Facebook lets customers adjust settings so they can search and filter each piece of content that’s shared publicly.

Increased Enforcement

Increased enforcement and the cost of complying with new regulations could eventually push small developers out of business, Erica Sadun, an author of books on mobile-app development, said via e-mail. Even small fines can add up for fledgling companies that, according to estimates by GigaOM Pro, on average generate less than $500 a month from sales of downloadable apps.

“One-man shops may be driven under or may simply start avoiding anything that involves any user identification whatsoever,” Sadun said. “An onerous requirement would be a tipping point that could potentially sink the independent developer, and a hazy one would open them up to potential lawsuits.”

App makers are already feeling the heat. Path, which lets people form tight-knit online social networks, was penalized for collecting information from children without the consent of their parents. In response, Path closed its services to children under 13, and, by terms of the settlement, must commission independent privacy assessments every other year for the next 20 years.

‘Apps Failed’

The FTC fined W3 Innovations LLC $50,000 in 2011 for letting children publicly post personal information on message boards via apps like Emily’s Girl World.

According to an FTC review of 400 apps for kids, “most apps failed to provide any information about the data collected through the app, let alone the type of data collected, the purpose of the collection, and who would obtain access to the data. Even more troubling, the results showed that many of the apps shared certain information with third parties -– such as device ID, geolocation, or phone number -– without disclosing that fact to parents.”

More strictures are coming. The FTC’s revised Children’s Online Privacy Protection Rule, taking effect in July, will require app makers to get parental consent to collect information from children. That will result in about $10,000 in legal costs per developer, costing $270 million for makers of education apps for Apple devices alone, said Morgan Reed, executive director of the the Association for Competitive Technology, whose members include Apple, Facebook and Microsoft Corp.

Sensitive Information

“We recognize that app developers are small, but their size should not excuse their responsibility to consumers, given the sensitive information they may handle,” Christopher Olsen, assistant director at the FTC’s division of privacy and identity protection, said in an interview. “Certainly we’ll be active on the enforcement front.”

The FTC formed a mobile-technology unit about two years ago and has staff members looking at mobile apps at various divisions, such as the one focused on advertising, he said. The agency issued a 36-page report Feb. 1 with recommendations on how developers and app stores should protect users’ privacy.

Among the recommendations: companies such as Apple, Google, Microsoft, Inc. and Research In Motion Ltd. should set more privacy requirements for developers. For instance, it asked for real-time notifications to users whenever their personal information is accessed.

Trust Questioned

Congressional lawmakers are working on legislation this year that would tighten mobile privacy protection and improve disclosure. The Apps Act will be referred to a House Energy and Commerce Committee subcommittee, according to Andy Phelan, communications director for Representative Hank Johnson, a Democrat from Georgia.

The Apps Act asks developers to obtain users’ consent to terms and conditions governing collection of user data. It also gives the government oversight of how and when privacy notices should be provided to users.

States, led by California, are devoting attention to mobile apps as well. California Attorney General Harris sued Delta Air Lines Inc. in December for not posting a privacy notice within its “Fly Delta” mobile app. The suit seeks to stop Delta from distributing the app without a privacy policy and includes penalties of up to $2,500 for each violation.

“It was clear to us that a lot more could be done to improve the disclosures,” Olsen said. “Apps need to do more to avoid raising consumer trust concerns -- raising questions as to whether apps in general can be trusted.”

Before it's here, it's on the Bloomberg Terminal.