Congressional Committee on Mobile App Privacy

I had the opportunity to give my advice on mobile apps and privacy as a panelist for the 2012 State of the Mobile Net Advisory Committee. If you watch the video you will notice not everyone is in agreement with who should be responsible for your privacy–The App Developer, The Platform (iOS, Android, etc), or The End-User?  I certainly have my opinions as both a developer and a consumer of hundred of apps.  Click the image to watch the video:

Although ultimately it is up to the developer to protect your privacy and do no evil, I argued that the platforms are in the best position to protect your information.  Apple iOS guards your location and prompts you when an application tries to access it.  This works well and you have the ability to deny the app access.  This kind of protection could be provided to other areas such as your address book and calendar events which are currently wide open for apps to abuse.  Imagine downloading a flashlight app, only to have your entire address book uploaded to Spammers-R-Us.

The Android platform gives you a list of permissions an application requires prior to installation.  I like this but as I discuss in the video it has caused issues in my own apps.   I’m hoping a mix of both real time and installation time permissions find it’s way into both platforms going forward.  I feel when a technical solution exists to a problem, and I’m claiming it does, then that is the best approach–Not government regulation and certainly not 100 page privacy policies that nobody reads.

We discussed issues with apps like Path which uploaded your address book without first getting your permission (It does now).  The Girls Around Me App was also a major focus and although we all think it’s creepy, I’m the only one who made the point of what’s wrong with displaying publicly available information?  In this case, girls were not aware their location was being put out into the public by Foursquare.  That’s a problem with the social network and not with an application that just displays what is already online.  Education is key here.

Privacy has become a huge issue with mobile apps and will continue to be.  I’m looking forward to future versions of iOS and Android which will hopefully provide even better controls.  If we just leave it up to application developers to implement privacy controls then we won’t have a consistent standardized method to safeguard our privacy.  I want this across all of my applications.  What do you think?

3 thoughts on “Congressional Committee on Mobile App Privacy”

  1. >> What do you think?

    I think it’s incredibly important to improve Privacy levels. Right now Trust is at an all time low and heading lower. We’ve spent 6 years refining a solution for the web that aligns both the interests of the user (choice in what they share) with those of the content provider who delivers a free service in exchange for your privacy. The key to privacy is to find the right incentive – which gives a more fair exchange of value. The controls are simple enough to architect and the current HTTP protocol contains all you need to solve the problem (hint it’s in the abstract).

    If you’d like more details on our solution (iPhone & Android) please ping me offline.

    Cheers,

    Peter

  2. Hi Todd,

    Was just listening to tech411 where you address this. I just moved back to the US from living and working in Switzerland at the HQ for a major pharma company. In that position we had to deal with highly sensitive personal and medical data. It was interesting balancing the amount of controls the HQ Security office required vs the changing requirements of every country in the world. However, I believe there are common functional, policy (legal), and architectural level things that can be accomplished to keep people safe from malicious acts.

    I agree with what you said on the podcast about other countries maliciously using data, and I believe the US really needs to put harder controls to address data privacy for the reasons you state, but also so that parties that have my personal data may not profit from it because it is MY data. Additionally, I’m not a fan of companies capturing data and not gaining any value from it–especially given the latest global hype of “big data” from the big consultancies like Gartner and McKinsey.

    Give me a shout offline if you want to discuss the international stuff more…

    Chris

  3. Hey Todd, I met you briefly at MoDevDC, a quick Fighting Gravity conversation.
    Was checking out your apps and noticed this entry on privacy and the role of app developers. We’ve been talking about privacy a lot lately, we did a webinar with Morgan Reed from ACT about it and then last week our CTO spent the week discussing the topic with lawmakers during ACT’s annual Fly-In event. We recently started a podcast series discussing all things enterprise mobility. Just posted one today where our Andy and Pete Erickson from MoDevDC discussed a lot of topics including privacy. If interested in joining us for a discussion on this topic please drop me an email.
    Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *