Request for FTC Investigation of Apple, Android App Flaws Fuels the Privacy Fire


Concerns about software applications for mobile devices that download user data without authorization seem to be hitting critical mass. or at least had generated enough publicity to prompt an influential member of the U.S. Senate to push for an investigation by the Federal Trade Commission.

The privacy transgressions amounted to a hat trick of alarming discoveries.

As we’ve noted, it was discovered last month that social network Path was collecting and storing address books from Apple (NASDAQ:AAPL) iPhones without their owners’ authorization. a couple weeks later, it was revealed that location-based apps were automatically copying and storing iPhone photo libraries to app developers’ servers without user permission.

And then last week, The New York Times discovered, upon consulting with app developers and security experts, that location-data apps on Internet-connected smartphones equipped with Google’s (NASDAQ:GOOG) Android operating system also copy photo libraries without user authorization.

Despite claims by Google that apps for Android phones are required to get permission from users to collect and store personal data like email, address book contacts, or a phone’s location, several developers hired by the Times to investigate Android location-based apps found that the apps don’t notify users that their photos are being collected and stored.

A tipping point or two

That seemed to be enough for Sen. Charles Schumer (D-NY), who early this week decided it was time to write to the FTC’s chairman, Jon Liebowitz, and request an investigation of “a disturbing and potentially unfair practice in the smartphone application market … Specifically, there have been reports about apps which allow a user’s photos, videos, location data, and address books not only to be accessed by the app (and its developers) but also copied in their entirety and used for marketing or other purposes. These uses go well beyond what a reasonable user understands himself to be consenting to when he allows an app to access data on the phone for purposes of the app’s functionality.”

Suffice to say, Schumer’s letter got the attention of more than Jon Liebowitz. Apple and Google officials contacted Schumer and, the senator told the Times, “were friendly and open to the idea that this ought to be changed.”

Internet and smartphone privacy has become a political hot button this year, and Schumer’s push for an FTC probe may be one of the most expedient ways to keep the need to address privacy issues from fading into the background.

“these uses go well beyond what a reasonable user understands himself to be consenting to when he allows an app to access data on the phone for purposes of the app’s functionality,” Schumer wrote in his letter to the FTC.

A backdrop of promises to do better

Schumer’s letter comes on the heels of other initiatives intended to pressure tech companies like Apple and Google into adopting stricter privacy policies. California Attorney General, Kamala Harris forged an agreement signed by Google, Apple, Amazon (NASDAQ:AMZN), Microsoft (NASDAQ:MSFT), Research in Motion (NASDAQ:RIMM), and Hewlett-Packard (NYSE:HPQ) that defines how app developers should handle personal data and encourages them to present their privacy policies in clear, understandable terms.

And last month, the White House issued Internet privacy guidelines intended to give social networks and Internet-based companies a chance to help develop rules for the data-collection strategies crucial to their growth.

Schumer asked the FTC to find out if Apple and Google are enforcing their own privacy policy terms. if not, he says, they should be required to implement safety measures that ensure that applications developed for their platforms can’t violate users’ personal privacy by any means, including by downloading photos and contact information without user authorization.

We’ll see how this works out. Experience suggests that a lot more regulatory and political pressure may be needed before these companies live up to the terms of their own privacy agreements.