In the past few weeks, there has been considerable controversy about mobile applications’ downloading data after it was revealed that photo-sharing mobile application Path uploaded users’ entire address books without permission, and there was substantial public criticism of the company’s actions. News stories reported on the continuing problems with mobile applications’ privacy and security programs, as well as the culture concerning such issues in Silicon Valley. And it was reported that social-networking service Twitter also did not disclose that it downloaded users’ data, as well as Yelp and Foursquare, and questions were raised about how Apple allowed this secret data collection. Apple responded (pdf) to the complaints by stating that “Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines” and that it would require explicit permission for apps to collect the address book information.
Then it was revealed that both Apple’s iOS mobile devices (iPhone, iPod, iPad) and Google’s Android mobile devices allowed apps to access users’ photos if users allowed location datasharing (in the case of Apple) or if the app can go on the Internet (Google). Now, Sen. Chuck Schumer (D-N.Y.) has asked the Federal Trade Commission to investigate Google and Apple over these privacy problems. In a news release, Schumer said:
“When someone takes a private photo, on a private cell phone, it should remain just that: private,” said Schumer. “Smartphone developers have an obligation to protect the private content of their users and not allow them to be veritable treasure troves of private, personal information that can then be uploaded and distributed without the consumer’s consent.”
According to reports by independent technologists, two separate loopholes, one in the Apple operating system and one in the Android operating system, allow apps to gather users’ photos. In the case of Apple, if a user allows the application to use location data, which is used for GPS-based applications, they also allow access to the user’s photo and video files that can be uploaded to outside servers. In the case of Android-based applications, the user only needs to allow the application to use Internet services as part of the app for third parties to gain access to photo albums. […]
Two weeks ago it was revealed that some of the most popular applications for smart phones were routinely collecting personal data from users’ address books, despite policies in place from smartphone makers like Apple that explicitly prohibit such action without the prior consent of the user. After reports revealed this widespread practice, several applications announced they would end the practice. Questions remain, however, over the implementation of security policies employed by smartphone manufacturers and their oversight of applications sold on their platforms.
In a letter to the FTC, Schumer asked the FTC to launch “a comprehensive investigation to explicitly determine whether copying or distributing personal information from smart phones, without a user’s consent, constitutes an unfair or deceptive trade practice.” Schumer also said, “I believe smartphone makers should be required to put in place safety measures to ensure third party applications are not able to violate a user’s personal privacy by stealing photographs or data that the user did not consciously decide to make public.”