In the past few weeks,Â there has been considerable controversy about mobile applicationsâ€™ downloading data afterÂ it was revealedÂ that photo-sharing mobile application Path uploaded usersâ€™ entire address books without permission, and there wasÂ substantial public criticismÂ of the companyâ€™s actions.Â News stories reported onÂ the continuing problemsÂ with mobile applicationsâ€™ privacy and security programs, as well asÂ the culture concerningÂ such issues in Silicon Valley. And it was reported that social-networking service TwitterÂ also did not discloseÂ that it downloaded usersâ€™ data,Â as well asÂ Yelp and Foursquare, and questions were raised about how Apple allowed this secret data collection. Apple responded (pdf) to the complaints by stating that “Apps that collect or transmit a userâ€™s contact data without their prior permission are in violation of our guidelines” and that it would require explicit permission for apps to collect the address book information.
Then it was revealed that both Apple’s iOS mobile devices (iPhone, iPod, iPad) and Google’s Android mobile devices allowed apps to access users’ photos if users allowed location datasharing (in the case of Apple) or if the app can go on the Internet (Google). Now, Sen. Chuck Schumer (D-N.Y.) has asked the Federal Trade Commission to investigate Google and Apple over these privacy problems. In a news release, Schumer said:
â€œWhen someone takes a private photo, on a private cell phone, it should remain just that: private,â€ said Schumer. â€œSmartphone developers have an obligation to protect the private content of their users and not allow them to be veritable treasure troves of private, personal information that can then be uploaded and distributed without the consumerâ€™s consent.â€
According to reports by independent technologists, two separate loopholes, one in the Apple operating system and one in the Android operating system, allow apps to gather usersâ€™ photos. In the case of Apple, if a user allows the application to use location data, which is used for GPS-based applications, they also allow access to the userâ€™s photo and video files that can be uploaded to outside servers. In the case of Android-based applications, the user only needs to allow the application to use Internet services as part of the app for third parties to gain access to photo albums. […]
Two weeks ago it was revealed that some of the most popular applications for smart phones were routinely collecting personal data from usersâ€™ address books, despite policies in place from smartphone makers like Apple that explicitly prohibit such action without the prior consent of the user. After reports revealed this widespread practice, several applications announced they would end the practice. Questions remain, however, over the implementation of security policies employed by smartphone manufacturers and their oversight of applications sold on their platforms.
In a letter to the FTC, Schumer asked the FTC to launch “a comprehensive investigation to explicitly determine whether copying or distributing personal information from smart phones, without a userâ€™s consent, constitutes an unfair or deceptive trade practice.” Â Schumer also said, “I believe smartphone makers should be required to put in place safety measures to ensure third party applications are not able to violate a userâ€™s personal privacy by stealing photographs or data that the user did not consciously decide to make public.”