FTC Tells the Mobile App Ecosystem: Don’t Play Fast and Loose with Consumers’ Privacy Rights

Linda Musthaler
By | February 08, 2013

Posted in: Network Security Trends

If you read either of my previous posts about (the lack of) mobile application security and privacy, you might think we are living in the Wild West as far as the onus being on the user to look out for his or her own best interests.   Well, we are.  It’s like there’s no sheriff protecting the community.

As the owner of a smart phone or tablet running mobile apps, it’s up to you to understand what the mobile apps on your device are doing with your personal information like contact lists and your geolocation. In the U.S. today, there is little oversight of platform operators and app developers who aren’t exactly forthright in telling you what information they are collecting off the device, and for what purposes they are collecting it. But that could change soon. The Federal Trade Commission (FTC) is hoping that players in the mobile app ecosystem will do the right thing when it comes to protecting privacy rights.

This month the FTC issued a staff report entitled “Mobile Privacy Disclosures: Building Trust through Transparency.” The report provides recommendations on how mobile application privacy can be increased through transparent and shared policies embraced by platform companies/operating system providers, application developers, advertising networks and other third parties, and application trade associations.

At this stage of the game, the FTC is only issuing recommendations and not pursuing the development of specific legislation. It’s a matter of letting the industry police itself before the government has to step in with enforcement. The FTC stresses that all companies involved in data collection and sharing through mobile devices – carriers, handset manufacturers, operating system providers, app developers, and advertisers – should work together to provide privacy disclosure using standard formats and terminology so that consumers can easily understand what the apps on their phones are really doing.

Industry action is already underway, spearheaded by the National Telecommunications and Information Agency (NTIA) within the U.S. Department of Commerce. NTIA is overseeing a multi-stakeholder process to develop a code of conduct on mobile application transparency. The process is a form of self-regulation whereby the participants are developing a universal code of conduct that can preserve privacy and protect consumers without impeding legitimate business applications for the mobile devices. Information about the group’s activities can be found here. (Note that although it’s a U.S. government agency that is leading this effort, the industry participants are baking in ways to make the policies they develop actionable in a global environment.)

The whole mobile application space has only been around for a few years. It practically exploded out of nowhere once the sales of smart phones and tablets really took off. With no regulation at the time, app developers have been free to do whatever they want. Now government oversight and industry guidelines are merging to ensure that consumers’ privacy rights aren’t violated. Legitimate members of the mobile app ecosystem will play by the new rules. However, with more than 2 million apps on the market today and the numbers growing daily, we have a long way to go to ensure privacy protection.

You May Also Be Interested In: