Appolicious powers Verizon Educational Tools

FTC member suggests requiring ‘do not track’ feature for mobile apps

by Phil Hornshaw

Julie BrillThe Federal Trade Commission is pushing for stricter privacy protections for Internet users when surfing the web, and if some of those protections go into effect online, the mobile app sphere could be next.

FTC member Julie Brill suggested mobile devices should have a “do not track” feature built in that disables apps from tracking location data, personal information, call logs and other potentially sensitive info, during a keynote address to the American Center for Progress. The Washington Post has the story.

The FTC recently released a list of questions and answers called “Understanding Mobile Apps” on its website, OnGuardOnline.gov. Among other things, the document warns mobile app users that apps can access all kinds of information readily available on smartphones, and can track location data. Often these apps might be capable of, or even actively engaging in, passing that information back to third parties, like advertising companies.

The “do not track” feature is a controversial one when it comes to websites, and similar controversy could well-up in the app space if lawmakers press the issue. Sen. Al Franken, D-Minn., has already started the ball rolling on legislation that would protect the privacy of mobile users’ location data on smartphones. This follows a controversy in which it was discovered that iPhones, allegedly because of a software glitch, were storing unencrypted data on phones that basically amounted to a list of every location the phone – and by extension, its owner – had ever been.

Call for system-wide protection

Brill has also called for similar protections that would allow users to disable such tracking not just on an app-by-app basis, but system-wide with one button. This is somewhat possible on Apple’s iOS platform and Google’s Android – Android apps are required to list what functions on the phone they will be accessing when users download them. Here’s a quote from the Post story:

“(Brill) said the Web industry hasn’t done a good enough job to inform users clearly and simply when data about them is being collected. And while the FTC has stepped up enforcement of privacy violations, those actions come after potential harms are made and consumers need better preventative measures to protect them.

‘It is not reasonable to expect consumers to read and understand privacy policies – most about as long and as clear as the Code of Hammurabi – especially when all that stands between them and buying a new flat-screen TV, or playing the latest version of Angry Birds, is clicking the little box that says I consent,’ Brill said.”

Given the political pressure, it wouldn’t be too surprising to see Apple and Google create something in the vein of what Brill is proposing, although limiting apps from tracking user information is a little tougher than it is with web browsers. Many apps rely on things like location data for their functions – Foursquare, for example, could be construed as tracking location information, but that’s central to how it works. A big button that shuts down all tracking would also render many apps unable to work and could also require big redesigns on the parts of Apple, Google, Microsoft, Research In Motion and other mobile operating system providers.

At the same time, there’s more or less no regulation on the mobile app market at all at the moment, and lawmakers are seeing an area where their constituents need some kind of protection. The Apple scandal with location data is a really good example of what can happen – that data was being accessed by law enforcement officials, without warrants, in their investigations. Clearly, some compromise is necessary, and soon.