Mobile app privacy controversies have dominated the technology headlines over recent weeks, but the push for tighter privacy standards may upset existing business models, which often use targeted advertising to subsidise the price users pay for the apps. Last month it was discovered that iPhone apps Path and Hipster were …
This is a particularly touchy topic for risk management if someone in the organization brings out an App that should be simply a PR gimmick. Add a few Ad libraries to make the App pay for itself, then when it comes to light what is happening the corporate name gets dumped into the nasty journalistic dogpile, and some glory hound senator demands to know "how can this be permitted?" The people that commission these Apps have no intention of allowing this sort of tomfoolery to happen in the background, but...
One small change..
That would make a lot of difference is if the apps had to say precisely why they need access to certain services, rather than just listing what services you blindly have to let them get access to - I was think of getting a spirit level app for my phone (so I can level my dSLR for landscapes) - it wanted access to identity, data and location services.
WTF? Why the hell would it need that?
I look at the supplied functions on my old (and still working) 6610i, alarms, reminders, stopwatches, timers - all of these functioned quite happily with out any other services - why, all of a sudden, do similar programs on "smart" phones, need your life history, where you are, who you know???
Re: One small change..
That's exactly what I'd like to achieve. I want to move us to a world where app makers say "we've got this feature, we need this data to make the feature work, and we only use it for enabling that feature".
Re: One small change..
PLUS, the installer SHOULD say "you can go ahead and install without giving us this data, but this feature will be disabled" and actually work that way.
Re: One small change..
I think _could_, rather than should. There will be some apps that are basically non-functional without access to some personal info. Imagine installing a turn-by-turn nav app without giving it location access.
Hmm - I'm not an Android developer so it might not be possible, but there looks to be an opportunity for something that blocks and/or monitors such things.
There might even be such things available already - time for a gander in the Android Market (sorry - 'Google Play'...) .
Re: Privacy app?
Before installing, Android owners are presented with the list of permissions an app requires, so the monitoring part is already done. As for blocking, just don't install an app if it can do things you don't want done.
The main problem are conflicts of interest
If you have an App-Store you have essentially 3 parties. One that makes software. Their intentions may or may not align with the ones of the other parties. Then you have the customer. Nobody cares about their intentions their sole purpose is to provide money. Third you have a market provider which may enforce it's own interests, e.g. by making sure they get their "fair share" or other rules.
What would be more sane would be to move to a community based system, like its done for Linux distributions. You can get your packets from one or more repositories. Each one of those repositories is "staffed" by people who are also users and programmers, so they are likely to have similar interests than you. And if they don't, you can just switch distributions and even start your own one.
This way you can avoid many conflicts of interest.
Re: The main problem are conflicts of interest
There's nothing to stop that model on Android. With Apple it's a different matter though.
The reality is, if you don’t accept the fact you’re a commodity, you can't use the app. It's not good enough, but will not get any better where money can be made. You are just cash to someone else. They don't care less about you or your "supposed right" to privacy.
The amount of 3rd party scripts that run on certain sites is unbelievable, thank God for NoScript.
Advanced search options too
The other day I spent a fair bit of time looking for a notepad app that didn't require connection to the internet etc.
Of course a lot of apps have "syncing with the cloud" as an additional service. But I specifically didn't want that. It took a while to find one.
Things that will never happen
"... "Surely it would be better to demonstrate to our customers that we can form an open, trustworthy relationship with them, "
The trust is entirely one way though, it's an unequal relationship.
The fact he refers to responses to privacy concerns as "knee jerk" suggest he's not being entirely objective either.
Unfortunately, to counter the "dodgy developer trying to steal our data" we need restrictions that will impact "honest developer who cares about a trustworthy relationship". Let the trustworthy guy in and we let in the dodgy characters too.
The only alternative I can see is some sort of licensing authority who will examine front end code, back end security and sign off. But that will be far too expensive.
- Apple stuns world with rare SEVEN-way split: What does that mean?
- Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
- RIP net neutrality? FCC boss mulls 'two-speed internet'
- Special report Reg probe bombshell: How we HACKED mobile voicemail without a PIN
- Sony Xperia Z2: 4K vid, great audio, waterproof ... Oh, and you can make a phone call