back to article Want access to mobe users' location, camera, phone ID? EXPLAIN YOURSELVES - ICO

Software developers should consider deploying "just-in-time notifications" to inform users about the imminent processing of personal data in mobile applications (apps), the Information Commissioner's Office (ICO) has said. The UK's data protection watchdog said that the pop-up disclosures were one way companies could explain …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    The ICO is a joke.

    1. Anonymous Coward
      Anonymous Coward

      Ho ho ho

      True.

      But Pop ups to let you know when your data is being used?

      That will pretty much make an Android mobile phone useless. You'd spend all you time deleting them from the screen, you'll never get to use the keypad for anything else.

      1. Anonymous Coward
        Anonymous Coward

        Re: make an Android mobile phone useless

        I'll avoid the obvious..... (nice feed line though!)

        From the article:

        "You could avoid excessive notification by remembering the user's choice for a certain time period before reminding them again," it said.

        1. Gannon (J.) Dick

          Re: make an Android mobile phone useless

          Yes, unfortunately "a certain period of time" is a little under 16 seconds if you are talking about people and largely irrelevant if you are talking about "things". This is because you want the identity of "things" to persist.

          http://www.rustprivacy.org/2013/education/popcalc.html

          The separation between the last of a first generation and the first of a second generation is about 16 seconds for a generation of 20,000,000. Google weighs identity and birth order; Grandparents measure "cute". Apps can't deal with "cute".

          Bloodlines are bloodlines, and customer lists are bloodlines, but Grandparents will tell you: there is no expiration date on "cute".

    2. Vimes

      It's interesting that there is no mention of the app stores themselves or why thy're allowing apps with questionable permissions to be made available in the first place. Why aren't they also asking why these permissions are being requested when an app is submitted?

      Take Apple for example: the best we can seem to hope for is being told when the app allows in-app purchases. There doesn't appear to be any mention of why the app will have access to in the app listing on the store. Google & Microsoft are almost just as bad: they tell you what the app will have access to, but don't provide any mechanism for selectively denying permissions.

      Incidentally I've actively complained to Microsoft over apps on their store that ask for excessive permissions but they don't seem to do anything about it. I can't speak for Google or Apple in regards to how they deal with such matters, but it would appear that Microsoft are so desperate for apps on their store that they are quite content to throw their customer's privacy under the bus if it means keeping the app count up.

      Those privacy related MS adverts really are a joke...

      It's all very well telling consumers to be careful, but they need the tools at their disposal to be careful beyond merely not installing something.

      But then I suppose this refusal to deal with the store operators and developers of the likes of iOS or Android is deliberate. App developers are comparatively small fry and easy to go after. Going after the stores would mean attacking Google, and as we've seen in the past the ICO does everything humanly possible to avoid that.

      1. A Non e-mouse Silver badge

        It's interesting that there is no mention of the app stores themselves or why thy're allowing apps with questionable permissions to be made available in the first place

        Plausible deniability. if the App stores don't look too closely at apps, they can't be blamed when things go wrong.

        The only reason App stores look at Apps at the moment is to protect their brand. It's got nothing to do with looking after the end-user.

        You need to remember that in the 21st century, you are not the real customer: The social media/advertising companies are the real customers. You are just an asset that the media/advertising companies exploit.

      2. P. Lee

        "Needs access to your contact book"

        Ah, but is that to allow you to send an SMS to a contact or is it to slurp and send back to the mothership?

        You can't know.

        Which is why we need a proper FOSS phone. It reduces risk.

        1. Terry 6 Silver badge

          Phone information

          So many of these posts mention the contacts list.

          Yet so many apps request permissions to access *phone calls*.

          Is it me, or are people missing a big point here.

          Vast swathes of apps are being allowed to monitor your actual calls for no good reason whatsoever.

          Not just slurp up contact lists, but see who we are actually calling.

          No one would allow a stranger to come round and put a tap on our phones; but we're OK being asked to allow every poxy little game developer to monitor our calls, just so that we can play their version of some trivial game.

    3. Fred Flintstone Gold badge

      The ICO is a joke.

      Not quite, but they can only exercise the powers they have. If law makers decide to neuter their effectiveness by denying them the tools and fines they need to be effective, you cannot blame the ICO for that. As organisations go, I have actually found them refreshingly accessible.

      1. Vimes

        @Fred Flinstone

        'They can only exercise the powers they have'?

        A nice idea, except they don't even do that.

        Bluecoat, 3uk, Vodafone, the list goes on. The ICO is not interested in any data sharing with the US despite the legislation there being so open to abuse it's ridiculous. This goes against one of their own precious data protection principles yet they still do nothing.

        They are a disgrace and a complete waste of space where data protection is concerned.

    4. This post has been deleted by its author

  2. Thought About IT

    Whenever I have a choice of apps to install, I choose the one that requires access to the fewest features of my phone, even if it's not the best. Why should a compass or torch app need access to my contacts?

    1. Adam 1
      Megaphone

      Dear Google,

      Please provide a way of:

      1. Allowing developers to explain next to each token the reason they need it. Some apps do this in the description or FAQ, but on the popup with a big red "We're not telling" by default will encourage some disclosure.

      2. Allow selective denial of permissions.

      Thanks

    2. Terry 6 Silver badge

      choice of apps

      @Thought About IT

      I particularly refuse to install apps that want access to the phone features ( calls etc. ). An awful lot do, even though they are nothing whatever to do with making phone calls.

      There is no good reason for games etc to want to be able to see who I am calling.

      1. RoninRodent

        Re: choice of apps

        Actually there is a reason most apps need to read "phone features". If you are playing the latest Angry Pigeons and somebody calls you how is the app to know it needs to step aside and let the phone app pop up so you can answer the call? It needs to read incoming call status which is part of "phone features".

        That said there is nothing stopping that app monitoring your calls and more explanation is which "phone features" the app needs access to as many other thangs are lumped under the same name.

    3. Anonymous Coward
      Anonymous Coward

      Why should a compass or torch app need access to my contacts?

      That's the bit I don't get about Android. Why will an app not install if it hasn't been granted all the permissions a developer seeks, and why is there so little control over it post installation? Is that so hard?

      Mind you, iOS has other issues here. You will get nagged forever if an app thinks it should be granted access, but at least you have some control - unless you install apps like WhatsApp whose first act seems to be exporting all your contacts to a US server (as far as I can tell).

  3. Tromos

    Retention

    For all the cited 'weird and wonderful' things the apps can do, I still see no need for the data to be retained at all. Yes, it will need some contact info if you are to chat with a friend, but it doesn't need to hang on to that data beyond establishing the connection. It obviously needs your location if it is to find your nearest restaurant but after the bit of co-ordinate number crunching, it can be discarded. Any and all retention of data beyond the minimum required to do just what the user requested and no more should require FULL disclosure of what data is being kept, for how long and what it is used for.

    1. Bronek Kozicki

      Re: Retention

      I will play devil's advocate: in both cases there will be some server, either to maintain the connection status of your friend and yours (so you can see whether or not he is available at the moment) or to process the map for you so that only the map of relevant part of Earth is sent to your phone. In either case the server will have some logs, so its use and misuse (eg. DoS, hacking attempts, load levels etc.) can be diagnosed. There is a good chance that these logs will contain portion of information that might identify you, and also things that interest you related to the service you expected (your chums handle you wanted to chat with, or location where you looked for restaurant etc.). Either way, these data will be stored, because it's immensely difficult to troubleshoot anything without baseline.

      Think about it as you would about data retention in case of shopping goods over the internet - your shipping details (if required) will be stored, as will be the invoice details, because that is necessary for both logistics and accounting. Or, in case I brought above, for operations. Unless of course we are talking about service with no operations to support. However many service require all of processing power, reliable network connection and memory capacity which your Android phone probably does not have. It is also easier to provide relatively seamless user experience if it is split into client and server part. So yeah, some retention of data (relevant to the service being used) is likely to be a necessity.

    2. John Smith 19 Gold badge
      Unhappy

      Re: Retention

      "Any and all retention of data beyond the minimum required to do just what the user requested and no more should require FULL disclosure of what data is being kept, for how long and what it is used for."

      Because you're not the customer.

  4. Anonymous Coward
    Anonymous Coward

    One would presume this is aimed...

    at tablet/mobile <CR> app developers but I would have gone much further and moved the onus on to Google / Apple directly, surely both of these are also complicit in every "All your data are belong to us" type install agreements.

  5. Anonymous Coward
    Anonymous Coward

    Like Cookies?

    Great, it'll be like the stupid cookies popup which is apparently supposed to "protect" us but actually just annoys 99.9% of web users who just ignore / dismiss them anyway, but requires an extra click or just takes up screen space. Stupid idea.

  6. BristolBachelor Gold badge

    I think the examples given need expanding. For example I am exempt as a private person storing the contact details of my friends a family. Surely as soon as a company accesses that data for their puposes, they ought to declare it and be registered (e.g. drop box needing access to your contacts - why? What do they do with info?)

  7. Anonymous Coward
    Anonymous Coward

    Facebook

    Maybe they need to look at the FB app for android which in its latest version wants:

    create accounts and set passwords

    add or remove accounts

    read your text messages (SMS or MMS)

    change network connectivity

    download files without notification

    view Wi-Fi connections

    connect and disconnect from Wi-Fi

    read calendar events plus confidential information

    add or modify calendar events and send emails to guests without owners' knowledge

    directly call phone numbers

    set wallpaper

    adjust your wallpaper size

    1. Jediben

      Re: Facebook

      Saw that update the other day. Not a hope in hell of me installing it. Read my SMS messages? Communications which are deliberately NOT on the same service as the one FB provides?

      Download files without notification?!

      That sounds more like a virus than a service to me.

      1. Anonymous Coward
        Anonymous Coward

        Re: Facebook

        The download files is apparently so it can fill up your local storage with video adverts which it will then inject into your news feed when you are not on a wireless connection - so that mobile users don't get it using up their mobile data allowance,

        The rest, like changing your wallpaper and interfering with your wifi connections, just strikes me as typical of the "fuck you" attitude towards privacy and personal rights that Facebook seem to have.

    2. AbortRetryFail

      Re: Facebook

      Yes, I also saw that in the latest update. I allowed it on my tablet that has no contacts, no email, no GPS and connects only by WiFi (it's a pretty crappy tablet but was cheap) but there is no way in hell that's going on my phone. I'll have to start using the website version on my phone I think.

  8. A Non e-mouse Silver badge

    Can't say no..

    It's not just about an App saying "I'm now going to slurp your contacts database. Click OK to continue". There is no "Don't slurp my contacts" button. A well written app would be coded so that if it didn't have a certain permission, it wouldn't offer a certain function. But App developers are either lazy or greedy, and just plain refuse to allow you to say "No".

    1. Adam 1

      Re: Can't say no..

      In principle you are right, but it is not possible for developers. The security model requires all permissions to be identified in the manifest "upfront". There is no way for a developer to indicate whether a permission is mandatory or optional. There should be but there is not.

      For example, Bittorrent Sync requires has some pretty obvious permission request which the app would be useless without (full network access / USB storage). But it also allows you to generate a QR code to setup a sync folder. This means it has to request access to the camera. This means they either have to request that token, not offer the feature, or offer umpteen versions of the app with various combinations of permission requests.

      1. pigor

        Re: Can't say no..

        at the time being in both iOS and Android there is no mechanism for the developers to deal with partially accepted permissions.

        The OS should allow the user to accept only a subset of the permissions requested, and the SDK should provide APIs for the developers to know which of the requested permissions are granted and which denied.

        At the time being both mechanisms are missing. :(

        1. Steve Todd

          Re: Can't say no..

          Actually not true for iOS. You can revoke individual permissions (like notifications, contacts, location services etc). Attempting to access contacts the first time pops up a dialog asking if you want to allow it etc.

  9. Anonymous Coward
    Anonymous Coward

    The app writers and distributors don't help themselves

    by making it clear what the access is "needed" for.

    When you install, it just says "wants access to camera, contacts, location, etc etc."

    If, to take an example, a compass app said it wanted access to your contact list so that it could offer to show the direction to your friends house then the user would be better informed and could make a better decision as to whether the privacy/usefulness risk was OK.

  10. pigor

    ICO could do some real work for once

    ICO should go in each appstore (GooglePlay and iTube) and check every single application: read what permissions are asked and read the description.

    If the description doesn't satisfy the guidelines, they will have to ask Google (or Apple) to remove the application from their UK store.

    Failure to comply will mean a good fine for each violation.

    Pretty much what is done for DCMA takedown... in this way Google and Apple will be vigilant and the developers will start caring about what permissions they ask.

    1. Jamie Jones Silver badge
      Thumb Up

      Re: ICO could do some real work for once

      The appbrain ad detector program ( http://www.appbrain.com/app/appbrain-ad-detector/com.appspot.swisscodemonkeys.detector uses a backend database of apps to automatically warn you if you try to install an app with dodgy permissions (not just ads)

  11. Generic_Web_Guy

    Don't make me laugh

    This is the same ICO whose botched war on cookies has led to a zillion pointless pop-ups over UK websites (including this one). Nice earner for devs but does zilch for anyone's privacy (where's that 'no thanks' button, now?), just makes the host site look pants. I cannot wait to see how they're going to break my mobile apps without remotely stopping the providers from slurping my data.

  12. John Smith 19 Gold badge
    Unhappy

    So starting to see cracks in the Android & iOS "security" models then

    I don't own either so I've not had to deal with this rubbish.

    Here's a question.

    Would you accept if you were paid for this data?

    Because right now this multi $Bn industry is effectively built on data slavery whereby the people at the end of the chain (you) get no reward for the data the add companies sell to their customers.

    Incidentally this situation was predicted in a book by Bill Gates over a decade ago. His take was people would grant this access if they were paid for it and companies would compete on one side to offer the best rewards to people for the right to their data and on the other for how comprehensive a set of data they could offer their customers.

    What actually happened was the companies just took it anyway.

  13. Home

    An Idea

    It would be good when installing an app you were giver 3 choices

    1 Don't allow access.

    2 Allow access to real data.

    3 Allow access to false data.

    Don't allow access normally results in the app not installing, but the app would be unable to distinguish between access to the real or false data.

    1. Martin-73 Silver badge

      Re: An Idea

      That is an excellent idea. I forsee the advertisers fighting you tooth and claw to prevent it. But yes, good idea. It's also already possible to do this, kind of, in some cases.

      Example, many of my friends have only a mobile phone, their landline numbers are set as not the default, so usually I don't see that field, but I could enter the numbers of random government agencies into that field.

      I already do this on the desktop with sites that request non-essential information for spamming advertising purposes.

  14. John Smith 19 Gold badge
    Meh

    Hmm. Setting up a set of dummy data sources to feed to the app?

    Intriguing idea.

    1. Adam 1

      Re: Hmm. Setting up a set of dummy data sources to feed to the app?

      We could even use Dual_EC_DRBG to generate the longitude/ latitude for fake GPS :)

  15. This post has been deleted by its author

  16. Don Jefe
    Go

    JITPOD - An Opportunity

    It is annoying when politicians use terms and jargon that are terribly out of place. Oh well, but that isn't my point.

    As a professional forecaster of growth opportunities there's a huge opportunity here for an enterprising developer: Cloud based JITPOD compliance. (Just In Time Processing Of personal Data).

    Just like the Adobe Font Kit, you'd stick a script in your site and it pulls down a variety of pre-ICO approved message components that can be used as is or customized within the bounds defined by ICO and displayed on your site. That's the sort of thing that businesses, government agencies and NGO's eat up. It meets a need, requires no coding or code maintenance and it has 'cloud' in there so they'll probably offer you their daughter for the opportunity to buy it and brag about their compliance.

    One of you smart folks ought to do it. I have neither the time nor the interest.

  17. Anonymous Coward
    Anonymous Coward

    When will this whinging end....

    The price is "your data and privacy". Don't like it, don't use the tech or develop your own (good luck with that).

    Society would vastly improve if all members knew everything about each other. Privacy is an old fashioned notion no longer relevant in modern times. Looking forward to the passing away of the older generations and welcoming the younger generations that will be born into a more open society and will know of privacy only in history books.

This topic is closed for new posts.

Other stories you might like