Neither Apple nor Google are doing enough when it comes to addressing how iPhone and Android applications can access users’ private information, according to Sen. Charles Schumer, D-N.Y. On Monday Schumer called for the Federal Trade Commission to launch an investigation into reports that iPhone and Android applications can essentially steal data like private photos and address books.
Mobile applications for iPhone and Android can gain access to users’ photo libraries and, in some cases, share the photos online, according to New York Times reports. These followed reports last month that some applications on the iPhone and iPad could upload entire address books to third-party servers.
“These uses go well beyond what a reasonable user understands himself to be consenting to when he allows an app to access data on the phone for purposes of the app’s functionality,” Senator Schumer stated in a letter to FTC Chairman Leibowitz.
“It is my understanding that many of these uses violate the terms of service of the Apple and Android platforms through which the apps are marketed and sold,” Schumer added. “However, it is not clear whether or how those terms of service are being enforced and monitored. In fact, the abuses of apps have only come to light as a result of the work of intrepid independent researchers and technologists. As a result, it is users and their privacy who suffer.”
New Technology Means New Problems
Even with an FTC probe, a fix may not come quickly.
“This is the problem with new technology, it opens new doors that don’t have legislation,” telecommunications analyst Jeff Kagan told TechNewsWorld. “Until there is legislation, bad things will happen.”
However, this could bring attention where attention is needed.
“Operationally, there isn’t much the FTC could do besides threatening more privacy policy audits, but the damage has already been done,” Josh Crandall, principal analyst at Netpop Research, told TechNewsWorld. “Schumer’s request is simply another reason for the media to focus its attention on Apple and Google’s position toward user privacy. As a result, people are reading another story today that their personal information is being used by corporate America for their gain and not in the best interests of the users.”
However, the senator is taking the right step, according to Kagan.
“Nobody would want their private information being made public,” he added. “Private is private.”
And while Kagan explained that he doesn’t like when the government has to step in, this time there is no choice, he maintained. “The system isn’t so much broken as it has grown and needs some boundaries.”
Can’t Live Without It
As consumers’ reliance on their handheld devices has increased, so has the amount of info stored on those devices.
“Every time there is new technology, we get excited, everyone talks about it, everyone writes about, and we can’t wait to use it,” says Kagan. “The devices have gotten so hot that customers just can’t walk away. They’re addicted.”
While consumers might not want to walk away, they may have to wait for the issue to resolve itself.
“We’re pretty early in the cycle of mobile expansion,” says Igor Stenmark, managing director at MGI Research. “There is significant chaos that exists in terms of mobile privacy.”
The U.S. at this point lacks a data privacy framework, Stenmark said, but more attention will come from legislators.
Fixing the Problem or Fixing the System?
Even if the FTC steps in, and even if there is new legislation to protect the data, it may not prevent similar problems from arising in the future, Crandall said.
“Mobile platforms like iOS and Android are as sophisticated and difficult to monitor as PC operating systems,” Crandall told TechNewsWorld. “Malware and viruses on the desktop and laptop environment are as old as Windows itself. Apple’s tight control of its operating systems provides some additional security, but if a savvy, motivated application developer targets a specific function or feature, there are myriad ways of exploiting the software to try and tap it.”
Instead, the protection might not come from legislation, but from the companies directly.
“Apple, Google and the industry in general need to protect the user through a combination of business policies, software development and monitoring to combat third parties or their own developers from siphoning off content that’s intended to be private,” Crandall added. “Unfortunately, these data have economic value, and companies look for ways to maximize revenues for their shareholders rather than protecting users. The situation will only get better when companies figure out how to set up explicit, user-friendly content-sharing mechanisms that encourage greater engagement instead of undermining the trust users have by accessing personal content the company hasn’t been granted access to.”
Finally, there is the question that while Schumer is calling on a probe of Apple and Google, these could be the wrong targets.
“Smartphones don’t steal data, apps do,” said Stenmark. “The industry is going to have to figure out a way to police itself, and hopefully do it in advance of whatever congress is going to do.”