Users of mobile apps need more information about the ways those apps use their personal information, a group of experts agreed Thursday, but they didn't agree on who is most responsible for protecting user privacy.
Apple and Google can better police their app marketplaces, although both companies have several good privacy protections, said Todd Moore, founder of app vendor TMSoft, during a discussion on mobile app privacy at the State of the Mobile Net conference in Washington, DC. The operators of the iPhone and Android app marketplaces are in the best position to enforce privacy controls and set rules limiting the amount of information apps can collect, he said.
One app marketplace required Moore's sound app to have access to information about whether the phone was being used for a voice call, so that the app could turn off sounds during a call. Some TMSoft customers have questioned why the app wants that access, Moore said. "I don't want that level of access," he added.
But Ashkan Soltani, an independent security and privacy researcher, said app developers bear most of the responsibility for protecting privacy. App developers need to police themselves, given that many consumers don't understand the privacy implications of the apps they download, he said.
Girls Around Me app pulled over stalking concerns
App developers must embrace a set of standard privacy practices going forward, Soltani said.
Panelists debated Girls Around Me, an iPhone app that alerted users to nearby women, or men, who shared their location on Foursquare. App maker SMS Services voluntarily pulled the app about a month ago after concerns about stalking.
"We can try to exercise some maturity in app development," Soltani said.
One a scale of one to 10, Girls Around Me was "a 10 creepy," said Sarah Hudgins, public policy director at the Interactive Advertising Bureau, an online advertising trade group.
Wider effort needed to protect privacy of app users
Moore agreed that the app was creepy, but said several other apps use user-generated Foursquare check-in information to connect people. "What is wrong with displaying publicly available information?" he said. "Who's at fault for that?"
If US policy makers count solely on app developers to protect privacy, there will always be renegade developers who seek to exploit privacy, Moore added.
Hudgins called on a wider effort to protect privacy, including developers, mobile carriers, app marketplace operators and consumers. "This is a shared responsibility," she said. "At the end of the day, this has to be a community effort."
More detailed privacy notices, including why apps are collecting personal data, are needed, said Patricia Poss, chief of the mobile technology unit at the US Federal Trade Commission. The Girls Around Me case illustrated the point that many users of Web service and mobile apps don't know all the ways their information will be used, she said.
"A big piece of this is the invisible collection [of personal data] that consumers cannot see," she said.