Commentary

Privacy In The App Age

The mania over mobile apps is not going to abate soon. Even as the Apple app store seemed full to the brim, the Android platform is getting serious traction with developers, and Microsoft is repositioning Windows Mobile's next iteration as an app-centric operating system. And perhaps you didn't hear -- but deep background sources tell me that a new portable tablet-sized device that runs apps just came in under the radar this past weekend. But if anyone asks, you didn't hear it from me.

The mobile app model raises a number of interesting issues regarding data ownership and privacy. Location-based services (LBS) came into their own this year as apps like foursquare, Yelp, Gowalla, Loopt and others let users "check-in" from specific places. This process not only leaves a trail of usage data, but also leaves open a number of questions about who gets to see and retain this information about your usage. Mobile media is a complex stack of technologies and partners that now include the carriers, the mobile ad networks, the app operating system makers and literally hundreds of thousands of apps and scores of thousands of third party app providers.

advertisement

advertisement

I asked an old friend of Mediapost's, Alan Chapell of Chapell & Associates, about the state of mobile privacy and data handling under the new regime of apps. Alan chairs the Mobile Marketing Association (MMA) privacy committee and is himself a longtime consultant on privacy issues to online and mobile companies.

So who handles and owns all of this new kind of location-based data? "The bad lawyer answer is, it depends," says Chapell. "In many respects, all of them hold at least some of it." Traditionally, and before we grew this new app economy, the carriers pretty much had the ownership of usage data, and they controlled the programs and communications that came through our mobile handsets.

"LBS standards to data have fallen under the jurisdiction of the CTIA (Cellular Telephone Industry Association)," says Chapell. Two years ago, the CTIA issued a fairly rigid set of privacy guidelines around LBS that were recently revised. They involved giving the user notification and choice about being tracked. As Chapell points out, however, the new generation of LBS apps usually involve the user in a much more open but controlled release of their own data. "In an example like foursquare, you have a user who makes a choice to say that here I am going to check in, and here I am not. Here I may check in, but not share it with anyone. Here I may check in -- but share it with Facebook and not Twitter."

But the app economy and supply chain add a wrinkle to privacy that many of the early policymakers didn't anticipate - namely, the emergence of open and semi-open systems that move the center of gravity away from the network operators who once had tight control over just about anyone who wanted to get to consumers through the phone deck.

The MMA had great early success in tamping down potential irritants like SMS spam and shady content subscription models because the carriers could enforce "guidelines" for mobile commerce on everyone. MMA guidelines on how vendors could and could not sign people up for things like ringtone subscriptions and such were enforced in the U.S. by all the carriers who refused partners who wouldn't abide by them. The app universe breaks that control.

"I often compare the carriers to Boss Tweed," says Chapell. "It is easy to point fingers at them and say that they were the cause of all the problems in the ecosystem. But as the control has been wrested away from them, it makes things a lot more complicated and potentially more open to evil-doers of the world to come in and mess things up. It is not just the app world, but the Apple world and Google world. If you now control the operating system and you have things going on top of the operating system that are outside the carrier's control, then that is a whole different world."

The dirty little secret of the otherwise wondrous mobile app platforms is that no one really knows yet how to handle the layers of user data going every which way, including the most sensitive data point of all - where you are at any given moment.

Who owns this data point? Apparently, a lot of people. But then who is responsible for the privacy protections around the data -- and how many hands along the way touch it? Just because you want your friends to know that you were at a particular bar on Friday night doesn't mean you want marketers associated with the carrier, Google, Apple, or foursquare to know and act on it.

Where does a consumer go to opt out of this? Just a few years ago, carriers were really the main holders of this data, and most of them were too terrified of ticking their users off to let marketers get anywhere near it. Now, it doesn't really matter much what the carriers want. They are only one link in a chain.

Who in this system of hundreds of thousands of apps would enforce privacy and data handling policies? "It is going to have to be a bunch of folks," says Chapell. "It has to be the operating system folks. It is whoever controls the apps. It's whoever controls the pipes, which includes the carriers, but now on a lot of phones you have Wi-Fi. Even search providers and browser makers all have some ability and some control. And it is not entirely clear to me that mobile will head in the same direction as online media and develop the exact same set of standards."

Chapell tells me that the MMA is about to rethink its guidelines to account for a new universe of apps and start addressing some of the issues that the cross-industry consortium of IAB, 4As, DMA and Better Business Bureau are doing online. He suggests that some of the controls for LBS will revolve around data retention and especially how long entities hold and build your trail of locations. "I think mobile becomes a third rail for privacy issues when location bits are personally identified and tracked over a long period of time. But I think that if one can keep the retention period down, then the creepiness factor goes down significantly."

Perhaps. But in order to get there, we need to know who is holding which data, with what degree of personal identification, and with whom it is shared.

For now, and certainly for the next few weeks as the iPad enjoys our star-struck attention, the app market gets to dazzle us with its wild creativity. But at some point, even the mighty Apple, along with Google, RIM and their carrier partners will have to start to unravel this new daisy chain of user data.    

3 comments about "Privacy In The App Age".
Check to receive email when comments are posted.
  1. Robert Zager from iconix, inc., April 7, 2010 at 3:19 p.m.

    What about the state?

    http://news.cnet.com/8301-13578_3-10451518-38.html

    Should the 4th Amendment stand between my cellphone and the police? Should every American, suspected of nothing, be under government observation 7 x 24?

  2. Edward Hunter from Loop Analytics, April 8, 2010 at 9:21 a.m.

    The reality is, we can only complain so much about what data we reveal when we go out and by devices that basically 'tag' us anywhere we happen to go. Privacy and security, as I discuss in my blog entry about this topic on loopanalytics.com, is relative to the action taken. If you, for instance, absolutely wish not to be located electronically, your only course of action is not to own or use a device with those capabilities.

    That said, it is important that consumer data be treated correctly and with discretion. We feel at Loop that in order for brands and publishers to really succeed in mobile, they will have to have the ability to monetize content, and to do this a certain amount of data has to be collected.

    The more data, mind you, data that does not individually identify anyone, that is usable by the industry to monetize means the less the consumer has to monetize the content, similar to the web.

    However, where the web allows publishers and advertisers to get audited data on audiences via third party panels - these methods are not available on the mobile device, especially ones like iPhone and iPad.

    Conversely, the mobile device also allows 'uniqueness' to be understood completely, whereas the web has no solid methodology to do this.

    So this data must be collected - and leveraged - to a certain extent in order for this broad adoption of the mobile smart phone to continue without costing consumers an arm and a leg.

    What we need to be vigilant and intelligent about is what we reveal about ourselves, and to ensure that who we reveal it to will use it responsibly and in aggregate form.

  3. Mim-woo Kim from I&IWorld, April 8, 2010 at 12:21 p.m.

    What a wonderful Google Apps? Google Latitude + Google Ocean = Real-time Fishing LBS Contents

    Have you heard about Real-time Fishing LBS Contents? We have proposed this Service Model to Google over 4 years ago. Real-time Fishing LBS Contents is Location Based Service for IPTV, WiMAX, Mobile. This Service Model was created in 2002 by I&IWorld. I&IWorld's located in South Korea. As you know, there're many people enjoy fishing in the world(about 5 hundred million). I&IWorld's Real-time Fishing LBS Contents is like these.

    *Main Functions*
    1.The underwater topography and 3D views with fishing spots
    2.Real-time fishing points tracing by GPS and angling direction guide
    3.Service the real-time fishing condition about fishing place(weather, water temp, depth etc)
    4.Angler Social network(such as Second Life)

    Everyone knows that Google motto is, 'Don't be evil.' Is it all right? Visit http://www.koreacontent.org/weben/index.jsp, and type 'Real-time Fishing LBS Contents'. Search http://www.koreacontent.org/co/i/iiworld/index.html. If you need more information, please send your email address.

Next story loading loading..
About the Author

Steve Smith is Editorial Director of Events for MediaPost