Personal Data: Most Top Apps Lack Privacy Policies
- by Mark Walsh @markfwal, May 13, 2011
Nearly three-quarters of the most popular mobile apps lack even a basic privacy policy, according to a new survey by the Future of Privacy Forum. The think tank found 22 of the top 30 paid mobile apps across the major mobile platforms including Android, iOS and BlackBerry had no policy governing use of personal data.
The finding comes as the U.S. Senate held a hearing on mobile privacy issues this week following much-publicized reports that iPhones, iPads and Android devices collected detailed information about users' locations. One focus of the inquiry by the Privacy, Technology and Law Subcommittee of the Judiciary Committee was the privacy of personal information collected and used by apps on mobile devices.
Discussion of that topic led to questioning on the lack of privacy policies for apps. An investigation earlier this year by The Wall Street Journal found that 45 of the top 101 iPhone or Android apps analyzed did not provide privacy policies on their sites or inside the apps at the time of testing.
"Without a privacy policy to review, consumers may not have the ability to understand and control the use of their personal data by the Apps," stated a blog post on the Future of Privacy Forum site. "And although privacy policies should not be the only way companies communicate with users about data use, posting a privacy policy is the essential first step for companies to take to be accountable for their practices of collecting and using online data."
The group's own analysis includes looking at the top paid iPhone and Android apps as of May 10, as well as industry standard reporting from mobile analytics firm Distimo. In addition to examining developer Web sites for app privacy policies, it also downloaded a sample of the paid apps to determine whether at any time during the download or installation process a policy was presented to the user.
Out of the sample tested, only one app -- "Angry Birds" on iOS -- had a privacy policy link from within the user interface, suggesting that including such a link will not affect the potential popularity of an app. Other titles in the study included "Doodle God," "Cut the Rope," "Vignette," "WeatherBug Elite" and "Chat for Facebook Pro."
The Future of Policy Forum maintains that developers at a minimum should have privacy policies for all apps."Once a consumer reviews a privacy policy, he or she can choose whether to install or continue using the App, a fundamental part of privacy control," stated its blog post. The nonprofit said it's working with the Center for Democracy and Technology to recommend other ways that developers can improve privacy practices to protect consumers.
In connection with the Senate hearing, the deputy director of the FTC's Bureau of Consumer Protection said in a prepared statement this week that the agency is also investigating mobile privacy, including children's privacy.
It makes sense that if laws do not require a privacy policy to be presented to the user, that many companies would not do so. Having a privacy policy to live up to can expose the company to sanctions by the FTC under Section 5 of the FTC Act.
Section 5 of the FTC Act prohibits entities from engaging in unfair or deceptive acts or practices in interstate commerce. If a company makes no unsubstantiated claims, it is less likely to draw FTC attention.
If the public and government do not demand a privacy policy, the industry will not go out of its way to draw attention to the issue. Not to say this is ethical or good, just risk management.