• by Wendy Davis , Staff Writer @wendyndavis, January 10, 2013

California Attorney General Kamala Harris has issued new mobile privacy recommendations for app developers, ad networks and platform providers.

"The mobile environment ... poses uncharted privacy challenges, such as the difficulty of providing consumers with meaningful information about privacy choices on small screens and the many players who may have access to sensitive user information," Harris says in the report, which was issued today. "These are challenges that we must confront and that we must resolve in a way that appropriately protects privacy while not unduly stifling innovation."

The 22-page document, which aims to set out best practices, goes well beyond current law. The recommendations, based on fair information principles, advises developers to curtail their collection of personally identifiable data and sensitive information. The report also takes quite a broad view of personally identifiable information, saying that it can include geolocation data, call logs, address books, medical information, photos, and Web browsing history.

Developers should not only make their privacy policies readily available, but also should use "enhanced measures" to inform users about any unexpected practices or any collection of sensitive information, the report advises.

As for ad networks, Harris advises them to share their privacy policies with app developers as well as consumers. The report also says ad networks should "avoid delivering ads outside the context of the app," such as by placing icons on the mobile desktop. Also, the Attorney General recommends that ad networks use app-specific or temporary device identifiers, rather than unchangeable identifiers.

At this point, these suggestions are just that. California law only requires Web site operators -- which Harris says includes app developers -- to conspicuously post privacy policies. But even that modest requirement appears to trip up companies. Harris said last year that her office had informed 100 companies that their apps violated the law by failing to offer privacy policies.  Last month, she sued Delta Air Lines for allegedly offering an app without a privacy policy.