It seems unlikely to think that some of the more popular mobile apps would be taking personal and private data from your mobile and storing it on their own servers for whatever purpose they deem appropriate, but it appears that this is exactly what has been happening without either your permission or your knowledge.
As the world migrates to mobile and apps become more popular, the amount of people making use of social networks on their mobile phones has increased dramatically and shows no signs of stopping. Indeed, some of these apps work far better on a mobile than a desktop with the added functionality provided by geo-location and bar code scanning technologies. The growth in numbers of such installed apps shows no signs of stopping.
This week however, a plucky developer discovered that a social networking app he was using called Path was uploading the contents of his entire address book to their servers without his prior knowledge or consent. Further investigations have shown that other popular apps like Twitter, Foursquare, Instagram, Yelp and Gowalla have been carrying out similar practices, with Twitter admitting that it stores such data for up to 18 months.
Interestingly this appears to breach Apple’s rules on what apps are permitted to do to meet stiff approval rules for publication on iTunes. Members of Congress in the USA have taken this very seriously and put the question to Apple, who did respond, but in our view avoided answering the question. Following that an Apple spokesperson made a formal statement:
“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines. We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”
Seems like a bit of a cop out! Google claim that its Android operating system forces apps to ask for a user’s permission before allowing that app access to any personal data stored on the mobile phone. So while Android apps may well be harvesting your personal data, at least you’ve knowingly allowed them to do that – not so in the case of Apple’s iPhone, iPod and iPads.
Despite the industry trying to defend itself in claiming this is best practice, there could be some major fallout from this, and it raises some important legal questions. For example, if I have a list of all my business contacts on mobile phone, and also have these apps installed that steal my data without my knowledge, then I cannot vouch for the security of the data that I am keeping on my clients. In essence it seems that I may well be unwittingly in breach of the Data Protection Act.
This is scary times indeed and it seems likely that someone will test this data theft in court with some potentially interesting outcomes. Expect to see a raft of upgrades to your mobile apps as the developers attempt to sweep the existence of such data breaches quietly and quickly under the carpet.