Smartphones are booming with new features, powerful tools -- and a growing supply of privacy issues. To address this, the U.S. Federal Trade Commission (FTC) has released a new report with recommendations for privacy standards and practices. 

Thumbnail image for FTC report image 2513.png
The report, “Mobile Privacy Disclosures -- Building Trust through Transparency,” was released late last week. It follows a US$ 800,000 penalty the agency recently imposed on Path, a company with a social networking app that allows users to maintain and share journals. The agency said that Path took and utilized address book data without users’ permission, misled users about the information it was collecting and violated federal law by collecting personal data from children under 13 years of age, without parental consent.

Disclosures, Dashboard

The FTC report is based on the agency’s experience in mobile privacy, and on feedback from industry, academic and privacy group attendees to a workshop it hosted in May. The report is focused on recommendations to app developers, their professional organizations, ad networks and platform/operating system providers.

For platform providers, the FTC suggested that just-in-time disclosures be made available to consumers when geolocation, contacts, photos, calendar entries or other “sensitive data” is sought, and that users first agree. The FTC recommends a single dashboard, where mobile users can view, in one location, the content their apps have accessed, and adds that icons representing the transmission of user data, when it’s occurring, might be a good idea.

For platforms, ad networks and app developers, the agency suggested that a set of best practices be developed. These could include standardized privacy disclosures, information to educate developers, ways to enforce requirements, standards for disclosures about apps before they’ve been downloaded, standards-based compliance checks in app stores, and the like.

Learning Opportunities

Do Not Track

The FTC also recommends a Do Not Track mechanism for mobile users, which most of its board members have endorsed. As with a comparable mechanism for Web users on computers, it would allow users to avoid having their paths tracked through apps or through the Web and reported to third parties.

The agency also recommends standards by which the growing mobile ad networks might operate, such as clearly informing app developers exactly what user content is accessed by their ad code in apps.

Mobile privacy and security issues are growing, fueled by a steady stream of stories raising red flags. The FTC said that 57% of mobile app users have uninstalled an app, or declined to install one, because of privacy concerns.

In November, for example, security firm Symantec reported some free Android apps were being more aggressive in placing ads on a user’s smartphone than users might recognize. In July, another security firm, Lookout Mobile Security, reported that “select ad providers” of free mobile apps for Android devices were accessing personal data without users’ consent or awareness, including email, phone numbers and names.