Simply Security - News, Views, and Opinions from Trend Micro

Posted on March 27th, 2012 in Privacy & Policy by Simply Security | Be the first to comment | Tags: Privacy

FTC comes down on mobile data privacy practices

The Federal Trade Commission (FTC) last week issued some strong words for mobile application stores and developers concerning their data privacy practices, noting that the details of how apps collect information – specifically from children – and how it is then used and accessed are not being adequately explained.

“At the FTC, one of our highest priorities is protecting children’s privacy, and parents deserve the tools to help them do that,” said Jon Leibowitz, the FTC chairman, in a statement. “Companies that operate in the mobile marketplace provide great benefits, but they must step up to the plate and provide easily accessible, basic information, so that parents can make informed decisions about the apps their kids use.”

In a staff report issued on Thursday, the FTC warned that mobile apps can collect a wealth of data on users, and though there are regulations in place that dictate how this information is used, the app world’s lack of transparency leaves many users in the dark.

This is especially disconcerting when it comes to children. Currently, there are thousands of entertainment, educational and other apps geared toward young children and teens on the Apple App Store and Google’s Android Market. The FTC noted that these apps can automatically collect a range of information from the device, including contact lists, geolocation, the phone’s number, call logs and other unique identifiers.

While parents bear much of the responsibility for ensuring their children are not accessing potentially intrusive programs, app stores and developers could make it easier.

“Right now, it is almost impossible to figure out which apps collect data and what they do with it,” Leibowitz stated. “The kids app ecosystem needs to wake up, and we want to work collaboratively with [the] industry to help ensure parents have the information they need.”

The FTC offered several recommendations in order to improve mobile data privacy practices. At the heart of each recommendation is a more active approach on the part of the app stores and developers to provide parents with information about data practices. This could include app stores offering a more consistent way for developers to share data collection information, or establishing a standardized system – such as icons or color coding – that indicate, for example, if an app connects to a social network or shares information for advertisements.

“As gatekeepers of the app marketplace, the app stores should do more,” the report stated.

Technology news provider InformationWeek offered several tips for users who want to keep their information more private. Basic security practices like screen locking and never leaving a phone unattended are easy ways to ensure the information stored on the device isn’t accessed by a stranger. But there are also several measures a smartphone or tablet user can employ to keep certain data out of the hands of third-party collectors.

Managing location settings is a simple way to keep geolocation information private. Many apps will ask for permission to use location information for various reasons. This is easy enough to block. But users can also take it a step further by completely disabling location services in the main menu of their phones.

This will sacrifice the functionality of some apps. Facebook, Twitter, Google Maps and Foursquare, for example, all use location information for various reasons. But by turning off location services for individual apps or all of them, users can keep their data more private.

InformationWeek also recommended users do “app due diligence” and review the permissions screen before downloading a new program. Though doing so can be somewhat cumbersome, the permissions page generally does explain what information an app collects and how it is being shared.

Users must also be mindful of where their apps come from. Apple is often recognized for its thorough review process before any app ends up in the App Store, but Android’s comparatively lax app control makes it vulnerable to programs containing malicious code. And if iPhone and iPad users jailbreak their devices, they open the door to downloading potentially harmful apps.

Finally, InformationWeek suggested that smartphone and tablet users encrypt the data stored on their devices. This provides an additional layer of security should a phone go missing or a stranger bypasses the device’s password screen.

“The smartphone privacy bottom line is the same one your mother taught you when you were growing up: Don’t trust strangers (or strange companies, apps, or networks),” InformationWeek’s Eric Zeman wrote.

While helpful, InformationWeek’s tips are not going to solve all the data privacy issues prevalent in today’s mobile industry, nor will the FTC’s recommendations. It will likely take a cultural change in which both apps developers and users recognize the importance of data privacy before the misuse of sensitive information is eliminated. However, both the news provider and the commission provide useful practices to help move the mobile industry in the right direction.

Consumerization News from SimplySecurity.com by Trend Micro