July 9, 2012

Mobile Apps Collecting Data, Causing Security Concerns

Enid Burns for - Your Universe Online

Consumers who worry that their carriers collect data from every action on the phone have a new cause for concern. Mobile security firm Lookout published its first Mobile App Advertising Guidelines in an attempt to provide a framework of best practices in a still unregulated industry when it comes to ad insertion, and collecting data on those ads.

The company drafted mobile app ad guidelines in an effort to encourage a healthy mobile ecosystem. Lookout warns against app publishers that use data for unwarranted purposes, or push "out-of-app" ads that appear when the app is not even open. If some of these practices continue, consumers will be either turned off or afraid of mobile, which will hurt the mobile platform.

"Mobile has become the dominant computing platform in an incredibly short amount of time, changing the lives of people around the world and creating a booming economy for businesses and app developers. In order for these great benefits to continue, everyone in the mobile ecosystem must respect individual privacy choices and hold user experience in the highest regard," said Kevin Mahaffey, CTO and co-founder of Lookout, in a company statement.

Beyond out-of-app ads, Lookout says that over the past year mobile app publishers have adopted aggressive behavior that includes changing browser and desktop settings, and accessing personally identifiable information. Some mobile app publishers and mobile networks go so far as to collect email addresses and phone numbers from user without permission, according to an article on Reuters . These actions are often done without suitable notification or transparency to consumers.

Actions such as those listed will wear down any confidence consumers have in the mobile platform, and could affect how consumers use their phones and other mobile devices.

"People want to have confidence and trust that they're not being compromised while on devices that have access to their most personal information," said Jules Polenetsky, director and co-chair of the Future of Privacy Forum, in a statement from Lookout. "For many years, desktop users were plagued with programs that triggered pop-ups, added unwanted toolbars, and changed homepages. These guidelines make it clear, while mobile marketing business models and practices are still developing, some practices are out-of-bounds. That's good news for both consumers and responsible businesses."

Guidelines set forth by Lookout aim to set up best practices for the ad providers. They include:

  • Provide comprehensive, radable privacy policies and related FAQs to their app publishing partners, making educated integration for app developers.
  • Provide a conspicuous opt-in or opt-out for users within the mobile app if the ad network intends to access personal information like phone number, email and name.
  • Provide clear attribution to the host application for ads that appear out-of-app. In addition, ad providers that modify browser settings or ad an icon to the mobile desktop must provide a readily available and actionable opt-in/opt-out mechanism to users before such behavior is triggered.
  • Move away from using permanent, unchangeable device identifiers and move towards using independent and/or temporal device identifiers that provide the same level of functionality with respect to targeted advertising.
  • Do not collect device identifiers that are tied to mobile subscriber identities, unless the collection of such identifiers enables a demonstrable feature or service for the user.
  • Securely transport personal information, including device identifier data and personal information.

While best practices and guidelines may be needed in this area, compliance is strictly voluntary. Lookout is issuing these guidelines to help the industry, but also gain visibility in the mobile industry. Mobile advertising and best practices are governed by the Mobile Marketing Association and the Interactive Advertising Bureau, two organizations that work to keep online and mobile marketing practices in the best interest of consumers.

The Mobile Marketing Association has established best practices in the area, including the MMA Mobile Application Privacy Policy Framework, code of Conduct for Mobile Marketing, Mobile Advertising Guidelines 5.0 and Consumer Best Practices.