Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Privacy Concerns Go To Court

Posted by Soulskill on from the information-doesn't-want-to-be-quite-that-free dept.

An anonymous reader writes "From the article: 'Apple is being sued for allegedly letting mobile apps on the iPhone and iPad send personal information to ad networks without the consent of users.' Some of the apps listed are on the Android Market as well, but there is no mention of a similar problem for Google. One wonders if Apple could be persuaded to strip access to the unique phone identifiers from apps." A followup article with an industry lawyer suggests that this lawsuit could be the first of many as users push back against privacy intrusions by app developers and ad networks.

15 of 73 comments (clear)

  1. Finally by Anonymous Coward · · Score: 4, Interesting

    It's about time someone got tired of it.

  2. android asks the user for permissions by yincrash · · Score: 4, Insightful

    that is why there is no issue with google.

    1. Re:android asks the user for permissions by peragrin · · Score: 5, Insightful

      then why do so many android apps require internet access, and other information, even though they are just a simple game?, note pad, etc.

      people are use to clicking on yes to continue because that's what they have to do to get it to work. 90% of the population also clicks through EULA's without reading the first sentence. I know I do. I can't be bothered to read it, it would take far longer to read and understand than the contents of the program are worth.

      --
      i thought once I was found, but it was only a dream.
    2. Re:android asks the user for permissions by dreamchaser · · Score: 4, Insightful

      If you agree to something without reading it then it's your own damn fault if you don't like the outcome.

    3. Re:android asks the user for permissions by Anonymous Coward · · Score: 2, Insightful

      > Some people will say yes to anything that pops up.

      At some point, you can't stop people from being stupid. All you can do is provide a reasonable chance to avoid problems. If they INSIST on getting themselves in trouble by bypassing basic precautions, it's impossible to stop.

      App: "Using this app means you'll be kicked in the nuts."
      User: "Ok! That's fine."
      App: "Whack!"
      User: "OWWW! Bloody hell that hurt! Stop that!"
      App: "Dude, 3 seconds ago you said it was OK!"

      Seriously: that's plant-level intelligence, not human level intelligence. If people are going to act like that, they need to learn that there are consequences.

    4. Re:android asks the user for permissions by smpoole7 · · Score: 4, Interesting

      > then why do so many android apps require internet access, and other information, even though they are just a simple game?, note pad, etc.

      Precisely. But it goes a little deeper than that to me. I have an LG Ally (with Verizon), which is a lower-priced Android phone. I don't know if this can be applied across the board, but my experience so far has been a little troubling.

      Just to use the Market app, "background data" (i.e., constant access) has to be enabled. Why? Why can't that app simply "dial in," fetch the info, let me make the purchase, and disconnect? I keep Background Data disabled on principle, and yet: the You Tube app continually updates. I don't need Skype on my phone, but it's always re-enabling itself, and constantly "pings" the Intertubez.

      Most troubling of all to me is the Backup Assistant. (Do a Google on "disable backup assistant" and you'll see I'm not the only one who hates that thing.) Some of us don't *like* the concept of "cloud" computing. I realize that Google loves it, and in retrospect, I should have thought of that before trading my Blackberry for an Android-based phone. But I don't want my personal data stored on a computer somewhere in Alta Vista or Atlanta. That's MY personal data, and I don't want anyone else to have access to it.

      Which raises the question: WHY is Verizon/Android so anal about that Backup Assistant, and having constant Internet access, even when I've specifically disabled it? Call me suspicious, but it DOES make me wonder if they are farming marketable data from that stuff. (The only way to get rid of Backup Assistant, Skype and the You Tube apps, from what I've seen in the Android forums, is to "root" my phone, which will void the warranty.)

      --
      Cogito, igitur comedam pizza.
    5. Re:android asks the user for permissions by davester666 · · Score: 5, Insightful

      Um, you do know Blackberry's work, right?

      Unless the company you work for coughed up a lung to run a RIM server internally, all your personal data gets routed through RIM's "cloud" in Canada [which the US gov't likes, because they don't need any pesky warrants to access the data because Canadian's are so accommodating].

      --
      Sleep your way to a whiter smile...date a dentist!
    6. Re:android asks the user for permissions by Bigjeff5 · · Score: 3, Insightful

      Any app that is ad supported requires internet access. Most of the free apps are ad supported. Most of them work just fine if you have mobile data turned off (I'm sure a few are assholes about it - I haven't come across any), but the app is still going to try to use the internet to download advertisements if the internet is accessible - ergo the "this app requires network services" type messages. Any app that auto-updates will require this as well, ads or no.

      Some apps require access to the cell services in order to allow the app to handle incoming phone calls, for example. The app itself may have nothing to do with making phone calls, or intercepting phone calls, but the interruption from the phone call might cause the program to hang if handled incorrectly. So, it needs to access the cell API in order to handle the app correctly when you receive a call. Ergo "this app requires access to cell services".

      The warning allows you to do a little research if it concerns you and find out if this app is ok or if it is doing some funny business.

      Most people don't care.

      --
      Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
    7. Re:android asks the user for permissions by Bigjeff5 · · Score: 3, Insightful

      You should have noticed that the web browser doesn't work without background data either.

      You need a constant connection to browse the web, any idiot should know that. The market is just a fancy front-end for a website (you can actually access it on a PC, but you can only download from a phone).

      As for Backup Assistant and Skype, that blows. You should go see your Verizon rep. You know you're paying $2 a month for BA right?

      --
      Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
  3. UDIDs are here to stay by Bogtha · · Score: 4, Informative

    One wonders if Apple could be persuaded to strip access to the unique phone identifiers from apps.

    Apple won't do this any time soon. They are very demanding when it comes to backwards compatibility, and even if they kept the API but gave a dummy identifier, this would break many apps. The most I can see happening is that Apple may put a clause in their guidelines. But they did that already, and got criticised for it. It's possible that they could generate a different permanent dummy identifier on a per-app basis, but this would still break several uses for the UDID.

    Referring to the UDID as "personal information" strikes me as being quite inaccurate. It uniquely identifies a device, not a person. You cannot use the UDID to get any actual personal information unless the user gives that information. The only way to get personal information without the user's consent when you only have a UDID is for developers to collude; if a user gives personal information to one app that records it along with their UDID, then the developer of that app shares that information with another developer who only has the UDID, obviously that will work. But the same arguments mostly apply to things like IP addresses as well, and those aren't usually considered to be personal information.

    --
    Bogtha Bogtha Bogtha
    1. Re:UDIDs are here to stay by jolyonr · · Score: 4, Insightful

      There's no reason why iOS have to send the genuine UDIDs to the app developer. If the app requests a UDID for the device, iOS should generate a key that is unique for that device AND THAT DEVELOPER.

      So a developer can see if a user has (for example) used the previous 'free' version of their paid app, but these keys would be meaningless to other developers.

      It may still be possible for developers to find out the UDID through unauthorized means, but then the developer would clearly be breaking Apple rules and is at risk of being kicked out of the appstore.

      Jolyon

      --


      Please read my Canon EOS tech blog at http://www.everyothershot.com
    2. Re:UDIDs are here to stay by jolyonr · · Score: 2

      Hate to say this, but your new iPhone is going to have a different UDID anyway. As long as your old phone is backed up and your new phone authorized to your itunes account, you shouldn't have any problems either way.

      --


      Please read my Canon EOS tech blog at http://www.everyothershot.com
  4. Double charge by n_djinn · · Score: 2

    I am just sick of essentially being double charged by advertisers. I have to pay for data access on my device, then I am paying for the data transfer that the advertisers use and with wide open throttle, they will use a lot. That to me is NOT ok

    --
    I do not play in the middle of the road
  5. Even a calculator may want to phone home ... by perpenso · · Score: 3, Interesting

    ... then why do so many android apps require internet access, and other information, even though they are just a simple game?, note pad, etc ...

    Apps may report non-personal info that is used only by the app developer. For example is the device a phone or tablet, what version of the OS is being used, what 3D chip? Things that a developer may find useful in order to guide further development.

    Even a calculator might want to "phone" non-personal info home. I have a calculator, Perpenso Calc for iPhone and iPad. It offers scientific, statistics, hex and bill/tip functionality. An update will soon add business/finance functionality. I have *thought about* adding code that records the number of operations performed in each of these area and reporting back to a server. This info would be transmitted in annotated plain text so that anyone watching packets can verify for themselves that no personally identifiable information is being sent and that the data is as advertised. On the sever side the data would be anonymously logged, no IP addresses or anything else. The purpose of all this would be to see which calculator functionality (scientific, hex or business) is more heavily used, and to guide further development using the feedback.

    Again, I have *not* done this. Its just a thought. However I think this offers an example of a non-malevolent reason for virtually any app to establish a network connection. I am eager to hear community opinions, I encourage folks to post a response. Thanks in advance.

  6. Another article that makes me want to hug my n900 by Anonymous Coward · · Score: 2, Interesting

    And that is despite nokia ignoring it nearly to the point of deliberately sabotaging it, at the same time dragging their feet and mucking up its successor phone/platform. Its not that I trust them either, I'm sure some of their management is salivating about building up an "app empire" of their own to milk data from.

    I can install and run any PROGRAM* I want to do just about anything the hardware is capable of. There are some limits due to closed drivers and such, but the community is still managing to work its way around some of those. The biggest closed driver offender is the battery management but usb host mode is mostly working in spite of it. There are also some limits that are more about the lack of driver completeness rather than being closed, the wlan chip is a good example of this.

    I have full control over the PROGRAM* due to being root when needed, if it is particularly insidious it can be denied access to files/programs/networks/domains/etc or even lied to believe it is "online" when in fact it is safely jailed in a neat little sandbox.

    Its also quite nice to be able to run a browser with ad filtering, script blocking, user agent modification and whatever else needed for control freak websites, those are becoming really popular with developers now and really annoying.
    I can load the "full desktop version" of many sites much faster than someone next to me on the same network can load the dumbed down "mobile version", its amazing how much bandwidth can be saved and spurious dns queries avoided for the 50 different ad/tracking domains. I even still (mostly) eat my flash cake too! I can selectively run most embedded flash videos and avoid the rest of them, the burnt crust :)

    * "app" is a iMarketing crapware buzzword. Though it does match being a bastardized incomplete version of the word application, much like the half-arsed garbage that fills the "huge library of apps" often touted by the two main platforms. Its sad they expect people to pay for some of that absolute trash AND bend over to the spyware as well.