Apple Privacy Concerns Go To Court

An anonymous reader writes "From the article: 'Apple is being sued for allegedly letting mobile apps on the iPhone and iPad send personal information to ad networks without the consent of users.' Some of the apps listed are on the Android Market as well, but there is no mention of a similar problem for Google. One wonders if Apple could be persuaded to strip access to the unique phone identifiers from apps." A followup article with an industry lawyer suggests that this lawsuit could be the first of many as users push back against privacy intrusions by app developers and ad networks.

Finally

It's about time someone got tired of it.

android asks the user for permissions

[yincrash]

that is why there is no issue with google.

Re:android asks the user for permissions

[peragrin]

then why do so many android apps require internet access, and other information, even though they are just a simple game?, note pad, etc.

people are use to clicking on yes to continue because that's what they have to do to get it to work. 90% of the population also clicks through EULA's without reading the first sentence. I know I do. I can't be bothered to read it, it would take far longer to read and understand than the contents of the program are worth.

Re:android asks the user for permissions

[dreamchaser]

If you agree to something without reading it then it's your own damn fault if you don't like the outcome.

Re:android asks the user for permissions

[smpoole7]

> then why do so many android apps require internet access, and other information, even though they are just a simple game?, note pad, etc.

Precisely. But it goes a little deeper than that to me. I have an LG Ally (with Verizon), which is a lower-priced Android phone. I don't know if this can be applied across the board, but my experience so far has been a little troubling.

Just to use the Market app, "background data" (i.e., constant access) has to be enabled. Why? Why can't that app simply "dial in," fetch the info, let me make the purchase, and disconnect? I keep Background Data disabled on principle, and yet: the You Tube app continually updates. I don't need Skype on my phone, but it's always re-enabling itself, and constantly "pings" the Intertubez.

Most troubling of all to me is the Backup Assistant. (Do a Google on "disable backup assistant" and you'll see I'm not the only one who hates that thing.) Some of us don't *like* the concept of "cloud" computing. I realize that Google loves it, and in retrospect, I should have thought of that before trading my Blackberry for an Android-based phone. But I don't want my personal data stored on a computer somewhere in Alta Vista or Atlanta. That's MY personal data, and I don't want anyone else to have access to it.

Which raises the question: WHY is Verizon/Android so anal about that Backup Assistant, and having constant Internet access, even when I've specifically disabled it? Call me suspicious, but it DOES make me wonder if they are farming marketable data from that stuff. (The only way to get rid of Backup Assistant, Skype and the You Tube apps, from what I've seen in the Android forums, is to "root" my phone, which will void the warranty.)

Re:android asks the user for permissions

[davester666]

Um, you do know Blackberry's work, right?

Unless the company you work for coughed up a lung to run a RIM server internally, all your personal data gets routed through RIM's "cloud" in Canada [which the US gov't likes, because they don't need any pesky warrants to access the data because Canadian's are so accommodating].

UDIDs are here to stay

[Bogtha]

One wonders if Apple could be persuaded to strip access to the unique phone identifiers from apps.

Apple won't do this any time soon. They are very demanding when it comes to backwards compatibility, and even if they kept the API but gave a dummy identifier, this would break many apps. The most I can see happening is that Apple may put a clause in their guidelines. But they did that already, and got criticised for it. It's possible that they could generate a different permanent dummy identifier on a per-app basis, but this would still break several uses for the UDID.

Referring to the UDID as "personal information" strikes me as being quite inaccurate. It uniquely identifies a device, not a person. You cannot use the UDID to get any actual personal information unless the user gives that information. The only way to get personal information without the user's consent when you only have a UDID is for developers to collude; if a user gives personal information to one app that records it along with their UDID, then the developer of that app shares that information with another developer who only has the UDID, obviously that will work. But the same arguments mostly apply to things like IP addresses as well, and those aren't usually considered to be personal information.

Re:UDIDs are here to stay

[jolyonr]

There's no reason why iOS have to send the genuine UDIDs to the app developer. If the app requests a UDID for the device, iOS should generate a key that is unique for that device AND THAT DEVELOPER.

So a developer can see if a user has (for example) used the previous 'free' version of their paid app, but these keys would be meaningless to other developers.

It may still be possible for developers to find out the UDID through unauthorized means, but then the developer would clearly be breaking Apple rules and is at risk of being kicked out of the appstore.

Jolyon