California Sues Delta Air Lines Over Mobile Privacy

New submitter mrheckman writes "California is suing Delta Air Lines for violation of California's on-line privacy law. Delta failed to 'conspicuously post a privacy policy within their mobile app that informs users of what personally identifiable information is being collected and what will be done with it' after a 30-day notice. Delta's app collects 'substantial personally identifiable information such as a user's full name, telephone number, email address, frequent flyer account number and pin code, photographs, and geo-location.' Why is it we still can't control what permissions an app has on our phones? It's absurd and disturbing that an app for checking flights and baggage demands all of those permissions."

you read the set of permissions.

[queazocotal]

You install or do not install.

Re:you read the set of permissions.

Or you get the hose

Re:you read the set of permissions.

[Sponge+Bath]

Yoda's wisdom that is.

Re:you read the set of permissions.

Why, though? It is trivial to use (though not to install) utilities like PDroid and DroidWall to control these permissions.

Why does a modern OS not give advanced users basic control of the sandbox settings? Is it to protect the user's interests, or is it to deliberately limit the user's control of their own device?

Re:you read the set of permissions.

[Mitreya]

You install or do not install.

You're thinking of the jungle
In a civilized society, there are laws that may actually protect consumers. This lawsuit is a demonstration of that
They should at least make it easy for you to figure out what they collect and what they may do with this information - and they have not.

Re:you read the set of permissions.

[Stalks]

The way I understand it PDroid is only available for a select few ROMs, mostly CyanogenMod and other variants. I was looking into it last week but I couldn't find a definitive way of installing it without also installed a 3rd party ROM. I'd prefer to keep the Samsung stock ROM on my i9100.

I ended up using LBE Privacy Guard, although not quite as good, it is doing some of the job I was looking for.

I had never heard of Droidwall, I'm going to look that up now, thanks.

Re:you read the set of permissions.

[Stalks]

Droidwall is just the firewall part. Good in itself, but is there a way of putting PDroid on the Samsung ROM?

Re:you read the set of permissions.

You install or do not install.

Orwell missed one: Participation is Approval.

Re:you read the set of permissions.

I installed PDroid with the Auto-Patcher, but

We do not support system.img, Odexed roms or Sense, TouchWiz or other OEM-skinned AOSP at this time.

, so you're probably out of luck.

Re:you read the set of permissions.

[Drathos]

Given that you have to enter all of the information that was listed (except the location) yourself, you know exactly what information it's collecting.

Re:you read the set of permissions.

You believe that to be true.

A civilized society can take many forms. Caveat emptor has been tried and is flawed. These flaws generally result in a backlash which drive people towards a nanny state. The nanny state is also flawed. It is the flaws in the nanny state which drive people to tear down social safety nets and return to the brutal efficiency of Caveat emptor.

It is a matter of personal preference in which direction government should lean between the two extremes, and it comes as no surprise to anyone which direction this effort by California leans.

California is a large enough market of consumers that the state government feels safe to make absurd demands like a bank robber in control of hostages.

Re:you read the set of permissions.

[Kazymyr]

Search the play store for an app called "permissions free". It can enable and disable permissions for any app on any ROM as long as you're rooted. I use it extensively.

Re:you read the set of permissions.

[davester666]

It's because the 'permissions' you grant aren't the ones that a person wants to permit or deny.

They don't want to specify if an app has access to the internet or their contacts. They want to permit sending the contact information over the internet to Google's server, but not anybody else's [as an example].

And nobody has/supports that kind of permission set [yet].

Re:you read the set of permissions.

[alostpacket]

Can you link to it? I find no app by that name in the Google Play store.

I was curious if it had the same issues and Xedeous and Stericson's apps have (namely, apps not expecting to be denied a permission and thus crashing). One of the ways around this I recall them trying was to feed fake data, but im not sure how well that worked -- I haven't tried them.

Re:you read the set of permissions.

[tlhIngan]

You install or do not install.

You realize that Google has been making it harder to do so, right?

First off, the "install" button is now at the top of the screen. A nice bright blue button on a sea of dark text of the permissions. Where does the user tap? On the button immediately.

The permission list only shows a few of them, then another "More permissions" link to see additional ones.

Plus, you're also competing against dancing pigs. User wants Delta app to do stuff like check in for their flight without lining up, etc. You'll have to be pretty damn convincing to get someone forgo 5 minutes to download and run the app versus lining up 20 minutes at the airport to check in.

Re:you read the set of permissions.

[viperidaenz]

It is easy, Last time I installed an app it told me exactly what permissions I need to allow. Like "Your personal information", "Your location", "Your messages" etc...
Each one even has a little description of what it means, like "read contact data, read user defined dictionary"

Re:you read the set of permissions.

[gstoddart]

It's easy to know what it's asking for, it's impossible to have any idea of why a game would need access to my personal contacts, be able to change the state of my wifi, and initiate phone calls.

The vast majority of things I've looked at to download for my Android phone leave me going "WTF do you need that for?". And so far in almost all cases, I've decided I don't need the app bad enough to grant it unlimited permissions.

The problem is the amount of things apps ask for is bordering on the ridiculous. I now download an app, put the phone into airplane mode, and see what happens when I launch it. In a lot of cases, it then gets immediately deleted -- sorry, but there's nothing about this game which can't operate offline, so you're not getting all of those perms.

Sure, we know what they mean, but still no idea of why. I have yet to see an app which doesn't want way more permissions than it really needs to work.

Re:you read the set of permissions.

[viperidaenz]

I have yet to see an app which doesn't want way more permissions than it really needs to work.

You've misunderstood the purpose of the app. It's not a fun game to play, it's an ad delivery platform. It needs network access to download ads. It needs contact data to spam your friends. It needs call control to access your IMEI number to identify your device. It needs messaging access to analyse your conversations. It needs wifi access to know when you connect to the internet, so it can upload your 'anonymous usage data'.

Re:you read the set of permissions.

[gstoddart]

It also needs to find another phone to run on.

tax dollars not at work

Sad

Nine Years

California passed this law nine years ago. Everyone had plenty of time to comply. They got warnings. Now they get this.

Because people are stupid

[gelfling]

Like the law that ensures you're told not to smoke on airplanes because few people even have a living memory of that being permitted at all any more.

Remember smoking on airplanes or throwing a virgin child into the volcano is a violation of Federal Law.

Re:Because people are stupid

... or throwing a virgin child into the volcano is a violation of Federal Law.

[citation needed]

Re:Because people are stupid

Clearly memory loss is endemic in the US, I assume you're in the US as you quote Federal Law.

Smoking only started getting banned since 1979, and I certainly remember going on numerous flights in the US in the 80's and 90's with people smoking.

1979: Cigars and Pipes banned on aircraft
1988: Smoking banned on US Domestic flights under 2 hours
1990: Smoking banned on US Domestic flights under 6 hours
1998: Smoking banned on all US Domestic flights
2000: Federal law introduced banning smoking on all flights by US airlines.

So either you and your friends are all very, very young, Alzheimer's or similar has set in or you're talking complete bollocks.

I'm going for the complete bollocks.

Re:Because people are stupid

Can anyone elaborate a bit on this new law? In-app privacy notice, wtf? I bet if apps pulled from California users, that law wouldn't last long.

Re:Because people are stupid

[mjwx]

or throwing a virgin child into the volcano is a violation of Federal Law.

So throwing a non-virgin child into a volcano is perfectly OK then?

Extraterritoriality in law is strange

[Cytotoxic]

I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy? What about Los Angeles law? Are they subject to that too?

Does Slashdot have to worry about their website complying with Fresno law?

The whole thing just seems a little bit odd. Like when the US goes after foreign-based online gambling companies.

Re:Extraterritoriality in law is strange

It's not strange. The law is very clear. If you place a product in the stream of commerce and it's reasonably expected that a person in Fresno or California then you must comply with the law. If you place an app on Android market you expect the app to be used by people all over the U.S. Therefore comply with California law or make sure you restrict it's use to states other than California.

State laws can have a roll on effect. California is progressive in some environmental legislation. For example, you will find Coca-Cola making changes to it's formula to comply with California and apply it throughout the US. There is absolutely no problem with the way the law is applied in these "Extraterritorial Cases". In fact it protects you and me the customer. If you are a manufacturer in China and you do not expect your product to be sold in US. You also instruct your dealers that the product is only for sale in China with prominent ineffable labeling on your product. Some rouge dealer of yours shipped a container of your product to America. Your will not be subject to the American courts and the court will not have jurisdiction over you.

Conflict of law is a fascinating area. Law isn't really all that bad. Sometimes the economics of delivery makes it bad. In addition, we fail to see law for what it is: a vehicle for changing society.

Re:Extraterritoriality in law is strange

[rocket+rancher]

I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy? What about Los Angeles law? Are they subject to that too?

Does Slashdot have to worry about their website complying with Fresno law?

The whole thing just seems a little bit odd. Like when the US goes after foreign-based online gambling companies.

Well, yes, in short, they do. Jurisdiction is co-terminal with the threat. If you find this "odd", I recommend that you run, not walk, to the nearest legal library and read up a bit. Start with the section on international law...

Re:Extraterritoriality in law is strange

I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy?

Delta flies in to and out of California. They have hubs and offices there. They may be based out of Georgia, but they operate in California among other jurisdictions.

Re:Extraterritoriality in law is strange

[maro6613]

Delta does business in California.

The reason is (more or less) personal jurisdiction. If a company does substantial business in a state, people from that state can sue the company in that state under the laws of that state - no matter where they are based. This is a Good Thing - for example, say hypothetically that a Japanese automanufacturer makes all of their cars in Japan, and simply ships them to the US and sells them. If you a car from them and it explodes, injuring you, you shouldn't have to sue under in Japan under Japanese law.

See also: Article on conflict of laws for a primer on which jurisdictions laws apply when.

Re:Extraterritoriality in law is strange

They're subject to local laws wherever they operate.

Re:Extraterritoriality in law is strange

[pete6677]

Yep. Like the Foreign Corrupt Practices Act. The only real reason it exists is to shake down U.S. businesses for violating laws in OTHER countries which may or may not even be provable. But most companies find it not worth the effort to fight, and pay the government a few thousand in protection money to leave them alone. Obama loves using this against anti-union companies or those that aren't "green" enough.

Re:Extraterritoriality in law is strange

[BitZtream]

When you do business in a state you are also bound by the laws of that state.

If Delta had no business activities themselves in California, they wouldn't have an issue. Every Delta ticket counter that exists in California makes them subject to the laws of California.

Re:Extraterritoriality in law is strange

[BitterOak]

Conflict of law is a fascinating area.

Fascinating to those who aren't victimized by such conflicts, I suppose.

Re:Extraterritoriality in law is strange

[Attila+Dimedici]

Despite what the Anonymous Coward said, it is not because they can reasonably expect a person in California to use it. The reason is that Delta does business in California. They have employees who work there. As a result, they need to comply with California law in any way that their business takes place in California. If they were, for example, to make the app not allow you to book a flight out of California they might be able to avoid complying with this law. I am pretty sure that if this app could not be used to book a flight to or from California Delta would have a good chance of winning based on the argument that they do not use the app to do business in California. Certainly, if they had no offices in California and flew no planes into California, this law would not apply to them, even if you could use the app to book flights on other airlines.

Re:Extraterritoriality in law is strange

[lgw]

So you think it's reanable that I can't develop an app myself and put it on the app store without spending hundreds of thousands in legal research on the laws of 50 states and however many cities?

Maybe we should just outlaw all sowftware development done by other than the biggest studios and leave it at that?

Re:Extraterritoriality in law is strange

[DragonWriter]

I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy?

Delta has considerable physical business presence in California. Why wouldn't they be subject to California law?

Re:Extraterritoriality in law is strange

[stephanruby]

I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy?

Delta has hubs and employees in California. It does plenty of business in California, probably far more than they do in Georgia. The location of an HQ means less and less these days.

Thought, I do agree with your main point. Airline travel is so obviously an interstate issue, it should be regulated by the Federal government, not the State.

Re:Extraterritoriality in law is strange

The law is very clear. If you place a product in the stream of commerce and it's reasonably expected that a person in Fresno or California then you must comply with the law. If you place an app on Android market you expect the app to be used by people all over the U.S. Therefore comply with California law or make sure you restrict it's use to states other than California.

why does this not apply to online purchases? amazon, newegg, etc. must comply with tax collection laws of all 50 states or they may choose to NOT do business with customers in states they do not collect sales tax for...... it's the same friggin thing.

Re:Extraterritoriality in law is strange

1. Only a legal professional, or someone else with a conflict of interest with respect to supporting the current enormously and excessively complex legal system, would say that "the law" is clear, let alone "very clear".
2. Similarly, only a legal professional would effectively say that "a product" -- implying any product under any circumstances -- must comply with the laws of any jurisdiction.

Given that legal professionals write, judge, and enforce the laws, it follows that legal professionals as a class within society are in a position of ethical conflict of interest with respect to the nature, scope, and form of the legal system. A complex, confusing, contradictory, and/or excessively broad legal system -- something that the USA certainly has, and that can be reasonably supposed to result from this conflict of interest -- creates long term artificial demand for the services of legal professionals. It also causes enormous problems for society, as these kinds of ethics issues spill over into every area of law.

Forcing people to be aware of the laws of every possible jurisdiction is just another means for legal professionals to artificially increase the demand for the services of their profession.

If standards are needed for the sale of goods within the USA across multiple states, the appropriate thing to do is to create simple, short, and easily understandable laws at the federal level. Anything else can be presumed to involve unethical conduct on the part of legal professionals.

Re:Extraterritoriality in law is strange

There is one big difference. Delta Airlines has a substantial presence in the State of California, mainly they have flights into and out of most of the substantial airports in the State of California. Due to this presence, Delta Airlines is subject to the State of California's laws.

For a small software developer, you only need to worry about the laws of the state you live in and Federal laws. For all intents and purposes you'll simply be a mail-order business. Only larger businesses with substantial presence in multiple states will need to worry about the laws in those multiple states.

Re:Extraterritoriality in law is strange

Delta has hubs and employees in California. It does plenty of business in California, probably far more than they do in Georgia. The location of an HQ means less and less these days.

Somehow I doubt that. Take note of the spider web surrounding Atlanta. Their recent mergers have added a couple of big hubs in the midwest to their massive operation in Atlanta. Judging by the map it's a possibility that Delta does more business in Atlanta in a day than they do in California in a month.

Absurd? No, not really.

[Anonymous+Psychopath]

Aside from the photos, I can think of a logical reason for each of the other permissions listed.

Name is needed for check-in and boarding pass creation.
Delta will send flight updates via text message, for which a phone number is required. Ditto for email.
Frequent flyer number and PIN code are used to access your Delta account.
Geolocation so it knows which airport you're in.

They should disclose what information they collect as required by law, but the assertion that these permissions are "absurd and disturbing" is ludicrous and obviously the opinion of someone who does not travel often, or is uninterested in utilizing technology tools when they do.

Re:Absurd? No, not really.

Why not ask the user for all this information as needed, instead of data-mining the phone?

Re:Absurd? No, not really.

[dochin]

You're right on the money. There used to be a feature of the app that allowed you to take a geotagged picture of your car in the parking lot so you could find it later. It's not unreasonable to think that permission was left in after the feature was removed either by mistake or some technical issue with the App Store/iOS apps in general. At least it doesn't spy on my contacts and text messages like many other free apps. I do wish iOS App Store had a feature similar to the google store for android that shows exactly what permissions an app wants when I install it. Even better would be to allow user control over individual permissions.

Re:Absurd? No, not really.

Even with a logical reason, the user should still know that the data is being transmitted and/or collected. The user should have some ability to choose something in-between "broadcast all information to anyone who has a logical reason" and "never use technology." At least that's what the state of California is trying to establish here - I suppose whether that choice did/does/will exist is the matter in question.

Re:Absurd? No, not really.

[Drathos]

It's not data mining the phone. All of that info (except the geolocation) is input by the user.

Re:Absurd? No, not really.

[stephanruby]

Aside from the photos...

Looking at the screenshots of their app on the Google Play Store. It looks like they might be doing something with QR codes. Most likely, scanning QR codes requires access to the camera, hence the "Hardware Controls: take pictures and videos" permission.

It also does require "Storage: modify or delete the contents of your USB storage modify or delete the contents of your SD card" permission, which I'm less sure about. May be that one is a frivolous permission. In any case, I doubt very much that Delta is perusing all the travel pictures I have on my phone.

Re:Absurd? No, not really.

[Existential+Wombat]

The photo is used so you can take a picture of the parking lot where you left your vehicle, or of your luggage tag barcode.

Re:Absurd? No, not really.

[Neelix21]

Aside from the photos...

Looking at the screenshots of their app on the Google Play Store. It looks like they might be doing something with QR codes. Most likely, scanning QR codes requires access to the camera, hence the "Hardware Controls: take pictures and videos" permission.

They have a feature to take a picture of your luggage tag so that you can track it while travelling. Not quite QR codes, but similar.

Why not give it the permissions YOU want to give?

His point is valid, on my Samsung bada phone I can assign which apps have permission to get the GPS location for example. On my Android phone, I don't get that choice. I either accept it wants the location and give it all the time, or I don't install it. I can't turn off the GPS permission just for that app.

There's some really amazing stinky apps out there too. You wouldn't give your bank account details to a stranger, yet people install messaging apps, and immediately give them the email login. No doubt full of email confirms from their bank, and other details that could be used for phishing attempts on the bank account, or to grab your email account from you.

When I dug into where these apps were developed, I found 3 of the most popular free ones are developed in Russia, Bulgaria, and Israel. It's not difficult to figure out why they're free.

Re:Why not give it the permissions YOU want to giv

[somersault]

I can't turn off the GPS permission just for that app.

You can however leave GPS switched off when using that app. You should have it disabled the majority of the time anyway if you want to conserve power.

Kind of silly

[Emperor+Shaddam+IV]

I have this app on my iPhone. You can use it as a guest, but really its for frequent flyers that already have Delta sky miles accounts. The majority of people using this app have already provided most of the mentioned personal information, if not more because they have a SkyMiles Account and they have bought plane tickets. So this lawsuit is kind of silly in my opinion.

Re:Kind of silly

[Emperor+Shaddam+IV]

One other point. Cities are going bankrupt in California and they just had to raise taxes to help met a budget shortfall. Shouldn't the State of California focus on solving its internal problems managing money, instead of going after airlines because they write apps that ask for your personal information to HELP you keep track of the flights you are on? What a mis-directed use of state government time and resources this is.

Re:Kind of silly

[Thiez]

> going after airlines because they write apps that ask for your personal information to HELP you keep track of the flights you are on?

Won't somebody think of the poor airlines that require access to your pictures to keep track of your flights? They're just trying to HELP you! Why is California being such a meany! :'(

Re:Kind of silly

Oh, they require it? I wasn't aware that anyone was forced to use this app.

Re:Kind of silly

The biggest internal problem California has with managing money is a bunch of conservative crackpots and their screwball but well funded anti tax propositions that go back to the 70s. They make it impossible to change tax rates, such as, I believe, a law that says 2/3 of their legislature must approv of any revenue hikes. California might be a largely Democratic state, but it is also a huge state and getting 1/3 of the legislature to be cranky right wing obstructionists isn't all that hard a goal. So the rich pay little, regressive things like sales taxes and fees go up, and the poor pay more percentage wise than the rich and, especially, businesses.

It's the same model playing out nationally now, but it's been going on for decades there. The result is predictable, and it was no accident. It's just another failed set of economic policies brought to you by the "government doesn't work, so put us in charge and we'll totally break it for you" crowd that started with Reagan and has been going downhill ever since. Kind of like the rest of the US after Reagan, actually.

Re:Kind of silly

[pete6677]

California officials have no desire to confront their fiscal problems. They would rather add to them by doing things such as building high-speed rail to nowhere and a football stadium in LA for a team they don't have using money they don't have. But it keeps the unions happy, which keeps Democrat politicians elected. That is how California (and Illinois) work in a nutshell.

Re:Kind of silly

[wickerprints]

Silly? I don't think it's silly at all. It's a perfectly reasonable lawsuit, one that is likely to succeed.

Something that needs to be pointed out here is that the CA online privacy law is really NOT that onerous. It's not setting some insanely high bar for developers and companies to pass--as it applies to this case, it is simply requiring that users be notified upon installation of what information may be collected through the app and how it might be used. It's not as if that law even has any real teeth with respect to getting developers to protect the data they collect, as far too many people ignore privacy policies and just automatically click "Accept," because as sites like Facebook prove, most users are willing to sacrifice their privacy to a significant degree in order to obtain some entertainment or convenience.

So again, it's not that big a hurdle to simply ask for a privacy policy. The fact that Delta didn't even bother to do that makes me think twice about how conscientious they may be about protecting all that data they DO collect, and that is a much more serious concern.

Re:Kind of silly

[Emperor+Shaddam+IV]

They never required a picture from me to board a plane or nor have I ever had to use this app if I didn't want to. And I have flown delta more than 100 times in the last 10 years. The app isn't a requirement to board a flight or purchase a ticket. Much ado about nothing.

Re:Kind of silly

[Emperor+Shaddam+IV]

Like I said in my original post most if not all of the people using this app have already provided a lot of personal information to Delta. Seriously, you need a sky miles ID to log in and do most things, so most users of this app are just tying back to a Sky miles account with information that has already been provided. So they aren't really "collecting" any data that they don't already have.

Re:Kind of silly

[wickerprints]

You're typing and typing but you're not actually listening--typical behavior for someone doesn't want to actually think about the issue.

The whole point of having a privacy policy is that people can see that Delta is at least meeting their obligations to inform its customers. It's not about what Delta already has on them. It's about showing some basic, minimum level of responsibility--and they apparently can't even do that. It's NOT hard for them to do, and it IS the law.

And if you haven't noticed, the lack of a privacy policy does mean that Delta could technically store all your photos taken with your phone through their app, and potentially use them for marketing purposes--your consent having been implicitly given as part of your usage of the application. That isn't something that SkyMiles customers would or *should* be expected to know, nor is it information that Delta already has.

Re:Kind of silly

[Emperor+Shaddam+IV]

By the way, there is a link to the privacy policy on the first page of the app.

Re:Kind of silly

[chrylis]

The whole point of having a privacy policy is that people can see that Delta is at least meeting their obligations to inform its customers. It's not about what Delta already has on them. It's about showing some basic, minimum level of responsibility--and they apparently can't even do that. It's NOT hard for them to do, and it IS the law.

And if you haven't noticed, the lack of a privacy policy does mean that Delta could technically store all your photos taken with your phone through their app, and potentially use them for marketing purposes--your consent having been implicitly given as part of your usage of the application. That isn't something that SkyMiles customers would or *should* be expected to know, nor is it information that Delta already has.

Spoken like someone who assumes that a government official should be taken on faith. In the real world, having a privacy policy means having several pages of fine-print legalese that basically means "we get whatever information we can on you and do whatever we want with it". The (existing but pointless) legal requirement to have a privacy policy says absolutely nothing about the contents of that policy, which could entirely legally read "Delta can use any of your photos for marketing purposes", and chances are no one would ever read that far.

Re:Kind of silly

[rotorbudd]

I think it's called "fiddling while rome burns"

Re:Kind of silly

[DragonWriter]

Cities are going bankrupt in California and they just had to raise taxes to help met a budget shortfall. Shouldn't the State of California focus on solving its internal problems managing money

Cities are separate governments from the State, and, as you note, the State already largely addressed its budget shortfall, because in a surprising outbreak of common sense, voters voted to raise taxes to pay for the services they've demanded. There's still a small projected deficit under current policy for the next fiscal year, and then projected surpluses for the foreseeable future.

Re:Kind of silly

[DragonWriter]

California officials have no desire to confront their fiscal problems.

Uh, well, except that they just presented a plan to voters that pretty much completely solves the fiscal problems for the foreseeable future, and the voters passed it.

They would rather add to them by doing things such as building high-speed rail to nowhere

The termini of the proposed high speed rail systems are the most populous areas of the state (and the project also includes upgrades for existing conventional intercity and commuter rail systems.) Its hardly "to nowhere".

and a football stadium in LA for a team they don't have using money they don't have.

State officials aren't building a stadium in LA, and the people that have expressed interest in doing that aren't building anything until a team agrees to come, so this one is doubly wrong.

Why is this news?

[drjoeward]

I agree you read the permissions and decide to install or not. putting a sandbox around the app? sure, but then more people will complain about broken apps and support will be even more difficult. i could list lots of examples where people set a control and forget they did, and then complain that something is broken, when it is in fact their fault its broken.

now what i want to know is why this is news on /. Calif. did this on Dec 6, and delta updated their app on Dec 7 (http://www.androidcentral.com/delta-updates-their-app-privacy-policy-california-safe-again) so why is this a current news item for us?

Re:Why not give it the permissions YOU want to giv

[jopsen]

I think GP used GPS permission as an example... Why can't I feed apps incorrect GPS data or an empty address book?

Apple and Google made that jungle

The two fanboi "cult-of-technology" companies.

Imagine that.

There is one smartphone that lets you do this...

[i68040]

That is one advantage to using a BlackBerry: you can pick which permissions you want an app to have.

Re:There is one smartphone that lets you do this..

[avm]

This is one area where the Blackberry OS has very soundly beaten every other mobile OS I'm aware of. Any OS even remotely considering corporate/enterprise usage really ought to have this sort of ACL for apps.

But, they don't.

Marketing!

[Matt.Battey]

It's because the apps are paid for with marketing money instead of operations money. Businesses don't feel the need to offer you better service unless you pay them for it. Here you are selling your PPI in return for the ability to see when you flight is arriving. A little off base in my book.

Re:Marketing!

Right, because the airline doesn't already have the name, phone number, and frequent flyer number of its own customers. Oh wait.

UMM well on android...

You actually can control what permissions an App has on Android phones. At least ones that are unlocked/rooted. I don't remember offhand the name of the app, maybe appjail? or something like that... all the phones apps are shown in a list, clicking on the app brings up all of it's permissions and a checkbox to enable or disable them. Sometimes changing things might just crash the app, or stop it from working at all, but it does show you can indeed control what things on your phone do.

I see some people commenting on how Blackberry(ROFL) beats everyone else in protecting against this? No Idea personally, I despise Blackberry phones. (nothing against blackberry, I just think their phones are crap). A lot of people seem to completely forget that Android is a Linux based distro(well distro'ish? that work?) What I mean by that, is it uses UNIX file permissions for file access (aside from normal phone permissions as in the article), but depending on what files you want to secure, you can change the file permissions to prevent access, or modification of whatever you want.

Developer and Lawyer Partnership Time!

"Why is it we still can't control what permissions an app has on our phones?"
When the fines exceed the cost of developing this feature, it will exist. It doesn't exist now because there was no reason to build it.

"It's absurd and disturbing that an app for checking flights and baggage demands all of those permissions."
No, it's lazy grab-everything, and there was no reason in the past not to snag all of these things. Now there is a reason.

Photographs

[number17]

The photos on your phone aren't personal information but they are copyrighted material. Are they copying the photos are the metadata?

Why You Cannot Control Your Phone

The answer to this question should be painfully obvious. You didn't pay for the phone, it was subsidized, and even if you did you're using it on their network. When it comes to phones in general and especially smartphones, you're the product that's being sold to anyone willing to pay even a penny for every last scrap of personal information they can possibly glean from it. That's why you should never provide real identities in these cases, but rather use aliases and other fake information. Now, thanks to the laws in some states that now allow bank accounts to be opened without Social Security numbers, it's even easier to set up an alter ego complete with credit cards and mail drops. The Mexican Matrícula Consular is especially easy to fake and is accepted for these purposes by many institutions in the aforementioned states.

Run a good ROM

[bartoku]

Why is it we still can't control what permissions an app has on our phones? It's absurd and disturbing that an app for checking flights and baggage demands all of those permissions.

If you are not running CyanogenMOD then it is your own fault for installing 3rd party apps that cannot be trusted.

Re:Why not give it the permissions YOU want to giv

You can fake GPS data on Android.

Re:Why not give it the permissions YOU want to giv

[flyingfsck]

or better, feed the apps an address book from the Spamhaus Zen list...

More nanny state BS

The fact that Delta respects our privacy and has a company-wide policy means nothing to the anti-business liberals. They only care that the company hasn't wasted money to make a mobile-specific policy. There are no accusations of abuse, only the accusation that they haven't followed some ridiculous bureaucratic requirement.

We have control; just implement it

http://research.microsoft.com/pubs/149596/AppFence.pdf

Linked: Paper for Android OS retrofit from Microsoft Research and Univ of Washington that makes the app think you've given it full permissions, then substitutes junk data when the app requests information you don't want to give.

Re:child volcano?

[DragonWriter]

Or, the Mann Act if you transported the virgin child from another state (although I think Mann only applies to transport for immoral purposes)?

Under any reasonable standard "to throw the child into a volcano" is an immoral purpose. So, while I think you are correct about the limitation, I don't think it makes the Mann Act inapplicable.

Maybe that's what you were thinking about.. the only active volcanoes in the US are in Hawaii, and in Volcanoes National Park

"Active" volcano has a lot of different definitions, but by any of the usual ones that's not true. See, e.g., this page on USGS volcano monitoring priorities.

Re:There is one smartphone that lets you do this..

J2ME phones can do this.

Re:Why not give it the permissions YOU want to giv

And what if you need to use GPS for another app at the same time?

Umm - TSA Preemption

Most of the information collected is exempt from disclosure under the TSA Rules. I suspect this will be dismissed shortly.

Re:There is one smartphone that lets you do this..

J2ME phones have the highest app security of any platform. If there are no apps for it, there is no way for information to be input much less leaked.

Agreed

Why is it we still can't control what permissions an app has on our phones?

I agree, while I can see a stopwatch app needed the ability to prevent the device from sleeping, why does it need to be able to access the internet and send premium SMS messages? The user should be able to "turn off" any permissions he doesn't think a particular app should have, even more so if he paid money for it.

Cheers

Cut the 'Nuts' of Delta's CEO.

That one act will get a lot of synergy going.

Then round up the CEO, CFO, CTO, COB and B and have a very merry St. Valentines Day Massacre.

None of them will be missed.

No More Tears.

Or just get an iPhone...

Last I checked, GPS and photos needed user permission on an iPhone and the rest of the information you have o niter. Yet bother reason why I won't switch to android.

As for the lawsuit, it's more ridiculous California craziness being imposed on others.

Re:Or just get an iPhone...

::face palm:: as I screw up typing on my iPad... "O niter" should read "to enter"

Re:Why not give it the permissions YOU want to giv

[jopsen]

or better, feed the apps an address book from the Spamhaus Zen list...

We should make an App for that :)