Slashdot Mirror
US Wants Apple, Google, and Microsoft To Get a Grip On Mobile Privacy
coondoggie writes "When it comes to relatively new technologies, few have been developing at the relentless pace of mobile. But with that development has come a serious threat to the security of personal information and privacy. The Federal Trade Commission has issued a report (PDF) on mobility issues and said less than one-third of Americans feel they are in control of their personal information on their mobile devices. 'The report makes recommendations for critical players in the mobile marketplace: mobile platforms (operating system providers, such as Amazon, Apple, BlackBerry, Google, and Microsoft), application (app) developers, advertising networks and analytics companies, and app developer trade associations. ... The report recommends that mobile platforms should: Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation; Consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded; Consider offering a Do Not Track (DNT) mechanism for smartphone users.'"
We want them to pay their taxes.
AMIRITE?
How about regulating them?
I swear to God...I swear to God! That is NOT how you treat your human!
That's one thing I really miss about my old WinMo phones. They were not a data harvesting device, just a phone, with computer functionality. Every device I've had since then just seems like it's spying on me and siphoning off my personal life for someone else's gain.
It's creepy.
Are they now considered a "critical player" in the mobile space? Or is this the editors subtle influence at work?
"we want exclusive access to your info"
I got to the chocolate box before you, that's why the hard ones have teeth marks.
We'd like you to put an NSA backdoor into your product, so that we can use our expanded powers under the Patriot Act to search through personal information.
Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation
This is already done by Android and works perfectly. What I'd like to see, though, is the ability to selectively deny services or mock them out and provide fake responses. If an app is asking for my contacts and I don't want to share, I should be able to return an empty address book. Same thing with location - let me set a fake one when I want to.
At the end of the day, though, service goes both ways. Just as I'm free to not want to provide my location to an app, apps should be free to refuse to work without that location. This is how the market is supposed to work - if you don't want to share information with companies, don't give it to them in the first place, but don't complain when they refuse to serve you.
By "privacy", they mean "from everyone except the government".
Pay cash for a no contract phone. Don't keep sensitive information on the phone. Don't transmit sensitive information. Assume that any carrier or service provider cannot protect your information.
wants to KILL US and READ OUR MINDS.
Don't let him take away our guns.
This is already done by Android and works perfectly.
Nah, it really doesn't do it in any meaningful way, and doesn't provide the level of fine grained control that is needed.
Sure, you get notification when you install an app that i uses this data, and can access that data, for this or that reason.
But you are never provided any indication when the app decides to use the data for some other reason. There is nothing in
Android that prevents this.
Example: You install an email app. Obviously it needs to access your contacts to send email to them.
It says it has to access the web, maybe to serve ads (because its a free app). You might never be told that the app might
decide to upload all your contacts to some web site. You have no way of knowing when it does this, and no way to
prevent it.
Andorid needs a finer grained control, one that says, you can't access my address book. Or you can't connect to
any website, except this list (in the example above it would be some ad server). The user should be able to turn off
some of the permissions at will. EVEN if doing so makes the app FAIL.
Right now, we get a Take-it-or-Leave-it list of permissions, most of which are poorly understood. Most people click right
through these, failing to notice that the Game they just installed wanted to access their address book. Once they
click thru that, they are never asked again. There is no way to know it happened.
Permissions should be select-able per app, even after its been installed.
There should be a easy way to review which apps can access which bits of sensitive data, and turn it on or off.
Id rather the twitter app fail than have it tweeting my 13 year old daughter's location without her or my knowledge.
Sig Battery depleted. Reverting to safe mode.
This is really too rich for me. The government telling the Microsoft, Google and the mobile telecom providers to get their mobile privacy issues in order?
Pot, meet Kettle...
I think they're realizing that if consumers feel uncomfortable with carrying a GPS tracking device in their pockets, they may stop using them.
Why, consumers may just go back to pay-phones! Which would leave the feds, states and even Chief Wiggum without an unfettered way of getting location data on almost every American.
Too rich, you just can't make this stuff up.
The devil is in the details of course, but these things - "Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geo-location; Consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded; Consider offering a Do Not Track (DNT) mechanism for smartphone users" these are perfectly reasonable and I think are a good idea. Some of the vendors already have some of this stuff to a greater or lesser extent.
The US government needs to get a grip on privacy in general. With the TSA, warrantless wiretapping, and placing devices that allow them to track people on people's cars, the government also needs to improve.
The whole purpose of Google's existance is data mining. Fat chance they will listen to anyone or anything with regards to pivacy.
and opt out of location services? Google has been pushing these options hard for quite some time now. Android users shouldn't be complaining if they don't take advantage of the privacy and security options that are pushed on them. Turn on 2-step verification, turn off GPS and location services except for when you need directions, create a good password, delete your non-essential cookies daily. These are the steps anyone should be taking to be more secure and for better privacy, regardless of whether they are using an Android phone, a laptop, etc.
That just made rooting ones phone- that is, exercising even the slightest modicum of self determination with the software on one's "personal" phone, a felony?
The right and left hands need to have a discussion methinks.
How about "forcing" companies like Microsoft to use "standard file formats" for what has now become the defacto office suite?
Or making sure these companies, including Facebook, provide a mechanism for data portability, provisioned by a script?
Here's how it would work: I, the user, run this script through an interface, the result of which should be the "porting" of all my data from one provider to another in a 'reasonable time.'
They (Federal Trade Commission), dropped the ball long ago!
They are now trying to impress upon us that they are doing everything they can to "protect and safe guard" our privacy? I don't buy it one bit!
I shouldn't have to forego Maps just to prevent some other app from transmitting my position to advertisers.
I shouldn't have to disable functionality I paid for, just to prevent some unwanted use of my location!
I should have a dashboard (just like the FTC suggested) that allows me to use my GPS the way I want, and not the way the app writer decided.
Sig Battery depleted. Reverting to safe mode.
Nah, it really doesn't do it in any meaningful way, and doesn't provide the level of fine grained control that is needed.
Stock Android doesn't, but apps like P-Droid allow you to take as much control of your own phone as you want to.
"I've got more toys than Teruhisa Kitahara."
So, does the US government really think that asking the 3-largest privacy pirates to do something will actually work here?
I think the only real progress that could be made is that these companies agree to a standard format for sharing your information among themselves.
I like it. P-Droid a good start, if Android built that in by default it would be great. The UI could be a bit cleaner, but I like it.
But still ROOT is required to install, so that rules out the vast majority of potential users. You shouldn't have to void your
warranty to do the equivalent with your phone.
Sig Battery depleted. Reverting to safe mode.
The BlackBerry Playbook does exactly this. When you install the app, you see what permissions it is requesting and have the option to disable some. You can also go back into the settings to review and change what permissions each app has. I also dislike the "take it or leave it" approach Android has with app permissions, and I consider it a strike against any Android device for my next phone.
I didn't. a) I don't think it's worth it. b) I have enough computers. c) Someone always has one nearly everywhere I am. d) Their position can be tracked. e) Everything belongs to the hive-mind anyway. f) I, for one, welcome our new insect overlords.
Please have respect for people with different abilities, especially children.
The biggest problem isn't that the applications don't disclose what they're accessing. There's also the problem that they don't disclose in detail. "May access the network", yeah, but for what? Knowing that it needs network access doesn't do me any good if I don't know what it needs it for or what it intends to do with it. Ditto "may access the SD card". Is it going to access it to store it's own data, or is it going to access it to scan other data?
And finally, even if all that's resolved, disclosure does no good when applications give you a take-it-or-leave-it approach: either give them 100% of everything they want or don't install them, even when a lot of what they want isn't required for them to run. The free version of a to-do list, for instance, would need network access to receive and display ads, but why would the paid-for ad-free version need it? Only to sync to a service like Google or Apple, and then only when the user chose to sync to a service. An IM program needs network access to run, without that it's kind of pointless. But access to my contacts? That may make it convenient, but my IM program does not need to see my phone's contact list to do it's job. At most it needs access to it's own contact list, which it would be getting from the IM servers when it logs on (otherwise things wouldn't stay in sync between clients). But still you're faced with either giving the IM program unrestricted access to something it doesn't need or not being able to use it at all. What's needed is disclosure of exactly why the program needs access and of why, if that access is required to install/run, the program cannot function without that access. Note that for that IM program, "It can't function without access to the contact list because I'm too lazy to write the code to maintain an app-specific contacts list." would be a perfectly acceptable disclosure. The reason doesn't have to be good, merely honest. Penalties for failure to follow the requirements? Well, you're making a fraudulent statement about your product. We already have penalties on the books for that.
Prepare to be assimilated.
The government does need to improve...how they collect and organize data on you.
I am sure the government only laments that it doesn't have the information that Google, Apple, and Microsoft have.
I wouldn't be surprised that---after all is said and done---the US ends up with a secret (from the general public) backdoor access to the information these companies have amassed in order to ensure that these companies do not "abuse" the information---in the name of homeland "security".
Facebook. An openly ruthless privacy destroyer. What Google, MS and Apple do is small potatoes compared to the facebook problem.
I really want a ban on places like Malls being able to install stuff that watches for my phone's unique identifiers to watch me move through the mall and returning to the mall. And I want a total ban on my phone company sharing anything about my movements or calls with anyone including police without a warrant and "trusted third parties" I don't trust any third parties so their aren't any "trusted third parties"
Android may need finer grained controls but I am not sure how an email app is supposed to function without connecting to the internet and reading your contacts.
I do like the idea of turning off permissions at will/runtime though. Though, even that concept is not without problems. It would increase user confusion and support requests, cause some increase to development time, potentially break a lot of apps and decrease to the value generated to app devs/publishers. Still, I think it's a good idea overall -- these problems are not really that big (IMHO).
PocketPermissions Android Permission Guide
Simple as that. As much as corporations are these beacons of good will, they won't change anything unless they have pressure put on them.
I should have a dashboard (just like the FTC suggested) that allows me to use my GPS the way I want, and not the way the app writer decided.
Good point. I've got a great privacy dashboard - it's part of Avast's security suite (which is free for Android users and which I HIGHLY recommend). I've actually always personally been in favor of using 3rd party applications for security options. I don't really like it when the product designer decides what I need in terms of security - I'd rather trust that to a specialty security company.
Mobile security and any other digital security begins with Apple Inc., Google, and Grandaddy Microsoft.
They enable digital and mobile in-security traps and backdoors for themselves and their 'clients' like
the US DoJ, DHS, CIA, WH, InterPol, KGB, NATO, various Mafia and Snakehead organizaitons.
Why ? Money !
Cook need 1) cocaine, 2) homosexual prostitutes to service him, 3) booze, 4) money to payoff Mafia,
Snakeheads and Yakoza.
Without the in-security and traps and backdoors Cook would rob his divisions within Apple Inc. to fuel
his addictions.
With the in-security and traps and backdoors Cook can harvest cash globally to soothe his 'manly needs.'
With Apple Inc. stock price cratering Cook will turn to cannibalizing his divisions for cash to fuel his
addictions.
This happens day-by-day at Google and Microsoft.
'Nough Said.
Now that is some irony! The US government is concerned about individual privacy? This is the same government that ignores laws stating they require a warrant to access your personal medical records? The same government that eavesdrops on its citizens at will? The same government that believes it has the right to know about all of your banking transactions? That can search you at will if you - like most of the population - live anywhere within 100 miles of the border of the country.
That said, the FTC report does actually manage to state the obvious: "App developers should have privacy policies", "Obtain consent before accessing data", "Participate in self-regulatory programs", and other bloody obvious things.
Oh, and by the way, that national deficit? Well, it's just a little bit higher, having funded this useless report...
Enjoy life! This is not a dress rehearsal.
Id rather the twitter app fail than have it tweeting my 13 year old daughter's location without her or my knowledge
What's your daughter's twitter address again?
Unfortunately, I've learned that people are fucking retards and will blame Android for being crashy. Devs do it (some bugs I've seen blamed on Google aren't bugs in Android.)
Sadly, Google made the right decision to have a all or none tactic. Most people don't care about privacy issues, half don't understand, and the other misunderstand.
Incidentally, even with fine grain permission, you wouldn't be able to tell if a program misuses the permission. You'd just be able to determine when your data leaked if you ever answer yes to any prompt.
The people do not want a grip of some companies on some devices.
The people want the US to get a grip on privacy. On all companies. Concerning all means, including paper ones. Your privacy should be the number one concern.
And the privacy should NOT be able to be taken away. Not by clicking on an OK button. Not by a contract. (Only if ordered by a judge as part of an investigation or part of a punishment). Just like you can not enslave somebody by letting them sign a contract, you should not be allowed to give away your privacy.
(This will unfortunately mean no more mug shots of famous people who have been arrested.)
Don't fight for your country, if your country does not fight for you.
US Wants ExxonMobil to Get a Grip on CO2 Emissions
Likewise I'm sure they'll get right on that.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Tell them to stop using Facebook.
HaHaHaHa ... HaHaHaHa ... HaHaHaHa ...HaHaHaHa. Oh, you're serious: Wait, I'll laugh even harder.
There is a reason for spyware on nearly every platform: It is profitable. The US has had ten years to fix this. Instead its been grabbing hold of every data source it could. There is no reason for the corporations to stop. The government won't stop and thus won't demand anyone else stop. If anything, the US government is bullying other countries to aid their spying. The FTC has already been told that it can't enforce any policies.
Then don't leave it where other people will look. That may mean avoiding most networked applets, getting a not-so-smart phone, or simply not storing personal information on portable devices which any LEO can copy. It also means there is a demand for hardware-based encryption, a product which is mysteriously missing from the market. Doubly mysterious since VPNs and the 'cloud' are meant to be the solution to everything, except obviously, privacy.
The "less than one-third" people who feel they are in control of their personal information are living in a dream. All of the service providers collect and use all of the information that is available to them. If everyone knew what is happening behind the scenes they might demand data privacy laws similar to those in Germany.
The Gubbermint wants these companies to get a handle on private data? Hell I thought they already had figured out how in hell to invade our privacy. Just look at Google and Android. Always communicating with the mothership. Microsoft does the same god damn thing and Apple? If it's IOS or iTunes then they're also getting all of your personal information. Hell these folks are more invasive then the Credit card companies though with the tech they've developed, they now have a profile on what and where you buy stuff and guess what, each and everyone of these companies hands that information over to the gubbermint for a small fee. No court orders or search warrants needed.
Mod me up/Mod me down: I wont frown as I've no crown
Now that's scary... they really think so? They have NO idea, do they?
How about simply not using their products if you disagree with their business model?
This is a job for the free market to sort out... not the govt to regulate.