Slashdot Mirror

← Back to Stories (view on slashdot.org)

Consumer Rights Groups Take Issue With NTIA Code of Conduct For Mobile Apps

Posted by timothy on from the click-here-if-you-didn't-read-the-above dept.

MojoKid writes "On Friday, we learned that the mobile industry has developed a short-form notice for mobile apps that tells users if the app is collecting their data and in what areas (i.e., phone call and text logs, location data, and so on) that would appear before app download begins. The program is currently voluntary and being tested, and although on the surface it seems like a step forward for consumer protection, some industry consumer rights groups are opposed to it. Jeffrey Chester of the Center for Digital Democracy (CDD) told us that, with respect to all the work that the industry put into the plan, he doesn't believe the new code of conduct will actually do much for consumers. "The process ignored the actual mobile app business practices, and refused to engage in the testing that's required," he said. "Words on a small screen--even if better than long and hard to find privacy policies--doesn't mean anything unless we know it tells users: one, what data is actually collected and how it is to be used, and two, whether they will see it in the first place.""

19 of 31 comments (clear)

  1. Everyone is patting themselves on the back by hsmith · · Score: 4, Informative

    But in reality, a tiny sliver of individuals will ever read this. It would be more useful if it were in the App Stores or a screen on the device you could easily find to get the info. It will be another "EULA" which people just hit "Accept" for

    1. Re:Everyone is patting themselves on the back by icebike · · Score: 2

      Just put a notice on the box the phone came it, and print it on the back of the phone itself that says

      Anything you do on this device will be reported to the NSA

      and be done with it.

      --
      Sig Battery depleted. Reverting to safe mode.
    2. Re:Everyone is patting themselves on the back by Anonymous Coward · · Score: 1

      Despite the local hate, this is actually something the WinPhone software store does fairly well. Every program entry has a list of what resources it makes use of. As far as I can tell, this list is generated by Microsoft, so it doesn't include any explanation of why Tetris requires GPS and camera control, but it also means the programmers can't lie about what the program gets access to.

  2. Android by surmak · · Score: 3, Informative

    Android already does this. The OS has a set of permissions available for apps (get location data, use camera, access internet, etc.) These permissions are displayed to the user when the app is installed, giving the user the chance to reject the app if the permissions are unacceptable.

    1. Re:Android by Anonymous Coward · · Score: 1

      The problem with Android's permission model is it doesn't tell you *how* it will use the permissions you give it, or allow you to pick and choose those permissions; it's an all or nothing thing. What I would love is to selectively choose the permissions to grant an app and fake the permissions I don't allow; for example, give the app access to a fake contacts list so the app itself has no idea whether it has access to my real contacts.

    2. Re:Android by Anonymous Coward · · Score: 1

      I'm a developer who writes free "apps". The developers who think that their website, program, or whatever is a privilege and deserves to advert the hell out of people for viewing it are the real ignorant ones. Add a donation link, if you don't like that route then remove your website or program from the internet while users find a better alternative not written by arrogant people. I prefer you didn't use stupid generalizations and say that all free programs earn money by tracking/ads. The programs written by shortsighted people are like that, perhaps.

      Your website or program is not an awesome epitome of software. It's a tool that people may or may not use depending on their whims. If you don't want people using your stuff for free, don't make it free in the first place.

    3. Re:Android by hankwang · · Score: 2

      The problem with Android permissions is that a lot of apps request internet and sdcard access and there is no way to know what kind of data is going to be exchanged. Benign usage would be downloading ads and dynamic content, for the apps that are just a wrapper for a website. But for all I know, an app could be scanning the sd card for interesting data and feeding it to big brother.

      --
      Avantslash: low-bandwidth mobile slashdot.
    4. Re:Android by Mitreya · · Score: 1

      The OS has a set of permissions available for apps (get location data, use camera, access internet, etc.)

      It'd be nice if I could reject access selectively and try to install the app anyway

      I'd also like a button that sends an email to developers "What were you thinking when you designed this?"

      My favorite would have to be "permission to take camera fotos without user knowledge or permission". Even if an app has legitimate use for it, I'd like to think this is not mandatory for operation.

    5. Re: Android by Anonymous Coward · · Score: 1

      The latest nightly builds of CyanogenMod have a feature called Privacy Guard which mostly address this issue. You can select which apps have access to your contacts, phone logs, location, etc. Currently it doesn't support finer granularity than that (e.g. only forbidding location service to a specific app) but they are still working on an advanced mode for that capability. Expect to see the Privacy Guard feature in the next stable release of CM which will likely be 10.2.

    6. Re:Android by Anonymous Coward · · Score: 1

      What I would love is to selectively choose the permissions to grant an app and fake the permissions I don't allow; for example, give the app access to a fake contacts list so the app itself has no idea whether it has access to my real contacts.

      The new Jelly Bean release finally has the beginnings of just such a feature. It's still hidden to the user because it doesn't seem to be quite finished yet, and it's a bit broken in that the permissions you are allowed to enable/disable for an app only seem to show up in the list after the app has used that permission once before, but it's definitely a start! There's an app in the Play store (which does not require any persmissions!) that will give you a launcher to the hidden WIP "App Ops" interface.

    7. Re:Android by Runaway1956 · · Score: 2

      I'm one of those "consumers" who expects that "free" mean "free". I don't expect to be offered a free service, when in reality that "free" service is exploiting me in some way. I expect the offer to be very upfront, and informative. "In exchange for this nearly worthless service, the Company will use this app to mine all the data on your device. Please select "accept" to proceed with installation."

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  3. NTIA ? by rossdee · · Score: 3, Funny

    No, Thanks In Advance ?

  4. Easy to say no. by jklovanc · · Score: 1

    It is easy to point finger at what one sees as a problem. It is much harder to find solutions to those problems. Lets see a few consumer organizations come up with what they would want to see instead of just criticizing. They will find it much more difficult that they seem to believe.

  5. You know what would be nice? by MikeRT · · Score: 2

    If when a company like Facebook gets caught (as I believe they did recently) grabbing contact data without authorization they'd get the "CFAA-book" thrown at them by the federal government. Novel idea, right? Your mobile phone is your computer system in the palm of your hand. They greatly exceeded reasonable access. They're "hackers**" so eff them and eff them hard in the federal court for "hacking."

    **Term Nazis: we all know Hacker != Cracker outside of an African-American Studies program on race in IT... ;)

    1. Re:You know what would be nice? by 93+Escort+Wagon · · Score: 1

      Agreed on all points - but until people start quitting these services when they pull stunts like this, there will not be much pressure for action either internally or externally.

      For what little it's worth, I quit Facebook after that shadow profile revelation. But they're hardly alone - Google+ announced some time ago that they basically do the same thing, and I don't see a lot of outage over that.

      --
      #DeleteChrome
  6. Do the work by jklovanc · · Score: 1

    Simpson continued: “A year after calling for privacy legislation, we have seen nothing from the administration. This multi-stakeholder process has been a diversion and a waste of time. President Obama, if you are serious about protecting consumers’ privacy, show us your proposed legislation.”

    Instead of sitting on the sidelines sniping at people who are trying to make progress how bout you get off your ass and propose some legislation of your own? If you " are serious about protecting consumers’ privacy" how about you help make some progress instead of just being an obstruction. "You do the work and we'll shoot it down" is not very productive.

  7. I like iOS's solution by 93+Escort+Wagon · · Score: 1

    On iOS, when an app tries to access, say, your contacts - at that point you are given a pop up that asks you to allow or deny that action.

    There are several apps that I've found useful, but which want to do things for which there's no good reason (like the aforementioned contacts access). It's also nice with apps like Twitter or LinkedIn, where I might want to use them occasionally but don't want them spamming me with unwanted notifications or "services".

    --
    #DeleteChrome
  8. Unfixable... by Anonymous Coward · · Score: 1

    This is an unfixable issue. I used 'my' Facebook account to connect to the comment services of several EXTREMELY major publications. Every single one of these organisations wanted to slurp my entire private Facebook dataset. Obviously, with this account, I could say "sure, go ahead" but my point is that there is an absolute expectation by every player, big or small, that they can abuse the user in return for the service they offer the user for 'free'.

    Google, through Android, makes this a thousand times worse. At least of the PC there is a clear demarcation between 'nosy' software/services, and the stuff that just installs and runs, even if inside a fully locked down sandbox. But even on a PC, when installing a new firewall, I'm amazed at how many older programs I assumed were 'passive' attempt to make internet connections (to long defunct servers).

    If even one app has the ability to slurp your data, every other app will demand the same privilege. Thus, if you hold important information in your slurpable data area (be your device a phone, tablet or PC), your data will be slurped by everyone, and you may as well assume it to be public information.

    If convenience matters more to you than privacy, your privacy has now gone 100%. If you are still prepared to put some of your privacy ahead of convenience, at the cost of some extra effort, you can keep all the privacy you wish.

    Consumer Groups ARE NOT going to help here- in fact their moronically naive initiatives will actual make things get worse much faster, by ensuring the big players bribe the right politicians to cast in legal stone their right to slurp data in return for 'freebies'. Most mobile apps, per app, make less money than ever before, so their ability to slurp your data and sell it on/exploit it is essential to their business model. In effect, an invisible tax on all your purchases is created, and that 'tax' represents the money that is kicked-back to all those who may have been responsible for 'helping' you decide to make that given purchase.

    'Advertising' in the 21st Century, is a very dirty and sophisticated game. The industry requires that you see targeted ads, and targeted ads require massive intelligence gathering operations. The ad business is now the *OTHER* NSA. And the ad biz has no more conscience than the NSA either.

    Sadly the current situation has a tiny minority of people aware of the issues, and determined not to be casually data-mined, while the vast majority feels they have no other choice but to bend over, take it, and convince themselves they enjoy it. In fairness, those that give in genuinely feel they live in an age of 'wonder' as the social network services revolutionise their lives.

  9. Piss off... by Jawnn · · Score: 1

    We're the phone company. We don't care what you little people want, need, or think is important. We don't have to. We never did, and we likely never will because you believe that you absolutely must be able to yack and/or text with your BFF, and update your TwitBook status. That all too common pathology will keep you bending over for just about any abuse we or our real customers care to put to you. So shut up and take it, bitches.