May 27, 2014

Mobile App Policy Violations – How Serious Is The Problem?

By Daniel Price

Mobile App Policy Violations

The recent furore around SnapChat and its supposed policy violations has once again thrust the issue of mobile data privacy and security into the spotlight.

The Federal Trade Commission (FTC) recently levelled a long list of charges against the popular photo and video sharing app. The list included accusations that videos sent through Snapchat were easily accessible by plugging a phone into a computer, that users could preserve images by taking screenshots, that the app tracked the geo-location of Android users, and that numerous security flaws allowed attackers to easy access usernames and phone numbers.

All of these accusations directly contradict the alleged features that have made SnapChat so popular; the app has grown its user-base on the understanding that sent media was a) private and b) would be deleted within a few seconds of being viewed.

For their part, SnapChat have not formally admitted culpability and used a recent blog post to claim that they “have resolved most of those concerns over the past year by improving the wording of [their] privacy policy, app description, and in-app just-in-time notifications” – adding that they remain committed to investing in security and counter-abuse measures.

SnapChat may be forgiven for initially underestimating how popular the app would become, and although the FTC’s judgement means SnapChat now faces twenty years of scrutiny, it is at least commendable that the company has addressed the concerns head-on.

Perhaps more importantly than the individual case of SnapChat, the revelations have raised wider concerns about which other mobile apps might be in breach of their purported terms and conditions.

Creating apps is becoming an increasingly accessible hobby for the masses, with the point-and-click nature of development meaning that people who have little skill in programming are now able to design content in a way that was previously impossible. It would be naïve to suggest that all these new developers have the necessary technical proficiency to insert the requisite privacy notices to alert users to the many potential privacy pitfalls that await them.

As the SnapChat case highlights, even skilled and knowledgeable developers struggle to correctly code multiple languages to fulfil their legal obligation for a comprehensive privacy protection policy. They can easily find themselves in trouble if their app uses or shares personal data, geo-locations, audio content, or video content without it being fully highlighted to a user.

SnapChat isn’t the first company to fall foul of the FTC. In 2011 the iOS social networking app ‘Path’ was charged with engaging in deceptive business practices by claiming in its privacy policy that it only collected information such as the user’s IP address, operating system, browser type and site activity when in reality they were collecting and storing information as diverse as users’ address books, phone numbers, email addresses, Facebook usernames, Twitter usernames, and dates of birth. The incident cost the developers a mammoth $800,000 in civil penalties.

A year later Delta Airlines found themselves in the crosshairs as the California attorney general opened proceedings over their app’s “non-existent privacy policy” with Justin Brookman (Director of Consumer Privacy at the Centre for Democracy and Technology) taking to Twitter to claim that the company could face up to $2.5 billion in penalties.

So what can be done? Governments around the world have long-since introduced legislation to try and combat the problem of opaque and difficult-to-understand privacy policies, but it is clear that with almost 2,000,000 apps across Apple’s and Google’s stores, monitoring and managing all of them is impossible.

There are also numerous courses and training programs that developers can attend, but again, it is unreasonable to expect casual ‘bedroom’ developers to go to such lengths for apps that they know might only be downloaded a handful of times, if at all.

It seems that at the moment the threat of fines, loss of revenue, and public embarrassment remains the best deterrent. It was reported that SnapChat turned down multi-billion dollar offers from both Facebook and Google in late 2013, offers that are unlikely to resurface now the brand has become significantly more toxic and users are slowly abandoning it. It should serve as a lesson to all budding developers.

By Daniel Price

Daniel Price

Daniel is a Manchester-born UK native who has abandoned cold and wet Northern Europe and currently lives on the Caribbean coast of Mexico. A former Financial Consultant, he now balances his time between writing articles for several industry-leading tech (CloudTweaks.com & MakeUseOf.com), sports, and travel sites and looking after his three dogs.
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more
Dolores

Q&A: Airport Security Trends with Dolores Alemán, Frost & Sullivan Analyst

Airport Security Trends In this CloudTweaks interview, we delve into the evolving landscape of airport [...]
Read more
Derek Pilling

Diversify for Success: The Multi-Cloud Advantage

What is Multi-Cloud? For good reason there is a lot of discussion about multi-cloud among [...]
Read more
Anastasios Arampatzis

Insider Threats: The Trojan Horses in Intellectual Property Theft

The Invisible Enemy In the rapidly evolving landscape of global business, intellectual property (IP) stands [...]
Read more
Wealth Management Software Solutions - ServiceNow

Leading Online Savings and Wealth Management Services

Financial wealth management services (Updated: 06/29/2022) Many want to live in abundance, but very few [...]
Read more
Gary Bernstein

8 Benefits of Choosing VPS Hosting

Benefits of VPS Hosting Businesses are faced with several decisions when considering how to host [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.