Mobile App Policy Violations – How Serious Is The Problem?

Mobile App Policy Violations

The recent furore around SnapChat and its supposed policy violations has once again thrust the issue of mobile data privacy and security into the spotlight.

The Federal Trade Commission (FTC) recently levelled a long list of charges against the popular photo and video sharing app. The list included accusations that videos sent through Snapchat were easily accessible by plugging a phone into a computer, that users could preserve images by taking screenshots, that the app tracked the geo-location of Android users, and that numerous security flaws allowed attackers to easy access usernames and phone numbers.

All of these accusations directly contradict the alleged features that have made SnapChat so popular; the app has grown its user-base on the understanding that sent media was a) private and b) would be deleted within a few seconds of being viewed.

For their part, SnapChat have not formally admitted culpability and used a recent blog post to claim that they “have resolved most of those concerns over the past year by improving the wording of [their] privacy policy, app description, and in-app just-in-time notifications” – adding that they remain committed to investing in security and counter-abuse measures.

SnapChat may be forgiven for initially underestimating how popular the app would become, and although the FTC’s judgement means SnapChat now faces twenty years of scrutiny, it is at least commendable that the company has addressed the concerns head-on.

Perhaps more importantly than the individual case of SnapChat, the revelations have raised wider concerns about which other mobile apps might be in breach of their purported terms and conditions.

Creating apps is becoming an increasingly accessible hobby for the masses, with the point-and-click nature of development meaning that people who have little skill in programming are now able to design content in a way that was previously impossible. It would be naïve to suggest that all these new developers have the necessary technical proficiency to insert the requisite privacy notices to alert users to the many potential privacy pitfalls that await them.

As the SnapChat case highlights, even skilled and knowledgeable developers struggle to correctly code multiple languages to fulfil their legal obligation for a comprehensive privacy protection policy. They can easily find themselves in trouble if their app uses or shares personal data, geo-locations, audio content, or video content without it being fully highlighted to a user.

SnapChat isn’t the first company to fall foul of the FTC. In 2011 the iOS social networking app ‘Path’ was charged with engaging in deceptive business practices by claiming in its privacy policy that it only collected information such as the user’s IP address, operating system, browser type and site activity when in reality they were collecting and storing information as diverse as users’ address books, phone numbers, email addresses, Facebook usernames, Twitter usernames, and dates of birth. The incident cost the developers a mammoth $800,000 in civil penalties.

A year later Delta Airlines found themselves in the crosshairs as the California attorney general opened proceedings over their app’s “non-existent privacy policy” with Justin Brookman (Director of Consumer Privacy at the Centre for Democracy and Technology) taking to Twitter to claim that the company could face up to $2.5 billion in penalties.

So what can be done? Governments around the world have long-since introduced legislation to try and combat the problem of opaque and difficult-to-understand privacy policies, but it is clear that with almost 2,000,000 apps across Apple’s and Google’s stores, monitoring and managing all of them is impossible.

There are also numerous courses and training programs that developers can attend, but again, it is unreasonable to expect casual ‘bedroom’ developers to go to such lengths for apps that they know might only be downloaded a handful of times, if at all.

It seems that at the moment the threat of fines, loss of revenue, and public embarrassment remains the best deterrent. It was reported that SnapChat turned down multi-billion dollar offers from both Facebook and Google in late 2013, offers that are unlikely to resurface now the brand has become significantly more toxic and users are slowly abandoning it. It should serve as a lesson to all budding developers.

By Daniel Price

Aruna Headshot

2019 Predictions for Innovating, Transforming and Enabling Workplace Transformation

My Predictions for 2019 As we think of the top Collaboration trends for the coming year, we should start by taking a look back at ...
Mike Johnson

Data Transmission Travel Plans – From The Ground Up

Don’t Forget Networking The term “cloud” was first used by the telecomm industry in early schematics of the Internet to identify the various, non-specific uses ...
Trust Report

Profit-Driving Strategies for 2020, Backed by Data

Profit-Driving Strategies Since 2019 is coming to a close, the time has come for businesses to evaluate what they can do to propel profits in ...
Mor Cohen Tal1

The Top 2 Challenges of Next-Gen Applications

Challenges of Next-Gen Applications When you think of why customers move to the cloud, there are a few key things that they're trying to achieve ...
Signal Messenger: How to Successfully Resist Wiretapping Attempts

Signal Messenger: How to Successfully Resist Wiretapping Attempts

Successfully Resist Wiretapping Attempts Against the backdrop of events in the US, the popularity of the Signal secure messenger has grown sharply - from 6,000 ...
Tunio Zafer

Questions To Ask Every Cloud Storage Provider

Cloud Storage Provider Questions As with many new technologies, attitudes toward cloud storage vary. Telephones were immobile; wearables perhaps unwarranted. And now, the global cloud ...
Byod.png