Aug 01, 2013

    Soon, read the label on mobile apps

    LIKE food packages that display nutrition labels, some mobile apps could soon display information that allows consumers to decide at a glance whether the apps are good for them.

    A variety of groups, including app developers and consumer advocates, have agreed to test a voluntary code of conduct that would require participating app developers to offer short-form notices about whether their apps collect certain personal details from users or share user-specific data with entities like advertising networks or consumer-data resellers.

    The idea is to allow people to compare the data-collection practices of, say, torchlight apps and choose one that does not ingest unrelated material, like their photos or contact lists.

    The determination that the notices are ready for testing is the outcome of year-long negotiations by various parties to raise mobile-app transparency for consumers.

    Participants included app developers, and digital-marketing, civil-liberties, consumer and privacy groups.

    Although major mobile-app developers like Apple and Google - which develops mobile apps for its Android platform - have not indicated whether they intend to sign on to the code of conduct, groups involved in drafting it say it is a significant advance in mobile privacy for consumers.

    But other participants in the negotiations said the notices would do little to give individual consumers more insight into or control over the vast piles of information about them that online entities collect and analyse.

    The notices would display only a limited list of data-collection categories, they say, and would not allow consumers to opt out of data-mining or even see the records companies had amassed on them.

    In the past, the app industry has been heavily criticised by some US federal regulators and consumer advocates for collecting personal details from users without their knowledge or consent.

    A review last year by the Federal Trade Commission of 400 popular children's apps available on Google and Apple platforms concluded that only 20 per cent disclosed their data-collection practices.

    The code of conduct would require participating mobile-app developers to show notices indicating whether their apps collected user-specific details in any of eight categories: biometrics, including fingerprints or facial-recognition data; Web browsing history; logs of phone calls or texts made or received; contact-list details like e-mail addresses or social-network connections; financial information, like credit or banking data; health or medical data; precise location data; and stored text, video or photo files.

    Signatories to the code would also have to list any of eight categories of entities with which their apps shared information. These comprise ad networks; mobile carriers; consumer-data resellers; data-analytics companies; government entities; operating systems; social networks; and other apps.

    Companies that violated a promise to adhere to the code would be subject to enforcement action by the Federal Trade Commission.

    The code is the first step in a larger plan by the Obama administration to institute a wide-ranging consumer-privacy bill of rights that would give consumers some rights to access, control and correct the personal details companies collected on them.