Atty. Gen. Kamala Harris, tech giants agree on mobile app privacy


California Atty. Gen. Kamala Harris announced Wednesday an agreement between her office and six tech giants -- Apple, Amazon, Google, Hewlett-Packard, Microsoft and Research In Motion -- to mandate that apps sold in their digital app stores and running on their mobile operating systems have clear privacy policies.

Speaking at a news conference in San Francisco, Harris said the agreement seeks to bring mobile apps and app stores into compliance with California law and better inform mobile app users of what private information they’re sharing and with whom.

“What we know is smartphones are everywhere and they are rich in data,” Harris said. “What we know is that there are apps once downloaded by the consumer that will also in turn download the consumers’ contact book. Most consumers don’t want that to happen and don’t know it’s happening.”


The agreement doesn’t change what any mobile app can or cannot do, but rather it calls for apps to be upfront about what they’re doing. Most apps don’t have clear privacy polices or make any effort to tell consumers what they do with personal information, she said.

“The benefits of this agreement will be for mobile app users everywhere, and this agreement is the result of work we have done in convening the six largest platforms around what needs to happen to ensure consumers of mobile apps have increased and heightened protections as it relates to their private information,” Harris said.

Harris said California was giving consumers more information about how their personal information “can be used and manipulated,” and giving them tools to protect themselves and exert more control over what they share and with whom.

For its part, Google said it was happy with the agreement.

“We are pleased to work with the attorney general on this initiative,” Google said in an emailed statement. “From the beginning, Android has had an industry-leading permissions system which informs consumers what data an app can access and requires user approval before installation. Coupled with the principles announced by the attorney general, which we expect to complete in the coming weeks, consumers will have even more ways to make informed decisions when it comes to their privacy.”

Jeffrey Chester, executive director of the Center for Digital Democracy, complained that the agreement didn’t go far enough and was essentially a bandage on what is a serious problem.

“The AG has let consumers down by not negotiating a ‘bill of rights’ for consumers using mobile services,” Chester said. “Consumers need new safeguards to ensure that their mobile data can’t be used without their express consent. Today, consumers are being stealthily eavesdropped when they use their mobile phones, with no limits on [how] their information can be collected or used. Mobile phones are sending marketers information on our real-time location and mobile Web use. Privacy policies are purposely written to permit unfair data collection practices.”


Without changes to the way privacy policies are written and an explicit method to allow a consumer to give their consent, the current problems will persist, he said.

“Requiring privacy policies for the small screen will not protect consumers and likely also give them eyestrain trying to read the digital fine print,” he said.

The Assn. for Competitive Technology, which bills itself as an app trade association and represents more than 4,000 app developers, said it “applauds” the agreement.

“This is a positive step to set clear guidelines for app makers while reassuring consumers that their privacy is secure,” the group’s executive director, Morgan Reed, said in an email. “Apps should be transparent with users about how their personal information is used. All app makers, even those that don’t collect user information, should make their practices clear in a privacy policy. This improves consumer confidence in the safety of their personal information and helps users identify the right apps for their needs.”

The attorney general’s office will look for the tech giants involved in the agreement, and those who develop apps for their respective platforms, to fall in line and be more transparent about what they do with a user’s data, and bad behavior will be punished, Harris said, adding that lawsuits will be filed calling for penalties of up to $5,000 per user of a violating app, if need be.

“The law does apply to the mobile apps,” she said. Harris said her office would meet again with the companies in six months to see how they’ve responded to the agreement.


The move follows a dust-up across the tech world after a developer found out that the social networking app Path was uploading the address books of its users on Apple iPhones and phones running Google’s Android operating system without permission and other apps were found to do the same, including popular apps such as Foursquare and Twitter.

Google has also recently been found to be using privacy holes in the iPhone’s Safari mobile browser and Microsoft’s Internet Explorer browser as well -- which has led to a backlash among privacy watchdogs.

The six tech industry leaders that the attorney general’s office has made its agreement with are the largest players in the growing mobile apps market -- with a combined 95% share of the mobile operating system market.

Apple’s iOS and Google’s Android operating system (for which Amazon sells apps) are the most widely used mobile operating systems, while Research In Motion’s BlackBerry, Microsoft’s Windows Phone and Hewlett-Packard’s WebOS devices make up a far smaller share of users.


Feds ask if Google violated FTC agreement


Twitter stores full iPhone contact list for 18 months, after scan

Apple, Android must better protect kids who use apps, FTC says