Welcome to Privacy Bedlam, Mobile Apps


bedlamADOTAS – I’ve often railed against The Wall Street Journal’s hyper-paranoid “What They Know” series, and while the latest entry on data-sharing through mobile apps includes the hysterical rhetoric — lines like “These phones don’t keep secrets” make me think I’m watching the local news — that I’ve grown to loathe, the WSJ crew has hit a real issue with mobile apps sending identifiable smartphone information to third-party companies.

It’s a big enough deal that the Mobile Markting Association (MMA) has launched an initiative to develop a comprehensive sets of mobile privacy guidelines that would complement its current Global Code of Conduct. Led by Alan Chapell of Chapell & Associates, the MMA’s Privacy Committee will tap mobile carriers, marketers, agencies and technology firms to build a framework regarding mobile data collection.

Analyzing the data transfered by 101 popular smartphone apps, WSJ found that 56 sent the unique device ID (UDID) to third-party companies such as ad networks without informing or asking for consent from users. A UDID is not an equivalent to an IP address, mainly because it can’t be refreshed; for example, each iPhone has a 40-character ID that is set in stone.

Some tracking companies are building profiles (anonymous — no PPI) based on data received from apps for targeted advertising. That use isn’t necessarily wrong or something that consumers will light the torches and sharpen the pitchforks over — the issue is that these apps have been tossing about data secretly.

It’s very disappointing that mobile app makers have been lazy/thoughtless/sneaky in regards to informing consumers about data shared with third parties. You’d think they would have taken a hint about data-sharing transparency from the online world, but WSJ found even worse stuff: 47 apps transmitted device location details in some fashion and five sent age, gender and other personal details to third parties, all without explicit explanation or permission from the user.

For some reason I keep thinking about device fingerprinting firm BlueCava, another company the Journal profiled recently; I had interviewed CEO David Norris a few months prior.

BlueCava’s software gathers the surprisingly large amount of information a browser shares with a website, encrypts it, analyzes it and dispenses a unique ID that allows it to track a device wherever it goes online. If you switch browsers or dump your cookies, BlueCava’s system is smart enough to realize it’s the same device and simply updates its records.

According to WSJ, BlueCava has identified 200 million devices, but there isn’t really a method for informing consumers they’ve been fingerprinted. While suggesting it was building an opt-out system, Norris said it was trying to be crystal clear about how the data is used.

Frightened of cookies? Did the idea of the evercookie make your hair stand on end? Who cares? The technology already exists to identify and follow your device — be it PC, smartphone or tablet, regardless of IP address. So is a device an extension of a person? Does it deserve the same level of privacy?

If you take their word for it (and you should — accessing PPI only leads to headaches for trackers and advertising tech firms), firms like BlueCava are not diving into your address book or financial records — they’re just examining what you browse, what games you play, etc., then putting you into broad audience categories for advertisers to target. Not really that alarming when you lay it out on the table.

The sneaky business is the issue. Tech firms, app developers, publishers all gotta be upfront about data collection — and to its credit, BlueCava has been very forthright in talking about its technology.

To ease the minds of worried consumers, there should be an easy, universal way to opt out of data collection. Although it’s definitely a middle finger pointed in Google’s direction, Microsoft’s “Do-Not-Track” option on the updated Internet Explorer browser truly puts the control in consumer hands.

No matter how much it will affect the targeting industry, a do not track list might be the answer. Then again, considering what a bustling business the data-collecting and targeting industry is (and what a crap economy we’re wading through), I kinda doubt such a thing will gain traction in Congress. Lobbyists will likely grease the right squeaky wheels to ensure the tracking business keeps on growing.

And I’m in the camp that targeting — behavioral, social, whatever — is the last, best hope for effectively monetizing most content on the Internet. Maybe we should just drop the pretense and admit that there is no such thing as privacy on the Internet — or with mobile apps. Granted, “browse at your own peril” isn’t much of a slogan…

Arguably, developers of browsers should be the ones to offer a universal “Do not track” option. And publishers of premium content will build systems that recognize when users have opted out of tracking and deny them access without paying an entrance fee — cash or the ability to grab your IP address and possibly drop a cookie. This mobile app is free as long as you let it collect information to sell to third parties; otherwise it’s $10.

Content isn’t free. It may sound like a pain in the ass, but that’s the compromise consumers and advertisers are eventually going to have to reach — either with federal interference or blessing.

Beyond that, though, groups like the Digital Advertising Initiative should be setting industry limits on the amount of data that is actually collected — that’s the next can of worms waiting to be dealt with…


  1. Great article. I agreed on the premise that content is not free to produce or publish, especially if its high quality. I also agree that those collecting data have to be upfront with what is collected and how it will be used. If the price of admission is ad views to support quality content, then those might has well be relevant and add value to both the publisher and advertiser. As long as they are not sharing personally identifying information, then that seems like a fair trade, especially if it enables ad supported publishers to continue to produce quality content.


Please enter your comment!
Please enter your name here