Earlier this week in the US Senate, the Privacy, Technology and Law Subcommittee of the Judiciary Committee held a hearing on mobile privacy issues. One focus of the hearing was the privacy of personal information collected and used by Apps on mobile devices, and one line of questioning concerned the absence of privacy policies for Apps used by consumers. Without a privacy policy to review, consumers may not have the ability to understand and control the use of their personal data by the Apps. And although privacy policies should not be the only way companies communicate with users about data use, posting a privacy policy is the essential first step for companies to take to be accountable for their practices of collecting and using online data.
With that in mind, the Future of Privacy Forum this week analyzed the top 30 paid mobile apps across the leading operating systems (iOS, Android, & Blackberry) and discovered that out of the top 30 applications, 22 of them — nearly three-quarters– lacked even a basic privacy policy. A previous analysis of mobile apps by the Wall Street Journal this past December, found that forty-five of the top 101 i-Phone or Android apps they assessed did not provide privacy policies on their websites or inside the apps at the time of testing.
FPF’s methodology included analyzing the top paid iPhone apps in the Apple App Store on May 10, 2011, and industry standard reporting from Distimo. In the assessment, FPF looked for the website of the application developer and investigated whether the developer had a privacy policy that could be associated with their App. If a privacy policy was found on a website, the application developer was credited with having a mobile application privacy policy. FPF also downloaded a sample of the paid apps to a mobile device and determined if at any time during the download and installation process a privacy policy was presented to the user of the device. Out of the sample tested, FPF found that only one (Angry Birds iOS) had a privacy policy link from within the user interface.
FPF believes that a fundamental element of protecting the privacy of consumers using Apps is the availability of a readily-accessible, written privacy policy. FPF believes that, at a minimum, App Developers should have privacy policies (with which they comply) for all Apps offered to consumers. Once a consumer reviews a privacy policy, he or she can choose whether to install or continue using the App, a fundamental part of privacy control. FPF is working with Center for Democracy and Technology (CDT) to suggest additional ways that app developers can improve their privacy practices to protect consumers personal privacy.
To see the list of 30 apps analyzed by FPF and whether or not they have a basic privacy policy in place, click here.
*Research and creation of app privacy policy matrix by Shaun Dakin and Shreya Vora, Future of Privacy Forum Fellows