IE 11 is not supported. For an optimal experience visit our site on another browser.

Calif. state attorney promises suits against data-vacuuming mobile app makers

California is clamping down on nosy mobile applications, telling them they must give people advance warning if they want to keep pulling sensitive information from smartphones and computer tablets.
/ Source: The Associated Press

California is clamping down on nosy mobile applications, telling them they must give people advance warning if they want to keep pulling sensitive information from smartphones and computer tablets.

The crackdown comes six months after California Attorney General Kamala Harris began discussing the need for better privacy protections with six powerful companies that have shaped the mobile computing market, spawning nearly 1 million applications over the past four years.

Those talks led to an agreement requiring mobile apps seeking to collect personal information to forewarn users by displaying privacy policies before their services are installed on a device.

The companies working with Harris are: Apple, the maker of the iPhone and iPad; Google, the Internet search leader and maker of Android mobile software;, the maker of the Kindle Fire tablet; Microsoft, which makes a mobile version of its Windows operating system; Research in Motion, the maker of the BlackBerry; and Hewlett-Packard, which is donating its mobile software to the open-source community.

"We are assuming everyone is going to cooperate in good faith and not get cute," said Harris, who plans to review compliance with the guidelines in six months.

Harris, a Democrat, is taking her stand as lawmakers and regulators throughout the country are zeroing in on how technology has made it easier to pry into the lives of people who share personal information on websites and store sensitive data on their mobile devices.

The concerns have intensified in recent weeks as Google prepares to blend together a hodgepodge of privacy policies covering various services. The move will make it easier for Google to tie together personal information as it tries to sell more online advertising.

Harris and 35 other attorneys general sent a letter Wednesday to Google CEO Larry Page seeking a meeting with company officials to discuss the "troubling" privacy policy changes before they are scheduled to take effect March 1.

The Obama administration is wading deeper into the online privacy debate with new guidelines that it's releasing Thursday. It wants technology companies and other parties to create codes of conducts for mobile apps as well as a variety of other digital services.

Most mobile apps haven't even drawn up a privacy policy, Harris said, partly because of confusion about whether a 7-year-old law governing online privacy applies to them.

The law requires online services collecting personal information to "conspicuously post" a privacy policy. That hasn't been happening among some of the even most intrusive apps that drill into address books and other personal files on smartphones and tablets. Having the data can help mobile apps attract more users or make their services more compelling.

"I would suggest most consumers don't want that to happen and in most cases don't know that is happening," Harris said.

That ignorance has been bliss so far for mobile apps. More than 35 billion apps already have been downloaded, a number likely to grow as smartphones and tablets replace desktop and laptop computers as people's primary connection to the Internet.

That will make people even more vulnerable to the kinds of privacy abuses that have been surfacing this month.

Path, which offers a mobile app for its social networking service, recently got caught downloading users' address books without explicit permission. After the practice was exposed on technology blogs, Path apologized and stopped doing it.

Just last week, the Federal Trade Commission released a study that concluded mobile app makers haven't been telling parents about the personal information they are collecting about kids who have installed their programs. That report raised questions whether some mobile app developers have been violating federal laws protecting children's online privacy.

Harris promised to sue mobile app makers who vacuum personal data without the required forewarning. Even if mobile apps obey the law, Harris acknowledged it still may not be enough to protect the majority of people who don't carefully reading voluminous privacy policies before accepting them.

Just having to sit down to write a privacy policy may be enough to force mobile app developers to think more carefully about their actions, said by Jon Fox, a consumer advocate for the California Public Interest Research Group.

"Having privacy policies is step one to protecting consumers' personal information," Fox said in a statement. "Step two is making sure the privacy policies are strong."