Smartphones and mobile applications entertain, inform and keep us connected in ways we could not even fathom just a few years ago. There is a trade-off, however, as many of these new conveniences require us to share personal information with cell phone companies or app developers.
While many of us are willing to do things like broadcast our location to friends who might be nearby, or invite people on our contact lists to a cool new social network, we count on mobile companies to explain to us when and how they are using personal information to enhance our overall experience. We also trust that our personal and financial data will be safe in the event of a security breach.
This is not always the case. This month’s scandal involving Apple and several high-profile iPhone apps is only the most recent example of privacy breaches made by major mobile companies. Here we detail five of them with recent updates.
Twitter, Instagram and Path caught storing contact lists without clear permission
Earlier this month it was discovered that popular social networking app Path was transferring contact list information – which could include names, email addresses and phone numbers – from iPhone users to its own servers. This data helped Path members find and add friends to their networks. While there is nothing that indicates Path was doing anything inappropriate with the contact information, the company erred by not clearly communicating to users how their sensitive information was being stored. Path later apologized and updated its iPhone app to require user permission before it stores any contact data.
Shortly after the Path disclosure, prominent iPhone apps including Twitter, Instagram and Foodspotting either released updates to require user permission, or acknowledged similar practices. Feeling the heat, on February 15 Apple announced that it would require all apps to ask permission ahead of time before accessing users’ address books. Additionally, Apple CEO Tim Cook was formally asked by Congress to tighten up the company’s app approval process and make sure independent developers cannot access contact information without permission. So iPhone (as well as iPad and iPod Touch) owners should expect updates by the February 29 deadline provided by the House Subcommittee on Commerce, Manufacturing and Trade.
Security flaw found in Google Wallet
While there is no scandal to date associated with how apps running on Android smartphones access contact lists, Google is addressing a security breech that could impact a user’s virtual pocketbook. Earlier this month, the company temporarily suspended issuing Google Wallet prepaid cards after tests showed how funds could be depleted if a user’s smartphone got into the hands of a thief. It was revealed that because prepaid card balances were stored on smartphones rather than within an app, all a would-be thief would need to do to access funds was clear existing data on Google Wallet and create a brand new account.
On February 15, Google began reissuing prepaid cards. The company now requires users who wiped data from Google Wallets to set up new accounts with a human being from Google’s support team. While this fix in theory should take care of the problem, this episode will give pause to the vast majority of consumers who do not use their smartphones to make purchases.
Carrier IQ scandal could lead to Mobile Device Privacy Act
Last November it was discovered that software called Carrier IQ that is installed within tens of millions of smartphones was tracking user location and even keystroke behavior without permission. While cell phone carriers use Carrier IQ’s technology to help them identify gaps in their networks that lead to dropped calls, the media attention of practices including capturing passwords to secure websites drew public outcry and even an FBI investigation.
Carriers and smartphone manufacturers including Sprint, HTC and Samsung have recently removed Carrier IQ from their networks and devices. Expect more companies to follow suit (Apple removed Carrier IQ when it released its iOS 5 operating system). Longer-term, the Carrier IQ scandal, at least in part, inspired the Mobile Device Privacy Act. If enacted, the Privacy Act would require mobile companies to disclose ahead of time if they are using any type of tracking software.
Apple quickly fixed a gaffe in storing user location information
In one of his last public acts on behalf of Apple, Steve Jobs last April expertly addressed a potential scandal involving his company’s use of iPhone location information. Apple and Google both track their users’ proximity to Wi-Fi hotspots and cell towers as a method to deliver more localized services. When a glitch was discovered that showed Apple storing this information for users that turned location services off, Jobs (who was then on medical leave) acted swiftly and implemented a quick fix.
“It took us about a week to do an investigation and write a response, which is fairly quick for something this technically complicated,” he said in a public statement.
Advocacy groups, including the Electronic Privacy Information Center, applauded Apple’s response.
BlackBerry kicks out messaging app
When Kik Messenger debuted its instant messing service for iPhones, Androids and BlackBerrys in October 2010, it became an instant sensation attracting more than one million users in its first 15 days. Kik is a great way for users across the leading mobile networks to send IMs to each other. But another reason for its quick success was due to the fact that new users signing-up for the service at the time would automatically send alerts to their contacts who were also running Kik.
After considerable user backlash, Kik CEO Ted Livingston apologized and the company stopped sending alerts without permission. While Kik remained on iPhones and Androids, BlackBerry kicked the app out of its App World store. This didn’t seem to hurt Kik’s business prospects, as the company a few months later raised $8 million in venture capital. The company now also promotes the fact that BlackBerry owners can access the service via its mobile website. You can also find Kik on Microsoft and Nokia smartphones.