Federal grand jury investigating Android, iOS apps for privacy concerns
A federal grand jury has served mobile developers, including music service Pandora, subpoenas as part of an investigation into the use of users' data in conjunction with ad networks.
News of the subpoenas was made public in filings related to Pandora's Initial Public Offering, according to a report by MarketWatch.
"In early 2011, we were served with a subpoena to produce documents in connection with a federal grand jury," Pandora said in its filings, "which we believe was convened to investigate the information sharing processes of certain popular applications that run on the Apple and Android mobile platforms."
Pandora said it did not believe it was the target of the investigation, but stated, "we believe that similar subpoenas were issued on an industry-wide basis to the publishers of numerous other smartphone applications."
The government has been taking a close look at how mobile apps, platforms, and ad networks make use of citizen's private data. There are already strict regulations pertaining to the use of GPS location data, but the market for collecting personal data, including interests, web browsing habits, gender, age, and other demographic data, for use in improving and targeting advertising messages remains a newly emerging business with grey boundaries.
Jobs eyes analytics
Last summer, Apple's chief executive Steve Jobs revealed that the company had been working to tighten up the rules among iOS developers, saying that initially "we were really naive about this stuff," but after seeing ad networks collecting large amounts of customer data and reporting aspects of it, the company "went through the roof about this."
Jobs' initial concern pertained to data analytics firms discovering Apple's own internal use of new products prototypes.
"We're not banning other advertisers from our platforms," Jobs said. "They can do that. But they can't send data out to an analytics firm who is going to sell it to make money and publish it to tell everybody that we have devices on our campus that we don't want people to know about. That we don't need to do."
Enter the lawsuits
Just weeks after Jobs' comments, an article published by the LA Times suggested that Apple was spying on users' location based on an incorrect understanding of the company's revised privacy policy, under the headline, "Apple collecting, sharing iPhone users' precise locations."
That story resulted in a probe launched by two US Congressmen who peppered the company with questions about its privacy policies. Last December, a report by the Wall Street Journal again examined the issues of collecting and sharing user data with ad networks, noting that many apps collect and forward users' data to ad networks without much disclosure of what's going on or why.
That report kicked off a lawsuit that closely mirrored the findings of the Journal report, specifically targeting Pandora as sending "age, gender, location and phone identifiers to various ad networks," for example, although the suit named Apple as its target, not the various apps that were actually making some use of private data.
Open to exploitation
Apple allows users to opt out of sharing their location data with advertisers on its own iAd network, and has established a privacy policy that addresses what data apps can obtain, and for what purpose. However, it appears that Apple is allowing Google and other advertisers to act beyond its stated policies.
On its own mobile platform Google has taken a much less integrated approach, allowing Android developers distribute apps without any real restrictions as long as they outline in technical terms what permissions an app requests at the time of installation.
Users who don't understand what these technical system permissions mean or the potential for abuse implied in giving an app access to their personal data have had a wide swath of personal data uploaded to advertisers and others using the wide open and largely unregulated Android platform to distribute malware and spyware.
News of the subpoenas was made public in filings related to Pandora's Initial Public Offering, according to a report by MarketWatch.
"In early 2011, we were served with a subpoena to produce documents in connection with a federal grand jury," Pandora said in its filings, "which we believe was convened to investigate the information sharing processes of certain popular applications that run on the Apple and Android mobile platforms."
Pandora said it did not believe it was the target of the investigation, but stated, "we believe that similar subpoenas were issued on an industry-wide basis to the publishers of numerous other smartphone applications."
The government has been taking a close look at how mobile apps, platforms, and ad networks make use of citizen's private data. There are already strict regulations pertaining to the use of GPS location data, but the market for collecting personal data, including interests, web browsing habits, gender, age, and other demographic data, for use in improving and targeting advertising messages remains a newly emerging business with grey boundaries.
Jobs eyes analytics
Last summer, Apple's chief executive Steve Jobs revealed that the company had been working to tighten up the rules among iOS developers, saying that initially "we were really naive about this stuff," but after seeing ad networks collecting large amounts of customer data and reporting aspects of it, the company "went through the roof about this."
Jobs' initial concern pertained to data analytics firms discovering Apple's own internal use of new products prototypes.
"We're not banning other advertisers from our platforms," Jobs said. "They can do that. But they can't send data out to an analytics firm who is going to sell it to make money and publish it to tell everybody that we have devices on our campus that we don't want people to know about. That we don't need to do."
Enter the lawsuits
Just weeks after Jobs' comments, an article published by the LA Times suggested that Apple was spying on users' location based on an incorrect understanding of the company's revised privacy policy, under the headline, "Apple collecting, sharing iPhone users' precise locations."
That story resulted in a probe launched by two US Congressmen who peppered the company with questions about its privacy policies. Last December, a report by the Wall Street Journal again examined the issues of collecting and sharing user data with ad networks, noting that many apps collect and forward users' data to ad networks without much disclosure of what's going on or why.
That report kicked off a lawsuit that closely mirrored the findings of the Journal report, specifically targeting Pandora as sending "age, gender, location and phone identifiers to various ad networks," for example, although the suit named Apple as its target, not the various apps that were actually making some use of private data.
Open to exploitation
Apple allows users to opt out of sharing their location data with advertisers on its own iAd network, and has established a privacy policy that addresses what data apps can obtain, and for what purpose. However, it appears that Apple is allowing Google and other advertisers to act beyond its stated policies.
On its own mobile platform Google has taken a much less integrated approach, allowing Android developers distribute apps without any real restrictions as long as they outline in technical terms what permissions an app requests at the time of installation.
Users who don't understand what these technical system permissions mean or the potential for abuse implied in giving an app access to their personal data have had a wide swath of personal data uploaded to advertisers and others using the wide open and largely unregulated Android platform to distribute malware and spyware.
Comments
I actually like the idea of an application knowing where I am, and tailoring the experience I get appropriately, but I want to understand what it collects and why.
The difficulty for me comes when you end up with a terms of use document that is pages and pages long, and makes sense to lawyers, but not the layman.
However, I do like the fact that Apple seems to be coming down on the side of the consumer here, and I actually trust them to reject apps that push their luck. For me, that's a big plus when comparing to Android.
I wish all terms of service agreements were limited to just one-thousand words or less. I wish our information, information about us, or about our computers were not recorded by default.
Companies should be required to ask us permission for ANY data about us AND not force people to give any data unless they are making a purchase. It seems simple enough to do. Perhaps one day we'll be able to make it happen.
I want to be a Blank as was first described on the old TV show Max Headroom. Blanks were people who existed but weren't on any databases anywhere.
I wish all terms of service agreements were limited to just one-thousand words or less. I wish our information, information about us, or about our computers were not recorded by default.
Companies should be required to ask us permission for ANY data about us AND not force people to give any data unless they are making a purchase. It seems simple enough to do. Perhaps one day we'll be able to make it happen.
you can't have that limit on terms. The problem is that the simpler the contract, the more people will try and wiggle out of it. Contracts are overblown the way they are because of countless lawsuits.
That's why this year we don't have leakage of the new iPhone
Last years leak had nothing to do with data. It didn't take data for that guy to illegally take possess of a phone that was not his or given to him and sell it to gizmodo.
I suspect the lack of a leak is because no one really believes that the iPhone 5 will be anymore than a slight processor bump etc. So it is not worth pursuing
Well that and Gizmodo would not look good trying the same stunt again while the jury is still out on last years
That would be nice for interfering with the attempts by apps to send my data.