Mobile apps will have to disclose how private data will be used before download under new agreement.
Six of the world’s top consumer technology companies – including Apple, Google and Microsoft – have agreed that apps will provide greater privacy disclosures before users download them so as to protect consumers’ personal data, California’s attorney general said on Wednesday.
The move comes amid increasing criticism over “data grabs” by a number of third-party applications which don’t offer clear disclosure about how much of a user’s personal data such as their address book they will store on their servers.
The new agreement binds Amazon, Apple, Google, Microsoft, BlackBerry-maker Research in Motion (RIM), and Hewlett-Packard – and developers on their platforms – to disclose how they use private data before an app may be downloaded, Attorney General Kamala Harris said.
“Your personal privacy should not be the cost of using mobile apps, but all too often it is,” Harris said.
She said that 22 of the 30 most downloaded apps do not have privacy notices. Some downloaded apps also upload some or all of a consumer’s contact book to online servers – including small companies such as the would-be social network Path, and the giant microblogging network Twitter.
The importance of reining in wayward apps has become urgent: there are nearly 600,000 applications on offer in the Apple App Store and 400,000 in Google’s Android Market, and consumers have downloaded more than 35bn, Harris said.
She said there are also more than 50,000 individual developers who have created the mobile apps available for download on the leading platforms.
Harris said an estimated 98bn mobile applications will be downloaded by 2015, and the $6.8bn (£4.3bn) market for mobile applications is expected to grow to $25bn within four years.
Google said that under the California agreement, users of its Android mobile operating system will have even more ways to make informed decisions when it comes to their privacy. Apple confirmed the agreement but did not elaborate.
The policy change would give Google access to user information across its products, such as GMail and Google Plus, without the proper ability for consumers to opt out, said the 36 US attorneys general in their letter. EU authorities have asked Google to halt the policy change until regulators can investigate the matter.
Meanwhile the US’s Electronic Frontier Foundation (EFF) has put up a page explaining how people can wipe clean their Google Search History before the changes take effect on 1 March. But it noted that this will not prevent some tracking.
California’s 2004 Online Privacy Protection Act requires privacy disclosures, but Harris said few mobile developers had paid attention to the law in recent years because of confusion over whether it applied to mobile apps.
“Most mobile apps make no effort to inform users about how personal information is used,” Harris said at a press conference in San Francisco. “The consumer should be informed of what they are giving up.”
The six companies will meet the attorney general in six months to assess compliance among their developers. But Harris acknowledged that there was no clear timeline to begin enforcement.
The attorney general repeatedly raised the possibility of litigation at some future time under California’s unfair competition and false advertising laws if developers continue to publish apps without privacy notices.
“We can sue and we will sue,” she said, adding that she hoped the industry would act in good faith.