Mobile app developers should pay close attention to the current controversy over smartphone data privacy. Would-be whistleblowers say modern smartphones -- including the iPhone and all models of Android phones -- track and store an ongoing record of wherever their owners travel, even when no applications that require location data are running. Prominent lawmakers have questioned Apple and Google for clarification of their location-tracking policies, while the allegations have already spurred a class-action lawsuit against Apple in Florida.
For their part, smartphone makers deny the charges. Apple this week issued a Q&A document addressing the issue, stating, "Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so." Even Microsoft, in a preemptive move against any similar allegations, issued a document detailing some of the location data policies of Windows Phone 7.
But location data is just some of the sensitive information found on smartphones. The typical user's phone might also contain contact information for friends and colleagues; dates and times of past meetings and future appointments; photographs and videos; and details of who the user contacted and when, whether it was via voice, email, SMS, IM, or social networking -- often including a verbatim transcript of the message.
[ Before the iPhone location "scandal" broke, InfoWorld's Galen Gruman warned mobile developers to not abuse location data. | Bill Snyder argues that Silicon Valley firms have learned they can get away with stonewalling users on issues like location privacy. | Subscribe today to the Developer World newsletter. ]
Mobile apps can analyze and manipulate this data for all kinds of useful purposes; that's their greatest value. But it also means app developers bear every bit as much responsibility for users' privacy as the smartphone manufacturers themselves. If they don't treat that responsibility with sufficient respect, they stand to suffer the same backlash.
What's the big deal?
What's more, access to user data on smartphones is on a strictly opt-in basis. Before an app can be installed, the user must first approve a list of permissions outlining exactly which data and phone functions the app intends to access. Everything is disclosed up front and in plain English.
From the user's perspective, however, these arguments sound disingenuous. When every week seems to bring another news story about a data breach resulting in the theft of customer data, customers are growing increasingly jealous of their privacy. Given the unique nature of the data to be found on smartphones, it's only natural that they have begun to view mobile apps with a skeptical eye.
For example, on the Amazon Appstore for Android, the game Farm Frenzy normally retails for $1.99, and for a limited time it was available for free. By some accounts it's an addictive diversion. Nonetheless, Farm Frenzy has more one-star ratings than all other ratings combined. The typical one-star review reads like this one, from Paul Wilson of Dallas: "No way will a game have access to my contact list or call log. Next they'll want me to send them a key to my house so they can go through my bank and tax statements."
How much would you pay for privacy?
HeroCraft, the developer of Farm Frenzy, says it never had any intention of spamming users' contacts or any other underhanded practice, and it has since reduced the number of permissions requested by the app. But statements like these don't do much to reassure customers, especially when they can easily be withdrawn tomorrow.
Take the case of Color Flashlight, a free app available in the Android Market. According to one user, "the lying greedy [developer] secretly put ads in the last update and didn't mention this at all in the changelog!" What's more, the new version requires permission to take pictures and videos with the phone's camera, prompting some users to suggest it can secretly take photos and post them to the Internet. More likely, the app needs access to the camera to use its LED flash as a flashlight, but the customers' trust had already been lost.
Consumers understand that companies change over time, and so do their policies. Today's chief executive might have ideas the last one didn't, or a smaller company might merge with a larger one. When these changes happen, customers worry about what might happen to any data they've already turned over, as well as what new data the company might want to collect, analyze, use, or sell in the future.
What could possibly go wrong?
If you're developing apps that use customers' mobile data, you need to do more than recognize these realities. You need to develop a policy that places secure, ethical, and appropriate handling of user data at the core of your application development process. Embrace best practices; for example, request only those permissions that are absolutely necessary for the app to function, and disclose in detail why your apps need certain permissions to function before users download the app. Establish trust early, and maintain that trust by giving users fine-grained control over their own data.
In other words, mobile app developers should borrow a page from the smartphone platform vendors' playbook and take a proactive stance in asserting their respect for users' privacy. If smartphone vendors don't address this issue swiftly and loudly, and app makers don't follow suit, the Florida class-action filing against Apple will be but the tip of the iceberg -- and independent app developers may find themselves on a collision course with both users and their lawyers.
This article, "Why users don't trust mobile apps," originally appeared at InfoWorld.com. Read more of Neil McAllister's Fatal Exception blog and follow the latest news in programming at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.