A huge controversy erupted the other day when a savvy programmer discovered that an app on the iPhone called Path was secretly uploading the entire contents of users’ address books to Path’s own servers. Then stories spread that many apps on the iPhone uploaded the contents of the address book. Turned out Apple had left the barn door open on address book data. Oops. But how could ordinary users tell if any of their apps were raiding the address book? No way to know for sure.
Here’s what’s not a great idea to solve the problem: add another alert dialogue box like the one apps must present if they want to access a user’s location. Sure, today’s crisis revolves around the address book but what’s the next piece of important personal data people will want protected? And the one after that? The dialogue box permission model is right out of Windows Vista. Shoot up enough and people will completely ignore it.
Another problem with the dialogue box permission model is it only presents the information to the user after they’ve already gone ahead and installed the app. There’s no way to compare app privacy policies – or personal data snatching policies – when choosing among different apps. And that’s a lost opportunity because if privacy is important to a lot of potential customers, there’s an incentive for apps to compete on the basis of better privacy protection.
The better solution is the one Android already employs in its market. Issue a standardized list of permissions and then list all the permissions an app wants in the app market. And if the permissions subsequently change in an update, the app is required to notify the users specifically about what has changed.
The obvious benefit is that everyone knows before they download or update an app what data it will access. It’s not only crystal clear disclosure to app customers. It also allows marketplace competition on privacy protection as a feature, a reason to pick this Twitter client over the myriad others or that sports news app over all the others. Developers also have the chance to explain why they need certain permissions and how they will use any collected data on their app description page.
As an added benefit, whenever a controversy or rumor arises, users can go back and check which permissions their apps required.
UPDATE: Sounds like the California Attorney General has secured an agreement from all the mobile platforms (Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion) for just such a system: