If you believe that Facebook can not sell your privacy well, wait until you hear who else is taking personal information from your smartphone.
The huge social network has come under attack because it has apps offering sensitive data from its users. Researchers note, however, that many everyday apps for iPhone and Android suffer from data leaks that could affect users' privacy.
Serge Egelman, a researcher at the International Computer Science Institute in Berkeley, California, built a website, AppCensus
Here consumers can find privacy ratings for about 80,000 Android apps. He also built an app called Lumen
It lets Android users see what all the apps do on their devices.
Under federal law, such sensitive information should never be downloaded without parental consent from a device used by a child under the age of 13. But in a report last year, Egelman found that out of the 5,000 apps designed specifically for children he tested, more than half transmitted telephone ID codes or other sensitive data that could help address them Identify users without permission. This seems to violate a federal law passed in 2000 to protect the online privacy of children.
Meanwhile, computer science lecturer David Choffnes and several colleagues studied about 500 mobile apps released for Android phones, each over a period of eight years. During this time, half of the apps started sharing more and more information with advertisers. For example, Choffnes found that newer versions of the Pinterest photo service, which used to be fairly privacy-friendly, shared with the advertiser the gender, location, and even the unique telephone ID that could be linked to the owner's name] Both Egelman and Choffnes tested a fraction of the apps available for smartphones. And because they could not get access to the source code of Apple Inc.'s iOS software, they did not find a way to do similar testing on iPhone apps.
What's more, they just have a snapshot of the behavior of the apps. To really measure the privacy threat, you would need to see all the data an app has collected over days, months or years.
If you have an Android smartphone, a feature called Google Dashboard will display all the data that the company collects about you. Start the map feature and you'll find that Google tracked your itineraries every day you used an Android device. My data goes back to 2012. Google knows from my travels to Las Vegas, to Chicago, to Africa and to the church. All of it. And of course, Google also tracked your searches, every video you saw on YouTube, every photo you took with your Android phone.
Google says that it will delete this data on request. Facebook offers the same option. But what about the thousands of app companies that collect similar information and do not have the same standards – or come under the same test as Facebook or Google?
And what about the ad networks to which they sell your data, messing up our screens with ads that know you're in Worcester or Washington? They've been following us for years, even monitoring our activities if we do not even run their apps. We do not know what data they've put together, and they have no opinion on how to use it.
Ironically, it may be Facebook that helps us. Facebook founder Mark Zuckerberg vowed last week in his last week to reform the way the company manages its apps.
In the future, apps will only allow access to a user's name, photo, and email address. No list of your friends, no way to read your posts, and no location tracking. The app maker can ask you directly for such information, but must agree to contract terms. Zuckerberg does not provide any details, but it should include a guarantee that users will be able to see their recorded data, receive a copy of it and request their deletion.
Facebook will also add a new feature that facilitates the management and uninstall apps. One more thing: apps stop collecting data if they have not been activated by the user in the last three months. An app that you have installed and forgotten will no longer spy on you.
There is room for improvement here. And it is clearly Zuckerberg's attempt to forget all the data collected by Facebook's other activities. However, these rules would set a new standard for app privacy that the rest of the industry should mimic and build.
I was so shocked by the recent Facebook revelations that I've deleted about five dozen apps that have access to my account. When Facebook follows its reforms, I can start putting them back.
Hiawatha Bray can be reached at email@example.com. Follow him on Twitter @GlobeTechLab .