App Privacy: Are You Up to Speed on the Latest Guidelines?

Holding iPad

Concerns have arisen recently about the security and privacy of smart phone users who download apps. This concern, spurred for the most part by apps accessing address books and contact lists, has prompted the GSMA to publish new privacy guidelines for app publishers.

Path and Hipster Apps Raise Privacy Awareness Concerns

Recently, smart phone users were alerted to the fact that two apps in particular had been uploading user contact data to their server without the consent of the owner of the device. While the two applications in question: Path and Hipster, publicly apologized for this faux pas and claimed to have made changes to their software to prevent this issue in the future, a level of anxiety still remains among app users.

How Can Smart Phone Users Forget About Their Privacy?

Some are asking how smart phone users could "allow" for their personal data to be accessed, but this is exactly the point; they did not. Users had no idea that the applications they were downloading had access to their contact information, let alone the fact that they were downloading this information and storing it on their own server. As users download apps, they may be faced with terms of service that state exactly how the application is designed to work and what information it will be accessing on the users phone. The problem here is that this privacy issue was never addressed. It is believed that users wouldn’t be so up in arms about the issue were they simply informed that their information was being accessed.

How is the Privacy Concern over Apps Being Handled?

The first step for many companies directly implicated in this violation of privacy has been to make changes to their terms of service. Many of these applications now indicate explicitly that clients may have their contact information stored; others give the user the option to opt out of this feature. The GSMA however, has something else in mind.

What is the GSMA?

GSMA stands for Groupe Speciale Mobile Association and is a professional organization that is designed to represent the interest of mobile operators around the world. This organization currently spans more than 220 countries and connects approximately 800 mobile operators.

How is the GSMA Stepping in to Handle App Privacy Concerns?

The GMSA has indicated their own concerns about being able to ensure the privacy of their consumers and as such they have stepped in to the arena with app privacy guidelines. The guidelines set forth by the GSMA are already being supported by global mobile companies. Consumers are showing much more enthusiasm for companies handling the privacy concern proactively and providing them with information on how to protect their personal data.

Privacy by Design

GSMA is principally promoting apps that respect "privacy by design." This means that applications should disclose to consumers the exact type of information that is being accessed, collected and used by the application in addition to whom that information is being shared with and why it is being shared. All of these pieces of information should be provided to the smart phone owner prior to the activation of the application at hand.

Social Networking and Data Retention

In addition to setting forth guidelines on applications, the GSMA has also established some guidelines for social networking applications in particular. Since social networking applications function by recording personal data, the GSMA felt it necessary to determine how these networking apps retain data after users have finished using them. This guideline states that users of social networking applications must be given the option to delete their account when they wish to leave the service. Not only should accounts then be deleted but all personal information and anything posted on that account should be removed completely.

Who is Supporting the Current GSMA Guidelines?

So far the list of mobile companies supporting the current GSMA privacy guidelines is not as impressive as they had hoped it would be, but they do include Deutsche Telekom, Vodafone and Orange. By supporting the new privacy guidelines, these organizations are stating that their own apps will adhere to the new privacy standards. Unfortunately this does not mean is that applications offered by third parties to users of these services will also adhere to these regulations.

Can the GSMA Force App Developers to Adhere to Their Guidelines?

One of the biggest questions among those who are concerned with their data privacy is whether or not GSMA can force app developers to adhere to these new guidelines. Unfortunately the GSMA has no authority over the third parties that develop applications and as such they can do no more than suggest or recommend adherence. They are hoping that future app developers will choose to use the guidelines as a resource when developing their software. In addition, the GSMA hopes that consumers will play an active role in protecting themselves by choosing only to download applications that have explicit privacy regulations available before activation of the app.

Is GSMA Working Alone to Enforce App Privacy?

Many consumers and media outlets are helping to educate smart phone users with the implication of privacy breaches by applications. Unfortunately though, the GSMA does not believe that they will be as successful as they hope to be without assistance from the "Big Three." According to a spokeswoman for Privacy International, the importance of consumer privacy will continue to be overlooked until Apple, Google and Microsoft jump on the bandwagon. With technical solutions from these three big companies, it is hoped that soon enough applications will not be able to access personal information without the users consent in the first place.