Violating user privacy in mobile apps

A little less than a year ago Apple modified the iOS 4.0 developer agreement to prohibit the use of third party analytics software to collect device data It seems at least in part to have been prompted by early disclosure of the iPad by analytics company Flurry (see this previous post for a recap).

Last week a story in the Wall Street Journal caused me to take another look at the fine print of the iOS developer agreement (see App developers could face US privacy investigation for TUAW coverage of the story). It seems that Pandora and a number of other App publishers have been served with subpoenas to reveal what information they are collecting. This is in response to a previous WSJ article which tested 101 apps and found that 56 of them transmitted the unique device ID (UDID) back to the publishers website:

The Journal tested 101 apps and found that 56 transmitted the phone’s unique device identifier to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent a user’s age, gender and other personal details to outsiders. At the time they were tested, 45 apps didn’t provide privacy policies on their websites or inside the apps.

The issue being with apps that collect device and/or user data without informing and getting permission from the user.

iOS Developer Program License Agreement

The first problem I had when I wanted to check the small print of the developer agreement is that I could not find it. You have to login to the Apple Member Center at and then select the “Your Account” tab from which you can access the Legal Agreements you have signed up for.

Section 3.3.9 covers collecting user or device data and specifically prohibits analytics software from sending data to a third party:

You and Your Applications may not collect user or device data without prior user consent, and then only to provide a service or function that is directly relevant to the use of the Application, or to serve advertising. You may not use analytics software in Your Application to collect and send device data to a third party.

Section 3.3.10 covers informing the user and allowing them to opt out:

You must provide clear and complete information to users regarding Your collection, use and disclosure of user or device data. Furthermore, You must take appropriate steps to protect such data from unauthorized use, disclosure or access by third parties. If a user ceases to consent or affirmatively revokes consent for Your collection, use or disclosure of his or her user or device data, You must promptly cease all such use.

The current App Store Review Guidelines also make it pretty clear what Apple thinks about the topic:

17.1 Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used

So who follows the agreement?

Given how clear the various agreements and guidelines are I have to conclude two things:

  • Lots of big (and maybe small) publishers seem to be ignoring the license agreements
  • The App Store review process is not able to detect who is violating the agreement

It remains to be seen what will come from the legal moves but I think there is a case to be made for informing users and getting their consent prior to collecting data.

From a developers perspective it can be very useful to know which devices and iOS versions are being used. However my guess is that if you put up a message informing the user that you want to collect something they will choose the “No Thanks” option unless you are very persuasive. Maybe this is the reason that you see very few apps that actually ask for consent and just go ahead and collect the data anyway.

I would be interested to hear in the comments from developers who have dealt with this issue - do you provide the user with an option and if so what level of opt-out do you see?