US Wants Apple, Google, and Microsoft To Get a Grip On Mobile Privacy 103
coondoggie writes "When it comes to relatively new technologies, few have been developing at the relentless pace of mobile. But with that development has come a serious threat to the security of personal information and privacy. The Federal Trade Commission has issued a report (PDF) on mobility issues and said less than one-third of Americans feel they are in control of their personal information on their mobile devices. 'The report makes recommendations for critical players in the mobile marketplace: mobile platforms (operating system providers, such as Amazon, Apple, BlackBerry, Google, and Microsoft), application (app) developers, advertising networks and analytics companies, and app developer trade associations. ... The report recommends that mobile platforms should: Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation; Consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded; Consider offering a Do Not Track (DNT) mechanism for smartphone users.'"
Also... (Score:1, Offtopic)
AMIRITE?
Re: (Score:2, Offtopic)
Instead spend less on social programs that feed the animals and teach them to become dependent.
Re: (Score:1)
Yes, because it's Google's core principle to help the struggling American economy. Please... Big companies don't give a damn about economy of any country - they only care about the economy of their business. If you offer them incentives to get out of tax heavens, they'll thank you dearly and start thinking of ways to import Chinese workforce into the US. Trickle-down economy means the rich and powerful pissing on everyone and everything below them. The happiest day in any CEO's life would be the day slavery
Re: (Score:2)
I am so far off topics it cannot hurt to keep feeding he trolls now.
Yes, because it's Google's core principle to help the struggling American economy.
Of course not, Google's core principle is help Google. A strong American economy helps Google.
Throwing away tax money on programs that stunt the economy by teaching the lower class to be dependent does not help the economy.
Please... Big companies don't give a damn about economy of any country - they only care about the economy of their business.
The economy of their business is tied to the economy of every country they operate it, they care whether they want to or not.
Again, they help the econo
Re: (Score:2, Insightful)
And what would the government use their tax money for? No, I'd rather they didn't pay their taxes. Did you see today we invaded Africa (for like the 20th time this year) Paying your taxes, gives money to people that drop bombs on 3rd world families. Keep that in mind when you bitch at corporations that avoid them.
So we're ASKING them? (Score:3, Informative)
How about regulating them?
Re: (Score:1)
Socialist!
Re:So we're ASKING them? (Score:4, Interesting)
How about simply not using their products if you disagree with their business model?
Re:So we're ASKING them? (Score:5, Insightful)
Its like, if you dont agree with all the car manufacturers, dont use them. Sure, you may not own a car and be able to get around efficiently, preventing you from getting a decent job, but... at least you made your statement.
Capitalism... it only works when you do not have limited choices.
Re: (Score:3, Interesting)
You know what just might work?
If the US would just stop pressuring the EU to drop or greatly water down their pending data privacy laws, this problem probably gets solved (well, actually, it probably only gets solved for the EU, because US companies would really want to special case the EU if it passes). The US could just copy what the EU is planning on doing and the problem will be solved (assuming the DOJ actually both to enforce the law after it is enacted).
Re: (Score:2)
And if you find alternatives that work that's just fine. But, between those 3 companies it's awfully hard to buy any computers or cell phones.
It's not the using that's the problem, it's the giving them money that's a problem. I'm sure that they'd love to sell you a product that they don't have to support because you don't use it at all.
Re:So we're ASKING them? (Score:5, Insightful)
How about regulating them?
How about a separation of Corporate and State much like the separation of Church and State. Add severe penalties for both sides for infractions. There are way too many politicians in corporate pockets and even more corporate insiders in politics. Federal regulations written by the industries being regulated is insane.
Re: (Score:2)
Re: (Score:2)
Last time I looked the separation of Church and State is pretty much a failure, many religions are represented in Government with strongly religious Politician's bringing their bigotry and bias with them government and using them to shape laws and policy.
You're right, look at Iran, Saudi Arabia, Israel, Afghanistan, India, Pakistan, etc, etc, et al. Would you want your daughter/sister/mother to grow up in that kind of country? How do you think (that is if you were allowed to think without some sort of religious over-minder watching you 24/7/365) you would feel? I believe that a spiritual feeling of love your neighbor as yourself has its place in all facets of society including government, but this religious thing should be relegated to altars and tabernacle
Re: (Score:2)
Re: (Score:2)
Otherwise you'll end up with a bunch of bad laws.
If the CONgressMEN would have the same medical/ Obamacare that is being forced down our throats under the guise of a tax, we would have a completely different healthcare system. Enough of the banksters making the banking regulations, enough of the insurance companies making the insurance policies. De-regulation only benefits the De-regulated. A "Federal" banking system that is above regulation and the laws of a nation have no business dictating anything. Shut down the international banksters, put them in pr
Re: (Score:2)
Is there a difference?
They will write up the regulatory laws and send them to regulators. You are just bypassing some steps by asking them. This saves money and time.
Ahhh the good old days... (Score:4, Insightful)
That's one thing I really miss about my old WinMo phones. They were not a data harvesting device, just a phone, with computer functionality. Every device I've had since then just seems like it's spying on me and siphoning off my personal life for someone else's gain.
It's creepy.
Re:Ahhh the good old days... (Score:5, Informative)
That makes it trivial enough to block something like Angry Birds from getting my location and communicating it to their home server. The problem is with apps which have to be online and which need access to that info to function. e.g. Navigation with Google Maps requires network access and my location. I'd like to think providing navigation is all they're doing with my location info, but I suspect they're doing a lot more with it like building movement pattern profiles.
Re: (Score:2, Troll)
It seems that the newer smartphone OS's exist to provide your personal life to their creators, and push the limits of the invasion of your privacy, whereas the "last gen" smartphones were trying to provide a pocket-sized computing experience that could be safely used to access sensitive corporate networks, and push the limits of technology.
We lost something along the way...
WinMo was never the best technology, or the best OS, but it was built to be a platform you had full control over and you could conceivab
Re: (Score:2)
Look at the incredible amount of work that Google puts into Android only to give it away. It's like downloading cracked software from a warez site that also installs a keylogger.
Except that the source code for Android is available and communities can build from it ie, Cyanogen.
Cyanogen also built a version of android with in-app level permissions, which would have allowed users to explicitly set what each app could have access to, though they've drooped that ability in recent versions.
Google however is adamantly opposed to giving users that much control - see their responses to the request here: http://code.google.com/p/android/issues/detail?id=3778 [google.com]. I'm guessing that's to protect
Re: (Score:2)
Re: (Score:2)
How can I verify that LBE Privacy guard isn't harvesting my data? Is the source code available somewhere?
Re: (Score:2)
I'm surprised that there still isn't a fine-grained egress firewall for Android like Firewall iP for iPhones. That's one of the few things I really miss after ditching the iPhone.
Re: (Score:3)
Every device I've had since then just seems like it's spying on me and siphoning off my personal life for someone else's gain.
A problem that would go away overnight with an open market instead of contracts and vendor lock-in. Cell phones are specifically designed to be incompatible with one another; Imagine if you could buy something like a SIM card that worked on all the networks in the United States, not just some, and all you had to do when getting a new phone is slide your SIM into it. Someone would design a secure phone that doesn't siphon off your personal life. Several have tried, but they all fail because of monopolistic p
Re:Ahhh the good old days... (Score:5, Informative)
You can actually. It would work on any GSM network in the USA. Of course, you need to buy your phone from a Phone Vendor rather than a Service Provider.
That's what I did when I spent a few years in the USA. It used SIM cards from 4 different US Service Providers.
But Americans want subsidised phones so they don't do this.
Re: (Score:2)
You mean like Google what?
What they mean is (Score:1)
NSA backdoor (Score:1)
Re:NSA backdoor (Score:5, Insightful)
They don't need a backdoor for the phone itself. They already have access to all the phone data because it is stored on the server, and they have unlimited access to the service providers.
Android already does this... (Score:1)
Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation
This is already done by Android and works perfectly. What I'd like to see, though, is the ability to selectively deny services or mock them out and provide fake responses. If an app is asking for my contacts and I don't want to share, I should be able to return an empty address book. Same thing with location - let me set a fake one when I want to.
At the end of the day, though, service goes both ways. Just as I'm free to not want to provide my location to an app, apps should be free to refuse to work without
Re:Android already does this...Not quite... (Score:5, Insightful)
This is already done by Android and works perfectly.
Nah, it really doesn't do it in any meaningful way, and doesn't provide the level of fine grained control that is needed.
Sure, you get notification when you install an app that i uses this data, and can access that data, for this or that reason.
But you are never provided any indication when the app decides to use the data for some other reason. There is nothing in
Android that prevents this.
Example: You install an email app. Obviously it needs to access your contacts to send email to them.
It says it has to access the web, maybe to serve ads (because its a free app). You might never be told that the app might
decide to upload all your contacts to some web site. You have no way of knowing when it does this, and no way to
prevent it.
Andorid needs a finer grained control, one that says, you can't access my address book. Or you can't connect to
any website, except this list (in the example above it would be some ad server). The user should be able to turn off
some of the permissions at will. EVEN if doing so makes the app FAIL.
Right now, we get a Take-it-or-Leave-it list of permissions, most of which are poorly understood. Most people click right
through these, failing to notice that the Game they just installed wanted to access their address book. Once they
click thru that, they are never asked again. There is no way to know it happened.
Permissions should be select-able per app, even after its been installed.
There should be a easy way to review which apps can access which bits of sensitive data, and turn it on or off.
Id rather the twitter app fail than have it tweeting my 13 year old daughter's location without her or my knowledge.
Re:Android already does this...Not quite... (Score:4, Informative)
Nah, it really doesn't do it in any meaningful way, and doesn't provide the level of fine grained control that is needed.
Stock Android doesn't, but apps like P-Droid allow you to take as much control of your own phone as you want to.
Re: (Score:2)
I like it. P-Droid a good start, if Android built that in by default it would be great. The UI could be a bit cleaner, but I like it.
But still ROOT is required to install, so that rules out the vast majority of potential users. You shouldn't have to void your
warranty to do the equivalent with your phone.
Re: (Score:1)
Re: (Score:2)
Android may need finer grained controls but I am not sure how an email app is supposed to function without connecting to the internet and reading your contacts.
I do like the idea of turning off permissions at will/runtime though. Though, even that concept is not without problems. It would increase user confusion and support requests, cause some increase to development time, potentially break a lot of apps and decrease to the value generated to app devs/publishers. Still, I think it's a good idea overall
How many Android users setup 2-step verification, (Score:3)
Re:How many Android users setup 2-step verificatio (Score:4, Insightful)
I shouldn't have to forego Maps just to prevent some other app from transmitting my position to advertisers.
I shouldn't have to disable functionality I paid for, just to prevent some unwanted use of my location!
I should have a dashboard (just like the FTC suggested) that allows me to use my GPS the way I want, and not the way the app writer decided.
Re: (Score:3)
I should have a dashboard (just like the FTC suggested) that allows me to use my GPS the way I want, and not the way the app writer decided.
Good point. I've got a great privacy dashboard - it's part of Avast's security suite (which is free for Android users and which I HIGHLY recommend). I've actually always personally been in favor of using 3rd party applications for security options. I don't really like it when the product designer decides what I need in terms of security - I'd rather trust that to a specialty security company.
Re: (Score:1)
Re: (Score:3)
How many apps require your location in order to work?
Sure, if I have an app that will find a restaurant for me, maybe it needs to know at least my general location. I'm hungry, so I ask it where the restaurants are. The app should work. It's last known location for me was in Arkansas, so it gives me a map of Arkansas with hundreds of known good restaurants. I can narrow it down to southwest Arkansas, and it will zoom in some, giving me only a couple hundred restaurants. Or, I can tell it that I'm actua
And by "privacy"... (Score:1)
By "privacy", they mean "from everyone except the government".
Re: (Score:2)
or are you, in true slashdotter style, just being paranoid?
Says the guy posting as Anonymous Coward ... ;-p
Re: (Score:2)
Paranoid? It happens in broad daylight. Or did you forget about the TSA, Patriot Act, and warrantless wiretapping? Oh, but that's all to catch the big, evil terrorists, so according to them, it's all okay.
Re: (Score:1)
Prepaid Device (Score:1)
Pay cash for a no contract phone. Don't keep sensitive information on the phone. Don't transmit sensitive information. Assume that any carrier or service provider cannot protect your information.
Re: (Score:1)
Yes, thank you. Turn off wireless networking. I think turning off "location sharing" should stop broadcasting gps data. Air plane mode should keep gps data from being broadcast, as well as powering down, but this is not ideal for a communication device.
I had hoped an "open" software would resolve some of these issues, if I can reliably disable the saving and transmitting of location data on my android phone, I would like to know how.
The bottom line for me is I am the only person that can be responsib
Otherwise they may stop using them... (Score:2)
This is really too rich for me. The government telling the Microsoft, Google and the mobile telecom providers to get their mobile privacy issues in order?
Pot, meet Kettle...
I think they're realizing that if consumers feel uncomfortable with carrying a GPS tracking device in their pockets, they may stop using them.
Why, consumers may just go back to pay-phones! Which would leave the feds, states and even Chief Wiggum without an unfettered way of getting location data on almost every American.
Too rich, you j
Re:Otherwise they may stop using them... (Score:5, Insightful)
The seduction that these devices offer to too strong for people to give them up and not use them.
Given that, I see nothing wrong with the FTC recommending that consumers at least know when they are surrendering their location data, and have the option of turning that off in some game or social networking app, while still being able to use the Map application.
I only wish this suggestion came from the FCC as well, since the FTC, is more or less toothless.
If the FBI needs a warrant to put a GPS tracker on my car, I don't see any reason why AT&T or Google should be able to give my location away to some tin-star sheriff without a warrant, or worse yet, to JCPenny or Starbucks just because I walked by the store.
Re: (Score:2)
You could try not using one of their devices then, if it bothers you so much.
Re:Otherwise they may stop using them... (Score:4, Insightful)
Or I could encourage the government I elected to force them to play by my rules.
Its not THEIR device, its MINE.
Re: (Score:2)
Business owns the Congress critters and you are no longer the customer, you are the product.
Re: (Score:2)
Not universally true. Google'sbusiness model is to give away products (search, Android etc.) for free, then get their money from advertisers. You are the product.
For Apple and Blackberry, they make their money from selling you a phone. You are the customer.
This is reflected in the amount of privacy you get with the respective mobile phone platforms.
ok (Score:1)
The devil is in the details of course, but these things - "Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geo-location; Consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded; Consider offering a Do Not Track (DNT) mechanism for smartphone users" these are perfectly reasonable and I think are a good idea. Some
the government needs to improve... (Score:2)
The government does need to improve...how they collect and organize data on you.
I am sure the government only laments that it doesn't have the information that Google, Apple, and Microsoft have.
I wouldn't be surprised that---after all is said and done---the US ends up with a secret (from the general public) backdoor access to the information these companies have amassed in order to ensure that these companies do not "abuse" the information---in the name of homeland "security".
Re: (Score:2)
They didn't outlaw rooting or loading custom ROMs or anything else like that. They just made it a violation to unlock a phone from one carrier to use on another.
Missing the point? (Score:3)
How about "forcing" companies like Microsoft to use "standard file formats" for what has now become the defacto office suite?
Or making sure these companies, including Facebook, provide a mechanism for data portability, provisioned by a script?
Here's how it would work: I, the user, run this script through an interface, the result of which should be the "porting" of all my data from one provider to another in a 'reasonable time.'
They (Federal Trade Commission), dropped the ball long ago!
They are now trying to impress upon us that they are doing everything they can to "protect and safe guard" our privacy? I don't buy it one bit!
Re: (Score:2)
Nobody is forcing you to store your data with them.
so they asked the 3-biggest privacy pirates? (Score:2)
So, does the US government really think that asking the 3-largest privacy pirates to do something will actually work here?
I think the only real progress that could be made is that these companies agree to a standard format for sharing your information among themselves.
You sillies, why get a smart phone? (Score:1)
Re: (Score:2)
So you don't want your government to pass legislation to help mitigate your concerns?
I am aware that from your post you most likely fall into the Slashdot Liberian demographic and don't trust your government but don't ruin it for the uninteresting people (who no one cares about spying on).
Disclosure isn't nearly enough (Score:4, Insightful)
The biggest problem isn't that the applications don't disclose what they're accessing. There's also the problem that they don't disclose in detail. "May access the network", yeah, but for what? Knowing that it needs network access doesn't do me any good if I don't know what it needs it for or what it intends to do with it. Ditto "may access the SD card". Is it going to access it to store it's own data, or is it going to access it to scan other data?
And finally, even if all that's resolved, disclosure does no good when applications give you a take-it-or-leave-it approach: either give them 100% of everything they want or don't install them, even when a lot of what they want isn't required for them to run. The free version of a to-do list, for instance, would need network access to receive and display ads, but why would the paid-for ad-free version need it? Only to sync to a service like Google or Apple, and then only when the user chose to sync to a service. An IM program needs network access to run, without that it's kind of pointless. But access to my contacts? That may make it convenient, but my IM program does not need to see my phone's contact list to do it's job. At most it needs access to it's own contact list, which it would be getting from the IM servers when it logs on (otherwise things wouldn't stay in sync between clients). But still you're faced with either giving the IM program unrestricted access to something it doesn't need or not being able to use it at all. What's needed is disclosure of exactly why the program needs access and of why, if that access is required to install/run, the program cannot function without that access. Note that for that IM program, "It can't function without access to the contact list because I'm too lazy to write the code to maintain an app-specific contacts list." would be a perfectly acceptable disclosure. The reason doesn't have to be good, merely honest. Penalties for failure to follow the requirements? Well, you're making a fraudulent statement about your product. We already have penalties on the books for that.
Re: (Score:2)
There's no substitute for users having total control over their phones. We shouldn't be expecting vendors to merely per
Re: (Score:2)
Re: (Score:2)
Resistance is futile... (Score:2)
Prepare to be assimilated.
The elephant in the room... (Score:2)
Information leakage (Score:5, Insightful)
The *U*S*A* is concerned about privacy? (Score:2)
Now that is some irony! The US government is concerned about individual privacy? This is the same government that ignores laws stating they require a warrant to access your personal medical records? The same government that eavesdrops on its citizens at will? The same government that believes it has the right to know about all of your banking transactions? That can search you at will if you - like most of the population - live anywhere within 100 miles of the border of the country.
That said, the FTC report
Re: (Score:2)
In Other News (Score:2)
US Wants ExxonMobil to Get a Grip on CO2 Emissions
Likewise I'm sure they'll get right on that.
Delusional People (Score:2)
Government wants your private data (Score:2)
The Gubbermint wants these companies to get a handle on private data? Hell I thought they already had figured out how in hell to invade our privacy. Just look at Google and Android. Always communicating with the mothership. Microsoft does the same god damn thing and Apple? If it's IOS or iTunes then they're also getting all of your personal information. Hell these folks are more invasive then the Credit card companies though with the tech they've developed, they now have a profile on what and where you buy
One third of Americans think they DO have control (Score:2)