Clickwrap privacy isn’t the answer

Two sets of mobile app privacy stories have broken into the mainstream press this month. The first half of the month was dominated by “addressbook-gate”, where Path (and then, it turns out, many other iOS applications) were found to be uploading and storing users’ phone contact lists to their servers.

In the firestorm that followed, many people — including some US Representatives — called on Apple raise the walls of their garden and address the issue by limiting app access to the address book and notifying users when the application requests access. Apple agreed, and will be introducing those changes in a future version of iOS.

So case closed. Until this last weekend, when the (London) Sunday Times reported that many popular mobile apps, including Facebook for Android, were “reading” user text messages. (Incidentally, the Sunday Times article is behind a paywall, and I haven’t seen a copy of the original article.) Extrapolating from other articles covering the Times “scoop”, it looks like the story is likely about the permissions apps typically request during the installation process.

Apps that overreach in their requested permissions are a bad thing, but they’re not new, and they’re not a smoking gun: developers may have legitimate and non-obvious reasons for requesting certain permissions, and they may require them for reasons that aren’t immediately clear to the end user. Facebook, for its part, denied “reading of user text messages” and explained that the app requires SMS read/write to test an as-yet-unreleased feature.

These two stories follow different arcs, but the second one certainly seems to complicate the first. The clickwrap privacy policy that Apple agreed to require is exactly the sort of permission screen that has been ignored so consistently that a major newspaper decided to publish it as a scoop.

Raising the garden walls is too easy an answer to a hard question. The response to these two privacy stories makes clear that people want their privacy to be respected, which requires effort and resources on the part of the developer. How do we convince developers that those expenses are worth the cost before a PR fiasco about their privacy practices? I don’t know what the solution is, but it’s not expanding clickwrap privacy policies.