"Leaky apps" controversy will force developer stance on privacy
January 29, 2014
Recent revelations on the actions of the National Security Agency could add to the pressure that mobile developers are facing when it comes to standardizing security measures.
The newest of Edward Snowden’s leaked documents point to the NSA and its British counterpoint combing “leaky” mobile applications such as Angry Birds for consumers’ private data. Along with Starbucks’ and Target’s recent security issues, the news could pressure app developers or even the government to determine security standards in terms of what private information is being shared online and on mobile.
“I think all the big apps and publishers are going to have to make a declaration as to where they’re going to stand in terms of how much of their user data they’re sharing to make money,” said Tobias Dengel, CEO of Willow Tree Apps, Charlottesville, VA. “It’ll probably be industry, or eventually the government will step in.
“I think the second piece is that everyone who’s developing apps whether it’s in-house or through a partner company is going to take a really hard look at those apps to make sure that they understand the security vulnerability,” he said.
“I think the broad message here is what it’s going to do to the developing community is make sure everyone’s focused on security and make sure developers understand the implications of everything they do. Making decisions about what the policy is around that is going to be a big topic in 2014 because in the past everyone was just trying to make beautiful apps that work well.”
According to the classified documents, the NSA and Britain’s Government Communications Headquarters have been working together to glean data from apps by tapping into the information that is sent to ad networks.
Depending on the app and ad network, different personal information, such as location and address book contacts, are shared with the ad network to provide relevant ads to the app user. While the eavesdropping behavior had already been revealed, the new documents point to more details on what exactly the agencies were obtaining from smartphones and apps.
Concern over how the NSA obtains data and what it has access to has long been growing in the United States. Obama recently announced plans to curb the NSA’s actions in terms of phone-tapping, but many do not think that the plans go far enough.
The newest documents point to how expansive the NSA’s reach truly is.
“From a technology perspective, it’s not at all surprising,” Mr. Dengel said. “You already know the ad networks are tracking you, so the step that the NSA could access it isn’t a big shift, but policy-wise it is.
“I think a lot of people are going to be surprised because they didn’t realize the NSA was doing that or even the ad networks had access,” he said.
For those who already understood the relationship between app makers and ad networks, it is no surprise that the personal data is being shared. The only thing that has changed is that the government has been infiltrating that communication.
For consumers who may have been unaware of the extent to which their information was being shared with ad networks, this may be more shocking.
According to Truste, 92 percent of U.S. Internet users worry about their privacy online compared with 89 percent in January 2013 and 90 percent in January 2012. Thirty-eight percent point to government surveillance such as the NSA as the cause of concern, and 58 percent point to businesses sharing personal information with other companies.
According to Mr. Dengel, these revelations will further pressure developers to be more open about what information is being shared. Even though marketers did not knowingly share information with the NSA, consumers will be reluctant to give personal data if marketers are not upfront about security.
The government may decide to step in to secure these standards, but either way, developers will need to be more cautious. Not only will they need to be more open with consumers, but they will also need to step up their own security measures.
“If you really don’t want someone to know what you’re doing you need to add levels of encryption that aren’t done today,” said Chris Babel, CEO of Truste, San Francisco. “App developers have had to deal with these things or risk regulatory scrutiny.
“The assumption should be that the tape recorder is on,” he said. “That’s the big change. We all need to up our game.
“It’s time to think differently in terms of how to lock down data and keep it private.”
Until now, marketers have mainly been focused on creating a great app that contains value and works fast. They have been somewhat lax when it comes to security.
With these new revelations, the conversation will most likely shift from what makes an app aesthetically appealing to how the app secures personal data.
“I'm sure that an increased level of interest will translate into better efforts to preserve privacy on the part of developers, and probably more consumer tools to monitor and score various apps and games on the private data they collect,” said Roy Smith, founder and CEO of AgeCheq, York, PA, a COPPA compliance toolset for developers and parents.
“I don't think this is much of a surprise to the development community following the recent revelations of what the NSA has been collecting for years,” he said. “A mobile device that's packed full of cameras, microphones, email clients, GPS and Web browsers that goes wherever its owner goes is a wonderful tool for collecting all sorts of data - it would be a surprise if the NSA and all spy agencies didn't try to exploit that fact.”
Rebecca Borison is editorial assistant on Mobile Marketer, New York
- Trackback url: http://www.mobilemarketer.com/cms/trackback/17071-1