New MacBook Pros are here! Get the lowest prices anywhere: Apple Price Guides updated Aug 21st (exclusive coupons)
 


Monday, April 04, 2011, 02:00 pm PT (05:00 pm ET)

Federal grand jury investigating Android, iOS apps for privacy concerns

A federal grand jury has served mobile developers, including music service Pandora, subpoenas as part of an investigation into the use of users' data in conjunction with ad networks.

News of the subpoenas was made public in filings related to Pandora's Initial Public Offering, according to a report by MarketWatch.

"In early 2011, we were served with a subpoena to produce documents in connection with a federal grand jury," Pandora said in its filings, "which we believe was convened to investigate the information sharing processes of certain popular applications that run on the Apple and Android mobile platforms."

Pandora said it did not believe it was the target of the investigation, but stated, "we believe that similar subpoenas were issued on an industry-wide basis to the publishers of numerous other smartphone applications."

The government has been taking a close look at how mobile apps, platforms, and ad networks make use of citizen's private data. There are already strict regulations pertaining to the use of GPS location data, but the market for collecting personal data, including interests, web browsing habits, gender, age, and other demographic data, for use in improving and targeting advertising messages remains a newly emerging business with grey boundaries.

Jobs eyes analytics

Last summer, Apple's chief executive Steve Jobs revealed that the company had been working to tighten up the rules among iOS developers, saying that initially "we were really naive about this stuff," but after seeing ad networks collecting large amounts of customer data and reporting aspects of it, the company "went through the roof about this."

Jobs' initial concern pertained to data analytics firms discovering Apple's own internal use of new products prototypes.

"We're not banning other advertisers from our platforms," Jobs said. "They can do that. But they can't send data out to an analytics firm who is going to sell it to make money and publish it to tell everybody that we have devices on our campus that we don't want people to know about. That we don't need to do."

Enter the lawsuits

Just weeks after Jobs' comments, an article published by the LA Times suggested that Apple was spying on users' location based on an incorrect understanding of the company's revised privacy policy, under the headline, "Apple collecting, sharing iPhone users' precise locations."

That story resulted in a probe launched by two US Congressmen who peppered the company with questions about its privacy policies. Last December, a report by the Wall Street Journal again examined the issues of collecting and sharing user data with ad networks, noting that many apps collect and forward users' data to ad networks without much disclosure of what's going on or why.

That report kicked off a lawsuit that closely mirrored the findings of the Journal report, specifically targeting Pandora as sending "age, gender, location and phone identifiers to various ad networks," for example, although the suit named Apple as its target, not the various apps that were actually making some use of private data.

Open to exploitation

Apple allows users to opt out of sharing their location data with advertisers on its own iAd network, and has established a privacy policy that addresses what data apps can obtain, and for what purpose. However, it appears that Apple is allowing Google and other advertisers to act beyond its stated policies.

On its own mobile platform Google has taken a much less integrated approach, allowing Android developers distribute apps without any real restrictions as long as they outline in technical terms what permissions an app requests at the time of installation.

Users who don't understand what these technical system permissions mean or the potential for abuse implied in giving an app access to their personal data have had a wide swath of personal data uploaded to advertisers and others using the wide open and largely unregulated Android platform to distribute malware and spyware.