NSA targets Angry Birds, other apps to collect user data


While mobile games may seem like innocent time wasters, new documents have been released detailing the use of such games by the National Security Agency to track user information, such as user location, gender, age and other personal information.


MEF launches AppPrivacy tool for creation of short, simple privacy policies

Image via MEF

Image via MEF

In response to growing demands for additional privacy among app users, mobile commerce company MEF has today announced the launch of AppPrivacy. Developed for MEF by AgencyMobile, the online privacy tool will give developers of any size, in any country, access to creating short-form and consumer friendly privacy policies.


Your phone’s metadata contains more personal information than you might think


Image via Apple


In response to the recent NSA controversy surrounding consumer privacy, the American Civil Liberties Union has challenged the legality of the NSA’s surveillance of phone calling records. The ACLU requested a preliminary injunction that would halt the program indefinitely, until further investigation could be completed.


MEF study analyzes privacy policies in most popular iOS, Android apps

privacy-policy-650-1Image via MEF

Mobile commerce company MEF has released new research into how developers inform app users about the use of their personal data. The study analyzed the top 100 free mobile apps on both iOS and Google Play as of Q2 2013, and found that there are plenty of areas for improvement for developers to present privacy information in a “consumer-friendly” way.


Apple and Mozilla: A Cause for Celebration

AdTruth logoEditor’s note: Today’s guest post comes from James Lamberti, vice president and general manager of AdTruth (he was formally of mobile ad network InMobi and ComScore), a technology that enables audience identification through anonymous device recognition. In this post, Lamberti discusses why Apple and Mozilla making the decision to block and reject cookie tracking is a good thing.

You can bet that privacy advocates across the digital industry were celebrating recently. In response to Mozilla’s intent to block all third-party cookies by default and Apple’s decision to reject apps that use cookie-tracking, digital advertisers are wondering what this disruptive news means and how they should respond.

If anything, these changes should be applauded. While this news may come as a surprise to marketers and digital advertisers, it should be seen as an opportunity for the industry to address a problem that’s been an issue for years. The audience-identification options are limited; but this is a critical function that marketers depend on every day.

With cookies quickly falling by the wayside, the industry needs an alternative that is universal in nature, functions across all devices, on all operating systems and across every use case including desktop, mobile and apps. Apple’s push toward identifier for advertising (IFA) is a step in the right direction but is limited to iOS devices and doesn’t support all use cases.

Second, a universal alternative needs be based on the concept of privacy by design. This means privacy has been factored in from the beginning, not added as an afterthought. It also means providing the flexibility to recognize and respect privacy protection mechanisms, such as online behavioral advertising (OBA) and Do Not Track.

While keeping privacy in mind, a solution must also be effective. Performance and longevity are of great value to marketers and must reach an acceptable rate for a solution to even be considered. The key is for advertisers to understand and recognize their audiences well enough to provide relevant content: no more and no less.

And finally, with the number of mobile users and devices in world, we need a solution that has the ability to scale. Digital marketing is delivered and measured in billions of impressions and fractions of seconds. If this speed and scale can’t be supported the approach isn’t going to be adopted.

The news from Apple and Mozilla has caused many in the ecosystem to wonder how they will continue to reach customers in a time of diminishing options. They shouldn’t worry. As the ‘deterministic’ cookie approach continues to fade out, there is an opportunity for a more ‘probabilistic’ approach – one that meets the criteria outlined above – to be adopted. Don’t fret; it’s time to thank Apple and Mozilla for helping reframe the audience identification conversation.

Placed announces Placed Affiliate, a new way for app developers to monetize their apps

Placed logoMobile app location analytics provider Placed today announced Placed Affiliate, a new way for app developers to monetize their app by providing location data to Placed for market research purposes.

“It’s a new monetization channel for app developers,” says David Shim, founder and CEO of Placed. “No one is doing this today.”

Essentially, mobile app developers get paid by Placed for allowing the company to gather location data from its users who opted-in on Placed collecting such data for its own market research. On top of Placed Affiliate, the Seattle-headquartered company currently offers a free service providing location-based data for mobile app developers called Placed Analytics. Placed also offers a product dubbed Placed Panels, which is a free stand-alone mobile app and survey tool for iOS and Android — called the Panel App in the app stores — that allows businesses to track and measure location-based data from opted-in users, who are rewarded with gift cards or entries into a prize drawing for completing surveys from businesses.

“Placed Affiliate is going to let us acquire and measure more data across a larger universe of devices,” Shim told Inside Mobile Apps.Placed Affiliate

After a mobile app developer signs up for the Placed Affiliate service, they are provided with the Affiliate SDK for integration into their app. Placed wants to make sure it covers all its bases when it comes to a user’s privacy. If a mobile app developer wants to use Placed Affiliate, they must first make sure a user enables location permissions, and second, when a user opens the app, a prompt will inform the user that the app works with Placed for market research on location data. A user can simply select “yes” or “no” if he or she wants or doesn’t want to send location data to Placed. Shim emphasizes that Placed is collecting only location data and nothing else.

“We’re going above and beyond what the legislation has been talking about,” he says.

App developers receive money if Placed can gather location data from users in a 7 day or 30 day period. Shim adds that Placed Affiliate provides incremental monetization. If an app already has monetization hooks through ads, in-app purchases, subscriptions or other means, he recommends app developers keep those and add Placed Affiliate on top of those monetization strategies.

Placed, which already launched a pilot for Placed Affiliate last month, is now allowing any mobile app developer to sign up for the service here.

Back in March 2012, Placed received $3.4 million in Series A funding from the Madrona Venture Group.

Guest Post: 3 reasons to have a privacy policy for your app

Docracy logoEditor’s note: Today’s guest post comes from Veronica Picciafuoco, director of content for Docracy, a free repository of open source legal documents. The Federal Trade Commission (FTC) recently released a report, which outlined recommendations (not laws, yet) for mobile platforms and mobile app developers across the country to better inform its users what personal data is being collected and how the data is being used. Picciafuoco explains three reasons why app developers should have a privacy policy that outlines data collection.

1. The FTC thinks you should

In the U.S., a privacy policy isn’t mandatory requirement. But things are changing for mobile apps. The FTC issued a long report this month titled Mobile Privacy Disclosures. This document lays out a long list of recommendations for both platforms and app developers. Simply put, the FTC thinks every mobile app should have a readable, accessible privacy policy to explain users what data are collected, how, and why.

Here’s what the FTC thinks developers should do:

  • Have a privacy policy and make sure it’s easily accessible through the app stores

According to a June 2012 study, only 28 percent of paid apps and 48 percent of free apps available in the Apple App Store include a privacy policy or link to a privacy policy on the app promotion page. If you are on the “dark side”, it’s time to draft a solid privacy policy and make sure it’s accessible from your app, and not just from the privacy link when you submit the app to the various stores. If your app asks users to login via Facebook to find friends, the login screen is a prominent spot to place the policy link, so every user has the chance to check it.

  • Provide just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information (to the extent the platforms haven’t already provided such disclosures and obtained such consent)

As a user, you surely have met the pop-up notification that asks permission for push notifications. That’s an example of “just-in-time disclosure” provided by the platform itself. The FTC knows that few people read privacy policies, and wants you to notify your users about important privacy disclosures in the moment it occurs. For example, if your app wants to access the user’s address book to find other friends already playing the game, a pop-up is the best way to tell them in details what information are being collected and why.

  • Improve coordination and communication with ad networks and other third parties, such as analytics companies, that provide services for apps so the app developers can provide accurate disclosures to consumers

This is referring to external libraries, SDK and other third-party code that app developers often integrate in the app to facilitate advertising or analytics. The FTC is trying to tell you: it’s ok, but do it responsibly. Check public repositories for bugs, apply some due diligence on the reputation of the companies behind the code you are embedding. In short: use some common sense here, as you’re ultimately responsible for major loss of data from your app, even if due to third-party code.

  • Consider participating in self-regulatory programs, trade associations and industry organizations, which can provide guidance on how to make uniform, short-form privacy disclosures

The FTC is suggesting shortcuts to make your privacy policy up to industry standards. There are many trade associations in this space, including App Development Alliance (ADA), Future of Privacy Forum (FPF), Mobile Marketing Association (MMA), International Game Developers Association (IGDA), Entertainment Software Association (ESA) and many others. I personally oversee a crowdsourcing effort to open source a standard mobile privacy policy.

2. You can be fined you if you don’t follow or update your privacy policy

The FTC issued Path a whopping $800,000 fine for violations of their own privacy policy. Path said it wasn’t collecting certain information when, in fact, it was. While it’s normal for an app to ask permission to access third-party information on your phone, like address book info, what data you collect (and what do you do with it) is crucial. If you cater to minors, for example, you’re subject to COPPA, a federal law that says you must obtain “verifiable parent consent” if children under 13 use your app. Since Path collected birth dates, they knew for a fact they had kids using the app, and never did much about it. Result: $800,000 to the FTC. If you know that you have kids on your website, call your lawyer and find out how to comply with COPPA. If you don’t really know, make sure users represent they’re over 13.

3. You users will trust you more if you do, and your platform, too

recent survey found that 57 percent of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons. Instagram is said to have lost something like six million users after the their controversial Terms of Service change: people are starting to care about the legal implications of the apps they use. You can get away from the FTC, but there are crowdsourced policing tools in place now (TOS;DRPrivacyChoice, etc.) and it only takes one vocal user to spread a bad rumor. There’s also a positive side: good early behavior can help establish a level of trust with your user base that has positive effects on retention, and may even give you a competitive advantage.

Conclusion: get a privacy policy: it’s not that hard

There are pretty compelling reasons to have a good privacy policy for your mobile applications. It’s not something that only big publisher can afford. You can start with a free online template or a free privacy policy assembler and have a lawyer review it for a small fixed fee.

Looking at what the competition is doing can also help you figure out what kind of disclosures go in a policy. The important thing, particularly with mobile apps, is to make sure the policy stays true at every update. Every time add or fix something, think if it had an impact on your privacy statements, and edit them if necessary. Added a new analytics script? It should go in there. If you adopt a “privacy by design” approach from the beginning, this process will become automatic and naturally integrated in product development, keeping your legal risks low.

FTC recommends new privacy guidelines for mobile app platforms and developers

The Federal Trade Commission today released a new report, which outlines recommendations for mobile platforms and mobile app developers across the country to better inform its users what personal data is being collected and how the data is being used. The report comes less than a month after the California Attorney General’s office released its own privacy guidelines for mobile app developers in the state.FTC logo

FTC Chairman Jon Leibowitz, who yesterday announced his resignation, said in a statement, “the mobile world is expanding and innovating at breathtaking speed, allowing consumers to do things that would have been hard to imagine only a few years ago. These best practices will help to safeguard consumer privacy and build trust in the mobile marketplace, ensuring that the market can continue to thrive.”

The FTC, the federal agency that oversees business practices, stated that mobile devices “facilitate unprecedented amounts of data collection” because users, for the most part, have their mobile device on and with them at most times. In an effort to improve mobile privacy disclosures, the FTC recommended platforms and developers provide privacy data disclosures to consumers before allowing an app to access sensitive content like geolocation and for other personal data such as photos, contacts or calendar entries.

The FTC also recommended that platforms consider implementing a version of Do Not Track (DNT), the privacy mechanism that allows users to prevent tracking by ad networks or other third parties. Multiple desktop web browsers already support DNT including Firefox, Internet Explorer, Chrome and Safari. Mozilla’s Firefox mobile browser has the DNT mechanism and Apple’s Safari has a “limited ad tracking” slider for iOS, but despite Mozilla’s and Apple’s DNT support on mobile, the privacy mechanism is not as standard on mobile as it is on desktops.

At the end of 2012, the FTC strengthened its more than a decade-old child online privacy laws, in particular, the Children’s Online Privacy Protection Act (COPPA). The new laws require child-directed websites and online services to obtain parental consent before collecting children’s personal information like geolocation data or photos before sending the data off to third-party companies. Although, the updated rules explicitly exempt app “platforms” such as the Apple App Store and Google Play from complying with COPPA since the app stores only offer “public access” to kids’ apps, as opposed to targeting kids directly and exclusively.

How changes to Facebook’s app auth process affect developers

Along with other new privacy controls, Facebook today announced changes to the apps permissions process, which separates read and write permissions into different dialogs. The new flow gives users more control, but adds an extra step that could have an effect on acceptance rate and change the type of access users grant apps.

Today’s changes do not affect how users install games on Facebook.com, but will apply to mobile apps and other sites using Facebook login. Now that apps will request read and write permissions separately, users have the option to log into an application and receive a personalized experience using their name, friend list and other aspects of their profile, but they can reject the app’s request to publish activity on their behalf.

Previously, users accepted these permissions in one step, which led some users to unknowingly authorize an app to post to their wall. When users better understand what an app can do, they are less likely to be taken by surprise and end up marking an app as spam. They will also be more likely to add more apps in the future. Without feeling like they have control over what they share, users might be hesitant to add any third-party apps. That said, the two-step process could also lead to lower install rates or lead fewer people to allow apps to share their activity.

In some cases, the app auth process may involve three steps. That’s because Facebook also distinguishes “manage” permissions from read and write. If an app wants to manage a user’s ads, events, notifications or other products, it will have to request this in a third dialog.

Some aspects developers will appreciate are how the new dialogs are smaller and more lightweight, which is less likely to turn off users, and how some permissions have been combined. For example, apps used to have to request separate permissions for “publish_stream,” “publish_actions” and “publish_checkins.” Now an app can simply ask if it can publish to Facebook or not. “Basic info” has also been renamed to “public profile and friend list” to be more descriptive and transparent to users.

Facebook says all mobile and non-game web apps will be converted to the new auth flow automatically. No changes are required to a developer’s code.

Here’s a look at how the read and write permissions dialogs appear on different platforms:

Images from Facebook.

This article originally appeared on our sister site, Inside Facebook.

AntiSec releases 1M+ UDIDs it claims are from FBI hack

A hacker group named AntiSec has released 1,000,001 iPhone Unique Device Identifiers (UDIDs) it claims it stole from an FBI tracking project that contains more than 12 million of the numbers — some of which are said to be linked to personal information including full name, cell number, address and zipcode.

UDIDs are 40-digit long, unique alphanumeric codes that are assigned to every iOS device. They are used to track users as they move from app to app, to target advertising and measure campaign conversions. Unlike other advertising tracking mechanisms, they can’t be cleared, blocked, removed or opted out of, and are easy to link to personal information such as a user’s contact book.

Security concerns like these that have pushed Apple to move away from UDIDs, although the movement to replace them has lost much of its momentum due to a lack of suitable replacements. For its part, AntiSec had the following to say about UDID tracking:

“We think it’s the right moment to release this knowing that Apple is looking for alternatives for those UDID currently and since a while blocked axx [sic] to it, but well, in this case it’s too late for those concerned owners on the list. we always thought it was a really bad idea. that hardware coded IDs for devices concept should be erradicated [sic] from any device on the market in the future.”

According to the group’s anonymous statement on Pastebin.com, the data was released  in order to draw attention to the FBI’s project. Although most of the user info has been removed, AntiSec left enough for users to determine if their devices were among those being tracked. For those users who do not wish to download the entire list of UDIDs in order to see if their device is among those being tracked, The Next Web has created a custom search tool related to the breach.

interested in advertising with inside mobile apps?

Social Media Jobs
of the Day

Manager Social Media

Ralph Lauren
New York, NY

Social Media Manager

Chicago, IL

Social Media + Web Management Consultant

IPPF/Western Hemisphere Region
New York, NY

Director of Marketing (Social Media/Web)

Creative Circle
Corona, CA

Featured Company

Join leading companies like this one and recruit from the nation's top media job seekers on the Mediabistro Job Board. Every job post comes with our satisfaction guarantee. Learn More

Our Sponsors

Also from Inside Network:   AppData - Facebook & iOS Application Stats   PageData - Engagement Data on Facebook Pages   Facebook Marketing Bible   Inside Network Research
home | site map | advertising/sponsorships | about | careers | contact us | help courses | browse jobs | freelancers | events | forums | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us