What Apple, and the industry, need to do about mobile privacy

Oh dear oh dear. The mobile application developers dirty little secret, the one that no one really likes to talk about, is going to be mainstream news this week. 

For those that have missed it, iOS startup darling Path have been sending your entire phone address book to their servers when you start using their app.

Most of the time dealing with the privacy of users is considered a technical challenge. SSL certificates, salting hashed passwords, good processes for controller database access and all that fun stuff. It doesn't really get you anywhere with your product but, well, you have to do it. Just keep thinking ahead to the due diligence process when you are about to be acquired. 

But let's face it, people worry more about their Homepage copy than that on their Terms and Conditions page. And that's understandable. 

Where things get a little murky is when user privacy is less of a technical challenge and more of a moral one. When the guys at Path were developing their app, they had a decision to make. We could make the newly minted user pass through another page, asking their permission to scan their address book looking for friends already using the service. Or we could just do it without asking. On the face of it, the answer is blindingly obvious, but some people 'sweat the details' when it comes to UX. And when I say 'sweat the details' what I really mean is take a copy of your personal address book without asking you.

On the face of it, it's not a hard question to answer. Do you value the privacy of your users over the success of your startup? 

But the thing is, Apple could remove the need for all this soul searching.

  • Make app developers define what private data stores/services their app needs access to, just like Android developers have to.
  • Include this information in the App Store approval process.
  • If Apple think something smells bad, ask the developer what they are doing with that data.
  • Let the user know when they are installing an app what information it will have access to. 

That way the hundreds of people working at Apple approving iOS applications don't have to worry about SSL enabled packet sniffers and proxies. Their job is probably hard enough as it is without all that.

The irony here is that the closed platform is, once you've got through the approval process, 100% open to abuse. This is not so for Android applications. Sure, most people don't read the Android 'permissions' page when installing an app, but *that's their decision*.

Apple need to do the right thing here and remove the temptation from the product design process. 

Have your say