This document summarizes privacy concerns regarding mobile apps and provides tips for users. It notes that there are over 1 million apps across platforms and that apps can theoretically access personal data and device functions without permission. While app stores provide ratings and reviews, developers are not perfectly policed. The document advises users to carefully review what permissions apps request and only install reputable apps from official stores. It also discusses new policies requiring privacy disclosures and a proposed "Consumer Privacy Bill of Rights."

1. App Privacy
Larry Magid
Co-director,
ConnectSafely.org
Founder
SafeKids.com
Revised: Feb 26, 2012

2. More than a million apps
As of February, 2012
• 500,000 iPhone/iPad apps
• 382,000 Android apps
• Around 500,000 Facebook apps
Almost all from “third parties” (other than
Apple/Facebook or Google)

3. Apps can be all powerful
• An “app” is a piece of software that can do practically anything that
it’s programmed to do
• While not necessarily for evil purposes apps, in theory, can:
– Control your device and access anything on it
– Access your contact list
– Know & even share your location
– Record incoming and outgoing text messages
– Track incoming & outgoing calls
– Send text messages & make calls from your account
– Trace web sites visited
– Post to your Facebook or Twitter account
– Anything you do with your phone can be recorded by an app
But they’re not supposed to do any of these things without permission

4. Guidelines are a start
• Facebook and Apple have guidelines & rules about
app privacy, but can they really police thousands of
app developers?
• Revelations about apps uploading user data to
servers may be the tip of the iceberg

5. Reviews and Ratings
• App stores offer user reviews
and ratings
• They’re not perfect but they give
you a sense of what others
think.
– Look for apps with lots of reviews
& high ratings
• Use a search engine to research
Apple App Store provides
ratings and user reviews but apps or review sites like
you have to scroll down to
see them AppReviews

6. Only Install “Reputable” Apps
• Download from legitimate app stores - Apple,
Android & Amazon
• Read reviews & ratings in App store or marketplace
• Search for info about apps
• Look at what permissions they’re asking for

7. Pay Careful Attention to “Permissions”
Apps will typically ask you permission before running
for things like:
– Uploading your contact information
– Tracking your location
– Posting to your Facebook or Twitter account
Does the the app really needs this information to serve
you? If not, don’t install it

8. Be especially careful about:
• Apps that disclose your location
• Apps that access your contact list
• Apps that send photos to others
One of many apps that
share your location with
friends or others
Pay close attention to permissions such as
uploading your contacts or disclosing your
location

9. And Don’t Forget To
• Understand the privacy settings of your mobile
operating system
• Look for age or content rating on any apps for kids
• Lock (PIN protect) your phone

10. Privacy Disclosure Agreement
On February 23, 2012 California’s Attorney General
announced a deal with Apple, Google, Microsoft & others
to require app developers to disclose their privacy policies
before users download them. This should benefit users
throughout the world

11. “Consumer Privacy Bill of Rights”
On February 23, 2012 The Obama Administration weighed-in with
its “Consumer Data Privacy in the Networked World” report & “Bill
of Rights” giving consumers the right to:
• Individual Control
• Transparency
– Easily understandable
• Respect for Context
– Companies will collect, use & disclose in context of how data
is to be used
• Security
• Access and Accuracy
– Right to access our own data
• Focused Collection
– Reasonable limits on data that companies collect and retain
• Accountability
– Companies accountable to enforcement authorities

12. Thank you!
Larry Magid
larry@connectsafely.org