Some iPhone apps ask you for permission to track your geographical location. However, some apps pull such data without your approval. Photo: Jon Snyder/Wired.com
If people want to know everything about you, they need look no further than your smartphone. It contains a host of your personal information and leaves a trail of digital footprints everywhere you go.
A proposed class-action lawsuit filed last week alleges that Apple and a handful of app makers are invading user privacy by accessing personal data from customers' smartphones without permission and sharing it with third-party advertisers.
Concurrently, federal prosecutors in New Jersey are investigating whether several smartphone app makers, including Pandora, are transmitting customer information without proper disclosure. Separately, Congress is mulling legislation aimed at giving consumers the option to tell companies not to track their personal data.
"I'm glad this is coming to light, because I think consumers are waking up to the tracking that's going on with a computer, but I think there's an extreme lack of knowledge about the tracking on your iPhone or your iPad," said Sharon Nissim, consumer privacy counsel of the Electronic Privacy Information Center, which is not involved in the lawsuit.
Plaintiffs Natasha Acosta and Dolma Acevedo-Crespo on April 7 filed a civil complaint against Apple and eight companies providing iPhone or iPad apps, accusing them of violating the Computer Fraud and Abuse Act by intentionally accessing customer information without their authorization. The complaint seeks class-action status on behalf of every iPhone or iPad user who has installed one of the defendant's apps over the last four years.
Well-known apps named in the lawsuit, which was filed in the district of Puerto Rico, include music-streaming service Pandora, and Dictionary.com.
The complaint accuses both Dictionary.com and Pandora [.pdf] of sharing an iPhone user's unique device identifier, age, gender and location with third parties, including advertisers. Neither Pandora nor Dictionary.com are services that rely on location, the complaint notes.
The lawsuit cites as evidence an ongoing independent investigation by The Wall Street Journal, which tested 101 apps and found that 56 transmitted the phone's UDID to third parties without user awareness or consent.
An iPhone does not transmit a customer's real name, but Apple and third-party apps can identify a device with a string of unique numbers, known as the unique device identifier (UDID).
The problem is, with a UDID and other personal information such as location, age and gender data, a company could easily piece together the real identity of a smartphone user and sell that information to marketers, explained John Nevares, a lawyer representing the class-action complaint.
"When you put those together they're able to transfer to a third party all your personal information so they can contact you later on and try to sell you something," Nevares said. He added that this type of activity constitutes fraud and deceptive practices.
EPIC's Nissim echoed Nevares' concerns.
"There hasn't been a lot of recognition that that type of identified number should be treated as personally identifiable information," Nissim said. "If it's combined with other information it could be used to identify you, and it becomes a gold mine of data for advertisers."
Also as a result of The Wall Street Journal's investigation, a federal grand jury has issued subpoenas to multiple iPhone and Android app makers, including Pandora and Anthony Campiti, creator of the Pumpkin Maker iPhone app. Pumpkin Maker, which is also named in the New Zealand class-action complaint, is an app that allows customers to carve virtual jack-o'-lanterns. The WSJ found that this app shares UDID and location data with advertisers.
The federal investigation is significant, because it could result in criminal charges against companies accused of committing fraud, the WSJ notes. However, it's rare that companies get charged with criminal offenses, so the investigation may evolve into a civil issue, meaning companies could be forced to pay monetary damages and promise to cease these practices.
"They're just doing information-gathering to get a better understanding" of the industry, Campiti told WSJ. "We're not doing anything wrong and neither is anyone else doing anything wrong."
Apple declined to comment on this story.
However, an Apple spokeswoman referred Wired.com to Apple's privacy policy, which states, "We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising."
Issues of mobile privacy are not unique to the United States. In Germany, politician and privacy advocate Malte Spitz sued his carrier, Deutsche Telekom, to get all the information it had on him.
The telecom giant handed over to Spitz a gigantic file revealing it had tracked him 35,000 times between August 2009 and February 2010 — enough data points for German newspaper Die Zeit to compile an interactive map and video tracking his every move for six months.
In response to the Spitz incident, two U.S. Congressmen are urging American phone companies AT&T, Verizon, Sprint and T-Mobile to disclose their data collection practices.
See Also:
沒有留言:
發佈留言