Skip Links

California's mobile privacy crackdown praised

State's attorney has started notifying businesses that their apps are in violation of the state's Online Privacy Protection Act

By Antone Gonsalves, CSO
November 01, 2012 07:25 AM ET

CSO - California's top prosecutor has sent warnings to scores of mobile app developers that have allegedly violated the state's privacy laws, a crackdown that security experts applaud as good for the industry.

Mobile device management to take off

Attorney General Kamala D. Harris started notifying businesses this week that their apps did not have easily accessible privacy policies, as required by the state's Online Privacy Protection Act. The warnings affect as many as 100 apps.

The companies have 30 days to correct the problem. Besides being conspicuous, privacy policies must also inform users what personal information is gathered and how it is used. Violators face fines of $2,500 for each downloaded app.

"We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California’s privacy laws," Harris said in a statement.

Among the businesses receiving warnings were airlines United Continental and Delta and restaurant reservation scheduler OpenTable, Bloomberg BusinessWeek reports. The latter two companies did not respond to a request for comment, but United confirmed receiving the warning.

[See also: Mobile data privacy is terra incognita to users, developers]

"We are taking all steps necessary and appropriate to ensure compliance with California law as it relates to our mobile app," United spokeswoman Mary Clark said in an email.

Mobile security experts and vendors said the crackdown was good for the industry, because it would boost California consumers' confidence. California is one of the most aggressive states in the nation on privacy protection.

"In the long run, this will be good for the mobile app industry," said Xuxian Jiang, an assistant professor at North Carolina State University who has done research on mobile privacy.

Because people often use their mobile devices for work, the law also provides some protection to employers as well.

"Businesses may not be aware of the risks to data leakage from these apps," said Chester Wisniewski, a senior security adviser for Sophos. "Imagine a situation where employees are loading some application that is sending your corporate address book to some third party without your knowledge."

Studies have shown that many smartphone game developers have partnered with advertisers that gather personal information without permission. This has become a serious problem on devices running Google's Android operating system, because anyone can sell apps for the platform. All apps for Apple devices are sold and vetted by the company.

"Smartphones are in my opinion the greatest threat to loss of intellectual property and concern about privacy," said Darren Hayes, an assistant professor and expert in computer forensics at Pace University. "There are mobile apps that are masked as legitimate games which compromise other data on your phone. More aggressive privacy laws may mitigate some of the risk."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News