It appears there's a little more going on in mobile applications than consumers had bargained for. The Wall Street Journal is reporting that last December it tested 101 apps and found that 56 of them transmit the phone's unique device identifier or IMEI to companies without users' awareness or consent. Forty-seven apps transmitted the phone's location in some way, and five sent a user's age, gender and other personal details to outsiders.
Pandora, the popular Internet music site, transmitted information about a user's age, gender, and location, as well as the IMEI for the phone to various advertising networks in both the Android and iPhone versions of its app case. The age and gender information is collected when the user registers for Pandora's service.
Federal prosecutors in New Jersey are now investigating whether these smartphone applications illegally obtained or transmitted information about their users without proper disclosures. A quick check of Pandora's privacy policy does not seem to disclose the type of information the Journal found them to be transmitting.
In the "Simple to Understand" section they disclose:
* We use the information that we collect and you provide about yourself to personalize your PANDORA' internet radio experience through ads and social networking features.
* We track the music played on PANDORA' internet radio so that we can make sure artists and copyright owners get paid. We must report on listening in aggregate to music licensing agencies. These reports do not contain individual listener data.
* We track the music played on PANDORA' internet radio so that we can make sure artists and copyright owners get paid. We must report on listening in aggregate to music licensing agencies. These reports do not contain individual listener data.
Sounds downright "noble", but further down in the fine print they do mention the collection of device identifiers, and other non-personally identifiable data.
Pandora does provide a great service though I am only an occasional user (probably less so in the future), but it does give you pause. I have mixed feelings about whether ads specifically targeted at me are a good or a bad thing, and I guess that Pandora has to pay the rent somehow.
The probe apparently is focusing on whether app makers violated the Computer Fraud and Abuse Act, a law crafted to help prosecute hackers, which covers information stored on computers. It could be used to argue that app makers "hacked" into users' cell phones. The article goes on to say that cases like this rarely result in companies being charged with a crime though there is the possibility for civil suits.
As we consider mobile security threats, maybe we add this one to the list.
