Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Consumer Rights Groups Take Issue With NTIA Code of Conduct For Mobile Apps

timothy posted about a year ago | from the click-here-if-you-didn't-read-the-above dept.

Advertising 31

MojoKid writes "On Friday, we learned that the mobile industry has developed a short-form notice for mobile apps that tells users if the app is collecting their data and in what areas (i.e., phone call and text logs, location data, and so on) that would appear before app download begins. The program is currently voluntary and being tested, and although on the surface it seems like a step forward for consumer protection, some industry consumer rights groups are opposed to it. Jeffrey Chester of the Center for Digital Democracy (CDD) told us that, with respect to all the work that the industry put into the plan, he doesn't believe the new code of conduct will actually do much for consumers. "The process ignored the actual mobile app business practices, and refused to engage in the testing that's required," he said. "Words on a small screen--even if better than long and hard to find privacy policies--doesn't mean anything unless we know it tells users: one, what data is actually collected and how it is to be used, and two, whether they will see it in the first place.""

cancel ×

31 comments

Everyone is patting themselves on the back (4, Informative)

hsmith (818216) | about a year ago | (#44407953)

But in reality, a tiny sliver of individuals will ever read this. It would be more useful if it were in the App Stores or a screen on the device you could easily find to get the info. It will be another "EULA" which people just hit "Accept" for

Re:Everyone is patting themselves on the back (2)

icebike (68054) | about a year ago | (#44408229)

Just put a notice on the box the phone came it, and print it on the back of the phone itself that says

Anything you do on this device will be reported to the NSA

and be done with it.

Re:Everyone is patting themselves on the back (1)

Anonymous Coward | about a year ago | (#44413521)

Despite the local hate, this is actually something the WinPhone software store does fairly well. Every program entry has a list of what resources it makes use of. As far as I can tell, this list is generated by Microsoft, so it doesn't include any explanation of why Tetris requires GPS and camera control, but it also means the programmers can't lie about what the program gets access to.

Android (3, Informative)

surmak (1238244) | about a year ago | (#44407977)

Android already does this. The OS has a set of permissions available for apps (get location data, use camera, access internet, etc.) These permissions are displayed to the user when the app is installed, giving the user the chance to reject the app if the permissions are unacceptable.

Re:Android (1)

Anonymous Coward | about a year ago | (#44408009)

The problem with Android's permission model is it doesn't tell you *how* it will use the permissions you give it, or allow you to pick and choose those permissions; it's an all or nothing thing. What I would love is to selectively choose the permissions to grant an app and fake the permissions I don't allow; for example, give the app access to a fake contacts list so the app itself has no idea whether it has access to my real contacts.

Re:Android (0)

Anonymous Coward | about a year ago | (#44408163)

The problem with Android's permission model is it doesn't tell you *how* it will use the permissions you give it, or allow you to pick and choose those permissions; it's an all or nothing thing. What I would love is to selectively choose the permissions to grant an app and fake the permissions I don't allow; for example, give the app access to a fake contacts list so the app itself has no idea whether it has access to my real contacts.

Let me guess, you're one of those ignorant consumers who has no idea just exactly how free apps earn their price tag, and yet demands they remain free, stripped of all revenue-generating features.

Re:Android (1)

Anonymous Coward | about a year ago | (#44408221)

I'm a developer who writes free "apps". The developers who think that their website, program, or whatever is a privilege and deserves to advert the hell out of people for viewing it are the real ignorant ones. Add a donation link, if you don't like that route then remove your website or program from the internet while users find a better alternative not written by arrogant people. I prefer you didn't use stupid generalizations and say that all free programs earn money by tracking/ads. The programs written by shortsighted people are like that, perhaps.

Your website or program is not an awesome epitome of software. It's a tool that people may or may not use depending on their whims. If you don't want people using your stuff for free, don't make it free in the first place.

Re:Android (0)

Anonymous Coward | about a year ago | (#44409127)

So, you obviously work in this area. Now tell us what you do with all that information you collect from phones? Hoe much do you sell it for? What data do you collect? Do you inform all users about how the information is handled? No? Why not? I thought so. You deserve to go out of business...

Re:Android (2)

Runaway1956 (1322357) | about a year ago | (#44409831)

I'm one of those "consumers" who expects that "free" mean "free". I don't expect to be offered a free service, when in reality that "free" service is exploiting me in some way. I expect the offer to be very upfront, and informative. "In exchange for this nearly worthless service, the Company will use this app to mine all the data on your device. Please select "accept" to proceed with installation."

Re: Android (1)

Anonymous Coward | about a year ago | (#44408831)

The latest nightly builds of CyanogenMod have a feature called Privacy Guard which mostly address this issue. You can select which apps have access to your contacts, phone logs, location, etc. Currently it doesn't support finer granularity than that (e.g. only forbidding location service to a specific app) but they are still working on an advanced mode for that capability. Expect to see the Privacy Guard feature in the next stable release of CM which will likely be 10.2.

Re:Android (1)

Anonymous Coward | about a year ago | (#44409537)

What I would love is to selectively choose the permissions to grant an app and fake the permissions I don't allow; for example, give the app access to a fake contacts list so the app itself has no idea whether it has access to my real contacts.

The new Jelly Bean release finally has the beginnings of just such a feature [androidpolice.com] . It's still hidden to the user because it doesn't seem to be quite finished yet, and it's a bit broken in that the permissions you are allowed to enable/disable for an app only seem to show up in the list after the app has used that permission once before, but it's definitely a start! There's an app in the Play store [google.com] (which does not require any persmissions!) that will give you a launcher to the hidden WIP "App Ops" interface.

Re:Android (0)

Anonymous Coward | about a year ago | (#44417651)

I used to have a Blackberry Bold, running BB OS6. On install of a given app, the phone presented a full list of permissions the app was requesting. You could check or un-check anything you wanted, and the app would have to deal. Many apps provided a screen as part of the install that would say "OK, make these selections on the next screen for the app to work properly."

I think Apple does it the best though. They automatically give the app permissions (such as writing to memory in the phone, or data access) that are obvious, and that the app won't work without. Then, the first time the app tries to access something interesting, like the camera, contacts, calendar, photo library, your location, etc. it is stopped in its tracks while the phone displays a pop-up asking you "Allow to access ?" and if you say "No" the app has to deal. The immediacy of the request allows the user to make the connection based on what they were trying to do when the pop-up appeared.

Re:Android (0)

Anonymous Coward | about a year ago | (#44408019)

Android already does this. The OS has a set of permissions available for apps (get location data, use camera, access internet, etc.) These permissions are displayed to the user when the app is installed, giving the user the chance to reject the app if the permissions are unacceptable.

Exactly. This is hardly anything we've "learned" in the "mobile industry" since the Android app store has been doing this for quite a long time. However, that preview does exactly fuck all for the consumer other than basically alerting them to all the shit ABC app will do, and since it's the app they really want to use, they ignore the warnings and install it anyway.

Hardly an advance for end consumers who ignore EULAs anyway, and aren't given much of a choice in today's digital world if they choose to refuse all of them.

Re:Android (-1)

Anonymous Coward | about a year ago | (#44410819)

You mean the we will bend over and be shafted American consumer market because any consumer prottection is Socialist and evil.

Re:Android (2)

hankwang (413283) | about a year ago | (#44408363)

The problem with Android permissions is that a lot of apps request internet and sdcard access and there is no way to know what kind of data is going to be exchanged. Benign usage would be downloading ads and dynamic content, for the apps that are just a wrapper for a website. But for all I know, an app could be scanning the sd card for interesting data and feeding it to big brother.

Re:Android (1)

Mitreya (579078) | about a year ago | (#44408417)

The OS has a set of permissions available for apps (get location data, use camera, access internet, etc.)

It'd be nice if I could reject access selectively and try to install the app anyway

I'd also like a button that sends an email to developers "What were you thinking when you designed this?"

My favorite would have to be "permission to take camera fotos without user knowledge or permission". Even if an app has legitimate use for it, I'd like to think this is not mandatory for operation.

Re: Android (0)

Anonymous Coward | about a year ago | (#44408539)

Why does Google even allow those 3rd parties to access such a sensitive info ? I do not see a single instace that would prompt me to give my contact list to any of those developers.

NTIA ? (3, Funny)

rossdee (243626) | about a year ago | (#44407995)

No, Thanks In Advance ?

LOL (0)

Anonymous Coward | about a year ago | (#44408007)

THE mobile industry ? or the American mobile industry ?
good luck especially with the United Stalkers America,
I guess its no coincidence that Google with their play store redesign have remove the permissions information, so now you have to actually hit the install button before reading what it does, if you are not signed in and tracked you get no information at all.

Digital Stalking is rapidly becoming an American cultural obsession, is it the education system that makes you obsessed with knowing what iam doing ?

Basically (0)

Anonymous Coward | about a year ago | (#44408011)

If people never see this, they'll never care. Make it fit on 1 screen, include a picture, and make it favor the user. Then, people will like it. It also should be visible to everybody, not just those who hunt for it.

Easy to say no. (1)

jklovanc (1603149) | about a year ago | (#44408039)

It is easy to point finger at what one sees as a problem. It is much harder to find solutions to those problems. Lets see a few consumer organizations come up with what they would want to see instead of just criticizing. They will find it much more difficult that they seem to believe.

Re:Easy to say no. (0)

Anonymous Coward | about a year ago | (#44408355)

> It is easy to point finger at what one sees as a problem. It is much harder to find solutions to those problems.

Have the OS block access to that data. When an app tries to get to it (through an API), the OS pops up a prompt asking the user for permission (deny, allow once, allow always) . If the user says "no", the API call fails. How's that for a solution? Dunno why we are still designing OSes to assume that every program should have access to every function of the device. It's pretty clear that most apps are hostile now. Every app should run in a sandbox with limited functionality until enabled explicitly by the user.

You know what would be nice? (2)

MikeRT (947531) | about a year ago | (#44408067)

If when a company like Facebook gets caught (as I believe they did recently) grabbing contact data without authorization they'd get the "CFAA-book" thrown at them by the federal government. Novel idea, right? Your mobile phone is your computer system in the palm of your hand. They greatly exceeded reasonable access. They're "hackers**" so eff them and eff them hard in the federal court for "hacking."

**Term Nazis: we all know Hacker != Cracker outside of an African-American Studies program on race in IT... ;)

Re:You know what would be nice? (1)

93 Escort Wagon (326346) | about a year ago | (#44408223)

Agreed on all points - but until people start quitting these services when they pull stunts like this, there will not be much pressure for action either internally or externally.

For what little it's worth, I quit Facebook after that shadow profile revelation. But they're hardly alone - Google+ announced some time ago that they basically do the same thing, and I don't see a lot of outage over that.

Do the work (1)

jklovanc (1603149) | about a year ago | (#44408081)

Simpson continued: “A year after calling for privacy legislation, we have seen nothing from the administration. This multi-stakeholder process has been a diversion and a waste of time. President Obama, if you are serious about protecting consumers’ privacy, show us your proposed legislation.”

Instead of sitting on the sidelines sniping at people who are trying to make progress how bout you get off your ass and propose some legislation of your own? If you " are serious about protecting consumers’ privacy" how about you help make some progress instead of just being an obstruction. "You do the work and we'll shoot it down" is not very productive.

ntia code (-1, Flamebait)

blackks (2999637) | about a year ago | (#44408119)

about NTIA code [yanitara.com]

I like iOS's solution (1)

93 Escort Wagon (326346) | about a year ago | (#44408197)

On iOS, when an app tries to access, say, your contacts - at that point you are given a pop up that asks you to allow or deny that action.

There are several apps that I've found useful, but which want to do things for which there's no good reason (like the aforementioned contacts access). It's also nice with apps like Twitter or LinkedIn, where I might want to use them occasionally but don't want them spamming me with unwanted notifications or "services".

hello (-1, Offtopic)

Angela Wilson (2999691) | about a year ago | (#44408281)

until I looked at the receipt that said $5734, I accept that my father in law was like truly taking home money part time from there pretty old laptop.. there dads buddy started doing this for only about 17 months and just now cleard the morgage on their apartment and purchased a top of the range Mercedes. go to ........Buzz55.m.....check it.... -->

Unfixable... (1)

Anonymous Coward | about a year ago | (#44408445)

This is an unfixable issue. I used 'my' Facebook account to connect to the comment services of several EXTREMELY major publications. Every single one of these organisations wanted to slurp my entire private Facebook dataset. Obviously, with this account, I could say "sure, go ahead" but my point is that there is an absolute expectation by every player, big or small, that they can abuse the user in return for the service they offer the user for 'free'.

Google, through Android, makes this a thousand times worse. At least of the PC there is a clear demarcation between 'nosy' software/services, and the stuff that just installs and runs, even if inside a fully locked down sandbox. But even on a PC, when installing a new firewall, I'm amazed at how many older programs I assumed were 'passive' attempt to make internet connections (to long defunct servers).

If even one app has the ability to slurp your data, every other app will demand the same privilege. Thus, if you hold important information in your slurpable data area (be your device a phone, tablet or PC), your data will be slurped by everyone, and you may as well assume it to be public information.

If convenience matters more to you than privacy, your privacy has now gone 100%. If you are still prepared to put some of your privacy ahead of convenience, at the cost of some extra effort, you can keep all the privacy you wish.

Consumer Groups ARE NOT going to help here- in fact their moronically naive initiatives will actual make things get worse much faster, by ensuring the big players bribe the right politicians to cast in legal stone their right to slurp data in return for 'freebies'. Most mobile apps, per app, make less money than ever before, so their ability to slurp your data and sell it on/exploit it is essential to their business model. In effect, an invisible tax on all your purchases is created, and that 'tax' represents the money that is kicked-back to all those who may have been responsible for 'helping' you decide to make that given purchase.

'Advertising' in the 21st Century, is a very dirty and sophisticated game. The industry requires that you see targeted ads, and targeted ads require massive intelligence gathering operations. The ad business is now the *OTHER* NSA. And the ad biz has no more conscience than the NSA either.

Sadly the current situation has a tiny minority of people aware of the issues, and determined not to be casually data-mined, while the vast majority feels they have no other choice but to bend over, take it, and convince themselves they enjoy it. In fairness, those that give in genuinely feel they live in an age of 'wonder' as the social network services revolutionise their lives.

Piss off... (1)

Jawnn (445279) | about a year ago | (#44408543)

We're the phone company. We don't care what you little people want, need, or think is important. We don't have to. We never did, and we likely never will because you believe that you absolutely must be able to yack and/or text with your BFF, and update your TwitBook status. That all too common pathology will keep you bending over for just about any abuse we or our real customers care to put to you. So shut up and take it, bitches.

it need to be posted from time to time (0)

Anonymous Coward | about a year ago | (#44409071)

Read that from :

http://www.phrack.org/issues.html?issue=7&id=3&mode=txt

                                                              Phrack Inc

                                        Volume One, Issue 7, Phile 3 of 10

The following was written shortly after my arrest...

                                              \/\The Conscience of a Hacker/\/

                                                                            by

                                                              +++The Mentor+++

                                                    Written on January 8, 1986

                Another one got caught today, it's all over the papers. "Teenager
Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
                Damn kids. They're all alike.

                But did you, in your three-piece psychology and 1950's technobrain,
ever take a look behind the eyes of the hacker? Did you ever wonder what
made him tick, what forces shaped him, what may have molded him?
                I am a hacker, enter my world...
                Mine is a world that begins with school... I'm smarter than most of
the other kids, this crap they teach us bores me...
                Damn underachiever. They're all alike.

                I'm in junior high or high school. I've listened to teachers explain
for the fifteenth time how to reduce a fraction. I understand it. "No, Ms.
Smith, I didn't show my work. I did it in my head..."
                Damn kid. Probably copied it. They're all alike.

                I made a discovery today. I found a computer. Wait a second, this is
cool. It does what I want it to. If it makes a mistake, it's because I
screwed it up. Not because it doesn't like me...
                                Or feels threatened by me...
                                Or thinks I'm a smart ass...
                                Or doesn't like teaching and shouldn't be here...
                Damn kid. All he does is play games. They're all alike.

                And then it happened... a door opened to a world... rushing through
the phone line like heroin through an addict's veins, an electronic pulse is
sent out, a refuge from the day-to-day incompetencies is sought... a board is
found.
                "This is it... this is where I belong..."
                I know everyone here... even if I've never met them, never talked to
them, may never hear from them again... I know you all...
                Damn kid. Tying up the phone line again. They're all alike...

                You bet your ass we're all alike... we've been spoon-fed baby food at
school when we hungered for steak... the bits of meat that you did let slip
through were pre-chewed and tasteless. We've been dominated by sadists, or
ignored by the apathetic. The few that had something to teach found us will-
ing pupils, but those few are like drops of water in the desert.

                This is our world now... the world of the electron and the switch, the
beauty of the baud. We make use of a service already existing without paying
for what could be dirt-cheap if it wasn't run by profiteering gluttons, and
you call us criminals. We explore... and you call us criminals. We seek
after knowledge... and you call us criminals. We exist without skin color,
without nationality, without religious bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to us
and try to make us believe it's for our own good, yet we're the criminals.

                Yes, I am a criminal. My crime is that of curiosity. My crime is
that of judging people by what they say and think, not what they look like.
My crime is that of outsmarting you, something that you will never forgive me
for.

                I am a hacker, and this is my manifesto. You may stop this individual,
but you can't stop us all... after all, we're all alike.

                                                              +++The Mentor+++

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...