Apple, Google agree to privacy rules for mobile apps


California has just made it more difficult for mobile apps to access private user data without explicit consent. The state’s attorney general Kamala D. Harris announced today an agreement with six companies, which include Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research In motion, that is intended to offer better privacy protection for mobile app users.

The agreement requires all mobile apps to clearly display privacy polices before a user downloads the software to their smartphone or tablet. All privacy policies must explicitly state what user data the app will access, and how that information will be used. Moreover, companies like Apple and Google, must give users a way to report apps that fail to abide by these guidelines. Any app developer that violates the terms of their apps’ privacy policies is subject to prosecution under California law.

“Your personal privacy should not be the cost of using mobile apps, but all too often it is,” said Attorney General Harris in a statement. “This agreement strengthens the privacy protections of California consumers and of millions of people around the globe who use mobile apps. By ensuring that mobile apps have privacy policies, we create more transparency and give mobile users more informed control over who accesses their personal information and how it is used.”

According to a study cited by the Attorney General’s office, only 5 percent of all mobile apps currently include privacy policies.

Google already requires that any app sold through the Android Market to tell customers what private data it will access, and to receive user consent before accessing that data. However, app makers are not required to inform users how their data will be used. Apple prohibits any application from accessing private users data without explicit consent — though this rule has been put to the test in recent weeks.

Early this month, developers found that social networking app Path was accessing and uploading users entire contact lists to its servers without permission. In the days that followed, an endless stream of mobile apps were found to be doing exactly the same thing. Initially Apple stayed mum on the matter, refusing to answer our questions about whether Path and others had violated their developer agreements. Finally, after members of Congress sent a letter questioning Apple’s role in the matter, the electronics giant responded, saying that such practices were, in fact, a violation. The new agreement should help put a stop to these types of ambiguities.

See more details about the agreement in the PDF below:

Mobile Apps Agreement Information