In the aftermath of the privacy alarm sounding over Path and Hipster, app developers are scrambling to ensure their apps are not accessing and uploading users’ contact lists without explicit consent. But this isn’t anything new; the Wall Street Journal “What They Know” series covered this exact issue over a year ago (for a more in depth look at what data apps can access on smartphones, check out Nicolas Seriot’s 2010 Black Hat writeup on the subject). Developers know that Apple’s APIs for iOS allow apps to access users’ address books and photos without user permission. This includes adding photos to the library, addresses to contact lists, or importing this data into the app. However, transmitting user data without consent violates the iOS app developer guidelines.
As an app developer, when you should ask for explicit consent to access and collect data from users? Sometimes the choice isn’t yours to make – for example, platforms require that apps obtain permission from the user prior to accessing location data. But for other data, the decision may be less clear. Asking permission for every legitimate use of data could quickly devolve into an overwhelming and confusing user experience, while assuming consent can land you in a Path-like mess.
One way to approach this is to take a step back and consider the overall purpose and nature of your app. In many cases it may be obvious to the user why the app is accessing or collecting data – for example, photo-sharing apps access user photo libraries to edit existing photos or to save new ones. It’s less obvious when a photo-sharing and location based information app (remember Color?) makes use of users’ smartphone microphone.
Don’t be shortsighted in assuming that only address books will come under scrutiny of researchers and the media – consider disclosing all unexpected uses of data, or any features/data that the OS allows access to without consent. Examples of “unexpected use” are listed here in FPF and CDT’s Apps Best Practices guidelines for developers.
