In the wake of growing debates over mobile privacy, the US Federal Trade Commission has urged mobile platform and app developers to make users aware of what personal information is being collected and how it's being used. In a new report, the FTC notes that mobile devices "facilitate unprecedented amounts of data collection," since they're virtually always turned on and carried with a single user. To stop information from being collected and spread without users' knowledge or consent, the FTC says platforms and developers should require agreement when sensitive information like geolocation is accessed, and that they should consider doing the same for less sensitive but still personal data like photos or contacts.
That last point is an issue that came to a head last year when social network Path was revealed to have been surreptitiously collecting address book data. Path itself has now settled with the FTC, agreeing to develop a privacy framework and pay $800,000 for collecting the information, particularly some data from children under 13 — a violation of the Children's Online Privacy Protection Act (COPPA).
Mobile devices 'facilitate unprecedented amounts of data collection'
More broadly, the FTC says that platforms should consider implementing a version of Do Not Track, the privacy initiative currently being pushed for non-mobile web browsers. "A mobile DNT mechanism, which a majority of the Commission has endorsed, would allow consumers to choose to prevent tracking by ad networks or other third parties as they navigate among apps on their phones." Though mobile Firefox has a Do Not Track button and Apple has a "limit ad tracking" toggle for iOS, the system is still far from standard on mobile.
Though it's not mentioned in the report, the FTC spent late 2011 investigating Carrier IQ, a common carrier telemetry system that was said to be logging keystrokes and locations. More broadly, it's been revamping its privacy guidelines over the past year, for both traditional and mobile computing. A web privacy framework was announced in early 2012, and the Commission later strengthened COPPA, barring apps or websites from collecting geolocation data, photos, or videos for children under 13 without express parental consent.