The State Of Mobile App Privacy Policies

The Washington, D.C.-based think tank Future of Privacy Forum (“FPF”) released a study this week detailing the current state of mobile app privacy policies as of this past month, June 2012. The report found that many app developers are now responding to the increased pressure from U.S. regulators on this issue, and have now introduced privacy policies for their applications as well as new policies surrounding the use of customers’ private data.

Specifically, the report shows that the percentage of free apps with a privacy policy doubled on the iOS App Store since the last report in September 2011, going from 40% to 84%. The percentage of paid apps with privacy policies on iOS increased by 4%, from 60% to 64%. And on the Google Play platform, the percentage of free apps with a privacy policy actually started high at 70%, and increased to 76%.  The percentage of paid apps increased as well, going from 30% to 48%.

Government Regulators Look Into App Privacy: A Refresher

In February, the FTC released a report which has a specific emphasis on mobile apps targeting children, where it stated that app makers on both the iOS and Android platforms were doing very little to properly inform consumers about their data collection practices. The FTC stressed that without this information, there really isn’t a good way for parents to make smart choices about the applications they allow their children to download and use.

Parents and children aren’t the only demographics affected by consumers’ lack of information and understanding around personal information privacy, of course. As we also discovered back in February, apps that had access to private address book data, like Path, weren’t taking sufficient precautions with user data. Subsequent outrage ensued. The Path problem blew over, as these things tend to do, but government’s involvement in the matter did not.

In addition to the FTC, the California Attorney General’s office indicated in February that it would enforce California’s Online Privacy Protection Act against app developers. Apple, Google, Microsoft, Amazon, Hewlett-Packard, and Research In Motion all agreed that they would require developers to include privacy policies in their apps, so users would be better informed about how their data was used. At the time of the announcement, there was no specific time frame given as to when the companies would need to be in compliance, but California Attorney General Kamal Harris said her office would revisit the situation in six months time.

In June, Facebook signed a similar agreement with the AG’s office, covering all the apps in its App Center.

And earlier this month, the National Telecommunications & Information Administration in the U.S. Department of Commerce announced it would host a series of meetings concerning mobile app privacy, with a focus on developing an appropriate code of conduct.

Key Findings

So what’s changed? As noted above, apps privacy protections have increased on the top two platforms, iOS and Android for both free and paid apps.

And in looking at the top apps across iOS, Google Play, and the Kindle Fire Appstore, the FPF found that as of June 2012, 61.3% of all apps now have a privacy policy (69.3% free/53.3% paid). The numbers have been increasing since September, too, as the charts below indicate:

But more importantly, the FPF also looked into whether the privacy policy was linked to from the app store listing page and whether it was accessible from within the app itself. (See charts below). After all, what good is a privacy policy, if no one can find it?

According to the report’s findings, 48% of the free apps and 28% of paid apps in the iOS App Store have a privacy policy directly accessible on the listing page. 20% of free apps and 12% of paid apps on Google Play provide access to a privacy policy on the listing page. (The Kindle Fire Appstore has not yet provided developers the capability of linking to their policy from their listing page.

The study also found that of the top 25 free apps on iOS, Google Play and the Kindle Fire Appstore, 48% made the privacy policies available within the app. Free apps show significant improvement here.

The report even looked at apps which requested precise user location data in particular to see if they had privacy policies. Here, 12 out of the 50 apps surveyed on the iOS App Store platform requested precise location information and 10 out of those 12 had privacy policies. 14 out of the 50 apps surveyed on Google Play requested precise location information and 10 out of those 14 had privacy policies.

The apps that collected location but offered no accessible privacy policy included:

  • Google Play apps: Cut the Rope, Camera ZOOM FX, Star Chart, and Smart Tools
  • iOS apps: Fruit Ninja Lite and Camera+

In a few cases, the privacy policy was available on the website, but not in the app, so it was not counted.

Another change the FPF noticed is that some apps had begun to use a “short form notice,” which is an easy-to read version of their privacy policy for consumers to briefly scan. FPF noticed that all six apps where it found this occurring were from Zynga.

Best Practices

While things are clearly improving thanks to the government regulator scrutiny and further push from the app stores themselves, there are still some laggards here. While it’s not clear when and how app stores will force developers to be in compliance with the new rulings, many have obviously decided to err on the side of caution.

Of course, app privacy policies are only one of many steps developers will have to take in order to truly respect user privacy concerns, they are a good first measure, at least. Or, as FPF Co-Chair Jules Polonestsky, “app developers are starting to get the message that access to consumer data is a privilege, not a right.”

Image credit, lead: humblecitizen on flickr