For years, marketers dreamed of the day when smartphones would be ubiquitous. Users would get ads based on their actual location at the time. Offers would be delivered right to the consumer's pocket. All agreed that privacy and user permission would be sacred because, after all, this was very sensitive data. Users considered their phones to be a highly personal device. Overstepping boundaries would not be tolerated.
So how are things working out?
Smartphones are indeed ubiquitous. The personal data available far outstrips what was ever imagined. Location, address books, social network relationships, photos, texts, emails and other highly personal information is stored on these devices and many users feel so tied to their phones that they keep them in reach even when in bed.
Unfortunately, it seems that just about every week we hear about another example of mobile misbehavior. Leading mobile apps are caught uploading users' address books without bothering to ask. iPhone and Android phones are accused of allowing apps to access users' photos without clear permission. Advertising companies are using technical tricks to bypass mobile browser privacy settings. Our recent Future of Privacy Forum survey showed that only a third of the most popular apps even bothered to have a privacy policy.
What has gone wrong?
To some extent, the mobile ecosystem is a victim of its own success. Several years ago, regulated cellphone carriers

provided network service, sold phones and decided what apps could be made available. Today, the mobile smartphone environment is a fast-growing, chaotic system of platforms provided by Apple or Google, independent app developers, mobile ad networks and other third parties. Hundreds of thousands of developers provide innovative new features using the personal data they access on consumer devices, many with little experience managing the giant databases they can assemble. Each misstep leads to an explosion of tweets, blog posts and complaints. If companies don't get their acts together quickly, users may stop feeling so free about sharing the data that has been the driver of new services and profits.
Thankfully, some progress is being made. California Attorney General Kamala Harris recently entered into an agreement with six leading app store and platform operators that will allow consumers to review an app's privacy policy before they download the app. The agreement also commits platforms to educate developers about their obligations to respect consumer data. The platforms will work to improve compliance with privacy laws by giving users tools to report noncompliant apps and committing companies to responding to these reports.
Similarly, the Federal Trade Commission has put developers on notice that it is ready to take action against apps that are acting deceptively. And the Obama administration is signaling that mobile apps may be the first sector it seeks to convene for a multi-stakeholder effort to develop enforceable privacy guidelines.
We welcome the policy-makers into the fray and are advancing the dialogue by hosting an app developer privacy summit to bring together developers, platforms and government regulators in San Francisco. But the folks best suited to solve the problem are the app developers themselves.
The energy and ingenuity displayed by the venture and developer communities in creating and launching apps can address consumer concerns far more effectively than the government. Don't wait for us to tell you what to do. Show up with solutions in hand. Just remember that access to user data is a privilege, not a right. Now start coding!
Jules Polonetsky, former chief privacy officer and senior vice president for consumer advocacy at AOL, is the director and co-chair of the Future of Privacy Forum, a Washington, D.C.-based think tank. Christopher Wolf is the co-chair of the Future of Privacy Forum and a partner in the Washington, D.C. office of Hogan Lovells LLP, where he is a leader of the privacy practice group. They wrote this for this newspaper.

How to Protect Your Privacy From “Leaky” Apps

Back in 2010, The Wall Street Journal was already warning us about app developers’ lack of transparency with regard to their intentions.
“An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.”
And since then, our level of engagement with mobile apps has only increased (with over 10 billion apps downloaded), while there has not been a lot of movement to prevent applications from accessing your data.
So what to do? Privacy concerns are justified, but there is a limit to what how this information can be utilized. If you feel the urge to free yourself from data tracking, you could delete and avoid apps, or you could provide false information, but that could violate terms of service and might not be effective, anyway.
When downloading an application, make an effort to consider what you are giving up and what you are getting in return, and to consciously decide whether that particular tradeoff is worthwhile.
You can also use mobile security software like McAfee Mobile Security that scans your installed apps to determine the level of access being granted to each of them. This feature then alerts you to apps that may be quietly siphoning data and enjoying unnecessarily extensive control of device’s functionality and then you can decide if you want to keep the app or delete it.

With better insight, you can take more your mobile security and privacy into your own hands.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.