SAN FRANCISCO — Amid growing worry about sensitive consumer information being siphoned up by mobile apps, state Attorney General Kamala Harris on Wednesday announced a privacy deal with the six largest mobile Web providers that will change how millions of consumers download apps to their smartphones and tablets.
Under the agreement, consumers should see prominent and easy to understand privacy disclosures before they download an app from Apple (AAPL), Google (GOOG) or any of the four other mobile Web kingpins covered by the agreement.
A key thrust of the agreement is to clarify that the state’s existing Internet privacy law, the California Online Privacy Protection Act, applies to independent developers of mobile apps and the large corporations that sell or distribute them through popular channels like Apple’s App Store or Google’s Android Market.
Harris predicted the agreement will have international impact, saying software developers everywhere are likely to design all of their wares to meet California standards since a significant portion of their users are here.
“What this will do is require those (mobile app developers) who collect personal information to let people know what they are doing with that information,” Harris said at a press conference in San Francisco. “What we have done, what we are announcing today, is global in scope.”
In addition to Apple and Google, the four other companies covered by the agreement are Hewlett-Packard (HPQ),
Microsoft, Blackberry-maker Research in Motion and Amazon. The six companies account for about 95 percent of the mobile apps distributed to consumers worldwide, Harris said.
Wednesday’s announcement comes amid a series of privacy breaches on the fast growing mobile Web, including recent disclosures that the Path social network was uploading the address books of its users from their smartphones to its servers without their knowledge or consent. Path later apologized and has promised to destroy that data, but the mobile privacy issue has gained increasing attention with revelations that Twitter and other companies were doing the same thing.
The state online privacy law has been on the books since 2003, and requires all commercial websites that collect personal data about Californians to post a privacy policy. But until now, Harris and others said Wednesday, there has been confusion about whether the state law applies to apps that run on smartphones, tablet computers and other mobile devices.
“A big impact of the agreement is a clarification of what’s fair territory and what’s foul territory” for mobile app developers, said Mitch Kapor, prominent Silicon Valley entrepreneur, co-founder of the Electronic Frontier Foundation digital rights group and an informal tech adviser to the Attorney General. Mobile app developers “have not been paying attention to this issue. They will now pay attention to this issue. The result of that is that there will now be privacy infractions that will never happen.”
Under the agreement, the six companies agreed to require software developers to create and display an app’s privacy policy in an easy-to-find location, and that consumers will be able to see the app’s policy before they download the app. Many apps currently lack a privacy policy. The six companies also agreed to educate the independent developers who write most mobile apps about their obligations to respect consumer privacy.
It’s unclear how long it will take for the changes to become visible to consumers. Google said Wednesday that it planned to implement the changes “in the coming weeks” for its Android Market app store.
Apple did not respond to requests for comment.
Harris said violations of the agreement could lead to litigation against the app developer, as well as the platform the app is downloaded from. That would mean that a future privacy breach like Path’s, involving an iPhone app downloaded from Apple’s App Store, could lead to trouble both for Apple as well as for Path.
“If developers do not follow the privacy policy, we will sue,” Harris said. “We can sue, and we will sue.”
The agreement does not restrict what information apps can collect about their users; it simply requires them to disclose what information they are collecting, what they are doing with that data, and with whom they are sharing it.
Part of the agreement, Harris said, calls for companies and developers to craft written privacy disclosures that are easy for consumers to read and understand.
The agreement was praised Wednesday by a number of digital rights and privacy groups, including the Association of Competitive Technology, a mobile apps trade group.
Like a large and growing share of the population, Harris said she uses smartphone apps. And last year, Harris said Wednesday, she and her staff realized that very few of those apps had privacy policies, even though they are required under existing state law.
Last August, Harris convened a meeting of Apple, Google, HP and the three other mobile web companies to talk about that disconnect, meetings that led to Wednesday’s announcement.
As smartphone users, “we are also concerned about privacy,” Harris said. “And we realized that most of the apps that we used do not have privacy policies, and they should. And that’s how we came about it.”
Mercury News staff writer Pete Carey contributed to this story.
Contact Mike Swift at 408-271-3648. Follow him at Twitter.com/swiftstories or facebook.com/mike.swift3.
Article source: http://www.mercurynews.com/business/ci_20020837