President Obama's move Thursday to establish a so-called Privacy Bill of Rights for the Internet can be seen as the consolidation of decade-long efforts by disparate groups to improve privacy protections via countless browser add-ons, settings, and privacy policies. But while it's possible to guard privacy on the desktop, the rapidly growing mobile space is still the Wild West, with an almost endless landscape of privacy pitfalls that challenge even the most vigilant consumer.
Today's mobile phones collect an enormous amount of personal data -- from the user's email address to his or her location, contact list, calendar and even photos -- and tether it to a single unique device ID number. One location-based photo-sharing app reportedly activated users' microphones to narrow down their location beyond what GPS data could provide. There is as yet very little to protect the valuable data on these most personal of devices.
[ Updated for iOS 5, Android 4, BlackBerry OS 7, and Windows Phone 7.5: Learn how to manage mobile devices in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights via Twitter and with the Mobile Edge blog and Mobilize newsletter. ]
Given California's plan, and the major mobile platforms' participation in it, developers who market their apps in the App Store, Android Marketplace or any of the other major platforms will have to establish and disclose these policies, but there is still no requirement for them to limit the data they grab, store or share.
"The only piece of information that's restricted by the operating system is location information," said Ashkan Soltani, an independent researcher and consultant focused on privacy. The restrictions on what developers can share with third parties are minimal and not always clear.
As for protecting one's private data, "The industry tools don't even exist yet," said Jules Polonetsky, who runs the Future of Privacy Forum. For example, "It's nearly impossible" to opt out of tracking on a mobile device.
Data driving innovation
Ironically, unfettered access to hardware and data in smartphones has driven much of the innovation that has happened in the mobile arena. A flashlight app must have access to the phone's flash to work. Social networks need access to contact information to suggest friends for new users. And apps like Yelp use location data to ensure users get relevant information.
Privacy expert Ryan Calo, at Stanford University's Center for Internet and Society, described the challenge for regulators as protecting consumers while remaining "flexible enough to permit innovation."