Risk
7/3/2012
09:56 AM
Connect Directly
RSS
E-Mail
50%
50%

Facebook Joins California Mobile App Privacy Program

Apple, Amazon, and Microsoft have already agreed to abide by the program, which requires all apps to clearly detail in their privacy policies which user data is collected, used, or shared.

Facebook has agreed to abide by California guidelines that are meant to protect the privacy of mobile application users.

In a letter to California's attorney general, the company said that its Facebook App Center, launched last month, would abide by a joint agreement that the state announced earlier this year with key mobile app distributors.

"The App Center provides a centralized place where our users can learn more about participating Facebook apps, read their privacy policies, and, where necessary, report problems," wrote Erin M. Egan, Facebook's chief privacy officer, in the letter. "We are committed to building transparency, control, and accountability into all of our products, and we believe that the App Center empowers users to learn about the policies that will apply to data collected when they use mobile apps included in the Facebook App Center and to make informed choices about which apps they wish to use."

The privacy announcement is significant, given the potential reach of Facebook's new app store. "Facebook will require all software applications ('apps') offered through the App Center to provide a clear link to its privacy policy," said Brian Karp, an attorney at Baker Hostetler, in a blog post. "Given Facebook's increasingly large user base and existing third-party app infrastructure, the App Center is likely to have an impact of significance on the global mobile application marketplace."

[ Federal Trade Commission is weighing in on the privacy debate. See FTC Sets Consumer Data Collection Limits. ]

California launched its mobile app privacy program in February 2012, just one day before the White House announced its proposed Consumer Privacy Bill of Rights. From the outset, the state announced that the six companies with the biggest mobile app market platforms--Amazon, Apple, Google, HP, Microsoft, and Research In Motion--had agreed to participate. "The joint statement resulted from the AG's [attorney general's] collaborative review of mobile application compliance with the California Online Privacy Protection Act and the AG's opinion that the act 'requires mobile applications that collect personal data from California consumers to conspicuously post a privacy policy,'" said Karp.

"The joint statement does not impose legal obligations [but] rather is an effort between the mobile app market companies and the AG to increase transparency and control over personal data in the mobile marketplace 'without unduly burdening innovative mobile platforms and application developers,'" said Karp, referencing the text of the joint statement.

The program isn't legally binding. Rather, it's more of a voluntary code of conduct--and one which only applies to California--with participants agreeing to make clear exactly how "personal data is collected, used, and shared" by any mobile app, he said. It also promises to provide consumers with a mechanism to report any apps that fail to provide a clear privacy policy or break their promises.

Karp said businesses shouldn't treat California's mobile app privacy protection program as an outlier, as the state "and its robust tech community often serve as a thought leader providing legislation other states choose to implement." In addition, he said, the fact that Facebook, Apple, Microsoft, and other technology giants have chosen to work with the state's attorney general signals that the technology industry is now taking "a proactive approach to consumer privacy legal compliance."

In part, that may be because states--and especially California--are getting much more proactive about consumers' online privacy rights, not least after revelations in recent years regarding the full extent to which online advertisers have been secretly tracking consumers.

New apps promise to inject social features across entire workflows, raising new problems for IT. In the new, all-digital Social Networking issue of InformationWeek, find out how companies are making social networking part of the way their employees work. Also in this issue: How to better manage your video data. (Free with registration.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant