Risk
7/3/2012
09:56 AM
50%
50%

Facebook Joins California Mobile App Privacy Program

Apple, Amazon, and Microsoft have already agreed to abide by the program, which requires all apps to clearly detail in their privacy policies which user data is collected, used, or shared.

Facebook has agreed to abide by California guidelines that are meant to protect the privacy of mobile application users.

In a letter to California's attorney general, the company said that its Facebook App Center, launched last month, would abide by a joint agreement that the state announced earlier this year with key mobile app distributors.

"The App Center provides a centralized place where our users can learn more about participating Facebook apps, read their privacy policies, and, where necessary, report problems," wrote Erin M. Egan, Facebook's chief privacy officer, in the letter. "We are committed to building transparency, control, and accountability into all of our products, and we believe that the App Center empowers users to learn about the policies that will apply to data collected when they use mobile apps included in the Facebook App Center and to make informed choices about which apps they wish to use."

The privacy announcement is significant, given the potential reach of Facebook's new app store. "Facebook will require all software applications ('apps') offered through the App Center to provide a clear link to its privacy policy," said Brian Karp, an attorney at Baker Hostetler, in a blog post. "Given Facebook's increasingly large user base and existing third-party app infrastructure, the App Center is likely to have an impact of significance on the global mobile application marketplace."

[ Federal Trade Commission is weighing in on the privacy debate. See FTC Sets Consumer Data Collection Limits. ]

California launched its mobile app privacy program in February 2012, just one day before the White House announced its proposed Consumer Privacy Bill of Rights. From the outset, the state announced that the six companies with the biggest mobile app market platforms--Amazon, Apple, Google, HP, Microsoft, and Research In Motion--had agreed to participate. "The joint statement resulted from the AG's [attorney general's] collaborative review of mobile application compliance with the California Online Privacy Protection Act and the AG's opinion that the act 'requires mobile applications that collect personal data from California consumers to conspicuously post a privacy policy,'" said Karp.

"The joint statement does not impose legal obligations [but] rather is an effort between the mobile app market companies and the AG to increase transparency and control over personal data in the mobile marketplace 'without unduly burdening innovative mobile platforms and application developers,'" said Karp, referencing the text of the joint statement.

The program isn't legally binding. Rather, it's more of a voluntary code of conduct--and one which only applies to California--with participants agreeing to make clear exactly how "personal data is collected, used, and shared" by any mobile app, he said. It also promises to provide consumers with a mechanism to report any apps that fail to provide a clear privacy policy or break their promises.

Karp said businesses shouldn't treat California's mobile app privacy protection program as an outlier, as the state "and its robust tech community often serve as a thought leader providing legislation other states choose to implement." In addition, he said, the fact that Facebook, Apple, Microsoft, and other technology giants have chosen to work with the state's attorney general signals that the technology industry is now taking "a proactive approach to consumer privacy legal compliance."

In part, that may be because states--and especially California--are getting much more proactive about consumers' online privacy rights, not least after revelations in recent years regarding the full extent to which online advertisers have been secretly tracking consumers.

New apps promise to inject social features across entire workflows, raising new problems for IT. In the new, all-digital Social Networking issue of InformationWeek, find out how companies are making social networking part of the way their employees work. Also in this issue: How to better manage your video data. (Free with registration.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6196
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSp...

CVE-2014-7247
Published: 2014-11-25
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?