09:56 AM

Facebook Joins California Mobile App Privacy Program

Apple, Amazon, and Microsoft have already agreed to abide by the program, which requires all apps to clearly detail in their privacy policies which user data is collected, used, or shared.

Facebook has agreed to abide by California guidelines that are meant to protect the privacy of mobile application users.

In a letter to California's attorney general, the company said that its Facebook App Center, launched last month, would abide by a joint agreement that the state announced earlier this year with key mobile app distributors.

"The App Center provides a centralized place where our users can learn more about participating Facebook apps, read their privacy policies, and, where necessary, report problems," wrote Erin M. Egan, Facebook's chief privacy officer, in the letter. "We are committed to building transparency, control, and accountability into all of our products, and we believe that the App Center empowers users to learn about the policies that will apply to data collected when they use mobile apps included in the Facebook App Center and to make informed choices about which apps they wish to use."

The privacy announcement is significant, given the potential reach of Facebook's new app store. "Facebook will require all software applications ('apps') offered through the App Center to provide a clear link to its privacy policy," said Brian Karp, an attorney at Baker Hostetler, in a blog post. "Given Facebook's increasingly large user base and existing third-party app infrastructure, the App Center is likely to have an impact of significance on the global mobile application marketplace."

[ Federal Trade Commission is weighing in on the privacy debate. See FTC Sets Consumer Data Collection Limits. ]

California launched its mobile app privacy program in February 2012, just one day before the White House announced its proposed Consumer Privacy Bill of Rights. From the outset, the state announced that the six companies with the biggest mobile app market platforms--Amazon, Apple, Google, HP, Microsoft, and Research In Motion--had agreed to participate. "The joint statement resulted from the AG's [attorney general's] collaborative review of mobile application compliance with the California Online Privacy Protection Act and the AG's opinion that the act 'requires mobile applications that collect personal data from California consumers to conspicuously post a privacy policy,'" said Karp.

"The joint statement does not impose legal obligations [but] rather is an effort between the mobile app market companies and the AG to increase transparency and control over personal data in the mobile marketplace 'without unduly burdening innovative mobile platforms and application developers,'" said Karp, referencing the text of the joint statement.

The program isn't legally binding. Rather, it's more of a voluntary code of conduct--and one which only applies to California--with participants agreeing to make clear exactly how "personal data is collected, used, and shared" by any mobile app, he said. It also promises to provide consumers with a mechanism to report any apps that fail to provide a clear privacy policy or break their promises.

Karp said businesses shouldn't treat California's mobile app privacy protection program as an outlier, as the state "and its robust tech community often serve as a thought leader providing legislation other states choose to implement." In addition, he said, the fact that Facebook, Apple, Microsoft, and other technology giants have chosen to work with the state's attorney general signals that the technology industry is now taking "a proactive approach to consumer privacy legal compliance."

In part, that may be because states--and especially California--are getting much more proactive about consumers' online privacy rights, not least after revelations in recent years regarding the full extent to which online advertisers have been secretly tracking consumers.

New apps promise to inject social features across entire workflows, raising new problems for IT. In the new, all-digital Social Networking issue of InformationWeek, find out how companies are making social networking part of the way their employees work. Also in this issue: How to better manage your video data. (Free with registration.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-08
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Published: 2015-10-08
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privile...

Published: 2015-10-08
The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632.

Published: 2015-10-08
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236.

Published: 2015-10-06
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.