The PRISM project is hitting the news just now, with the Director of National Intelligence issuing statements, and people talking about what privacy means in a free society.
This morning, our backchannel discussion about PRISM drifted to the topic of user privacy in apps. Specifically, we've noticed a recent trend -- our apps are starting to contact us by email.
Here's an example of a real email generated by an iOS app:
Hello, Thank you for trying [redacted] out!
I noticed that you've used the app a couple of times over the past few weeks but are no longer using it. We trying to make the calendar a better experience and in doing so I'd really appreciate if you could take a moment and tell me why [redacted] isn't working for you.
If you have any other thoughts you'd like to share with the team, please feel free to send it our way!
That's a pretty startling email to receive, especially when we never contacted the company in question or opted into monitoring. In fact, the app in question offers a lengthly privacy statement, which states, "we may use other Anonymous Information to analyze usage patterns". Clearly that data is not so anonymous that it wasn't able to hijack the Gmail credentials used within the app.
There's a saying that basically goes, "if the app is free, then you are the product." It's become commonplace to reap device and usage statistics for analytics. Developers may forget that there remains a real privacy line between a user's personal data and how they use the app. With Apple's support of developer- and app-specific tracking identifiers, you shouldn't lose sight of how that data is supposed to be used.
In February, the FTC issued recommendations for mobile privacy disclosure. Among these, the FTC suggested that apps offer affirmative express consent for access to sensitive information, along with an access "dashboard" that would allow users to review in-app privacy settings.
At the time, Verne Kopytoff wrote at Bloomberg Businessweek about the motivation behind app privacy policies, "Privacy advocates like to call mobile phones by a more menacing name: tracking devices. Mobile apps log the pages people browse, the products they buy, and the videos they watch. Many apps also note their users' locations and, over time, glean their daily routines."
As mild as email feedback outreach efforts are, they cross a critical line when leveraging account information meant for in-app use only. A user who buys an app intending to manage his calendar, isn't expressly trying to build a product feedback relationship with the developer. Repurposing Gmail account credentials for further contact breaks an important trust.