John Gamble
Marketing Manager | TRUSTe
@johnaddison

A TRUSTe analysis of the top 50 Android and top 50 iOS mobile apps this past February found that only 1 in 3 had a privacy policy. This transparency deficit not only prevents consumers from making informed choices around their data, it also puts mobile developers in precarious legal waters. February 2012 also saw the California Attorney General announce a deal with Apple, Amazon, Google, HP, Microsoft and RIM, requiring mobile developers to display privacy policies for their apps to comply with California privacy law.

Even among the apps we analyzed that had privacy policies we found significant room for improvement: only 2% of these apps had optimized their policy for the mobile environment. Most linked instead to externally-hosted , corporate privacy policies. These traditional, long-form policies (which frequently exceed 2,000 words) are functionally unreadable on small mobile screens.  Also, it was not clear in many cases if disclosures in these policies applied to the app itself or to other online properties owned by the app’s parent company. For example, 28% of the app privacy policies we examined disclosed targeted advertising activities, but it was typically not clear if these disclosures applied to the app or to the company’s website (or both).

In the past few months the media and various researchers have uncovered a number of unauthorized or non-transparent data collections by mobile apps. Despite Apple’s call on app developers in August 2011 to discontinue the use of unique device identifiers (UDIDs)  TRUSTe found in its February analysis that an overwhelming percentage of these top iOS apps (72%) collected UDIDs. In many cases these apps passed UDIDs on to third parties (such as mobile ad networks) and some did so without encryption. Apple is now reportedly rejecting apps submitted to its App Store who access UDIDs and has renewed its call on developers to discontinue the uses of this identifier-type.

TRUSTe’s app analysis clearly underscores the need for greater transparency and consumer choice in the mobile app space. Representatives in Congress recently sent inquiry letters to 34 different mobile apps demanding more information about their data collection and use activities. A U.S. consumer survey we recently commissioned from Harris Interactive found that nearly three-quarters of the population worries about their privacy when using mobile apps. Furthermore, 88% of respondents in this survey indicated they avoid doing business with companies when they believe they’re not protecting their privacy. App developers have a responsibility to provide consumers with mobile-appropriate privacy disclosures around the collection and use of their personal data and to offer consumers meaningful choice, especially around sensitive collections of their data for targeting or profile-building activities.