App makers must be more transparent in the wake of the latest Facebook (FB) scandal. It was recently revealed that some third-party apps shared user data with the social network without a user’s knowledge or consent.
Many users who download an app either don’t bother to peruse the app’s privacy policies or simply can’t because the policies are tucked away in an area that’s hard to find. But something as forthright as a pop-up message when users open the app for the first time with a message detailing the data collection process could fix that.
“The truth is that I see this moving in much more of a similar model to what Apple and Google do, which is to say that every app that uses its SDK, or [software] developer kits that are created by the Facebook platform will just have to include compliance statements in there,” said Omar Akhtar, an analyst for the Altimeter Group. “The idea is that it's not so much that they're using the data. It’s that they're using the data without the knowledge of the people who are a part of this.”
According to a report published by The Wall Street Journal late last week, at least 11 third-party apps were sending users’ personal data back to Facebook without users’ knowledge or consent, even if those users don’t have a Facebook profile. The apps in question use a Facebook analytics tool called App Events that records user activity. While the App Events tool can provide app makers with data-driven insights about their users, it also sends information back to Facebook, which could be identified on a user-by-user basis — a violation of users’ privacy.
“The key issue is whether consumers are aware when they download an app that their data will be shared, and for what purpose,” said Debra Aho Williamson, a principal analyst with eMarketer. “Most privacy policies have some sort of language to cover this sort of thing, but they usually aren’t specific.”
In the case of Flo, a period and ovulation tracking app, the app’s privacy policy previously said it does not send “information regarding your marked cycles, pregnancy, symptoms, notes and other information that is entered by you and that you do not elect to share” to third-party vendors. The app changed its tune on February 23, however, with a new privacy policy that acknowledges it does in fact send that type of data: information like weight, body temperature, menstrual cycle dates, symptoms and location. That’s a huge about-face for Flo.
Little negative impact on Facebook
Even though apps will have to be more explicit moving forward, and even if they move to limit the amount and type of data they send to Facebook, the changes likely won’t have a negative impact on Facebook, which generates the lion’s share of its revenue from mobile and desktop ads. That’s because the social network gleans data from a wide range of sources, not just from apps, for its targeted advertising.