2. Privacy Concerns
1
Rank Concerns
#1 Consumers ranked Privacy as their primary concern on using
smartphone and mobile apps
#2 98% have a strong desire for better controls over their personal
information in mobile apps
#3 Nearly 75% feels uncomfortable on advertising tracking and
85% of the total wants to opt out
#4 77% of consumers does NOT want to share location data with
app developers
#5 Only 1 out of 3 consumers feel they are in control of their
personal information
Survey: Consumer Mobile Privacy Insights Report - Smart Privacy for Smartphones, TRUSTe,
in Feb 2011, Released on April 2011
3. What and Why
What is “Privacy on Mobile Apps”?
Rights and Controls of
Information captured and exposed by the mobile apps, that can be
associated with a user, e.g. YOU.
Usage Patterns: Individual and Personal Information aggregated across
mobile apps matter
Why “Privacy on Mobile Apps” is so important?
Compare with Privacy on Desktop Computers
“Hub of Personal Information”
Real-time data
Always on, always connected
Prevent the abuse and misuse
e.g. Frauds, Phishing, Intrusive Marketing Promotions
Mobile Apps Privacy is NOT Mobile Security
Personal Information are provided or observed, but not stolen.
2
4. Personal Information Flow
3
• App Users
(YOU)
• Send out
personal
information
• Build up usage
patterns
• Connected
Users
• Contact List
• Social friends’
list and sharing
• App, Service
Developers
• Collection
Control
• Apps, Service
Developers
• 3rd party
Business
Entities
• Advertising
Networks
• Personalized
intrusive
marketing
• Sell and Resell
of personal
information
• Public data
observers:
General Public
and
Governments
5. Sources of Personal
Information
Mobile Devices
Phones and Tablets
Wearables
Google Glass and
Smart Watches
Connected Peripherals:
Internet of Things
Car
Intelligent bracelets
Intelligent Bulb
Surveillance cameras
Mobile Apps
Accessed
Camera, NFC, GPS,
Heart sensor, Gyros
Services: Siri,
services on the
Cloud
4
6. Types of Personal Information
Provided
User Registrations, Personal Preferences, Locations and
Social Sharing
Accessed
Calendar, Contact Lists, Photos and Task Lists
Device information
Hardware configurations, Battery, Mobile Data usage
Connected peripherals
Bio-metrics
Personal preferences
Observed
Usage Patterns
5
7. Issues
Data for sales
Personal data and market data
Octopus sold 2M users data for HK$44M and CEO resigned
Public accessible data
Different sources provide data access API
Analytic, business intelligent, data mining
Mosaic effect
Pattern recognition
Prediction
6
8. Issues
Privacy policy
Only 19% top free apps have privacy policy
74% consumer believe it’s “very important” or “extremely
important” to understand what personal information a mobile
app collects
42% read and understand privacy policy before download
Rough and unspecific privacy policy,
http://www.apple.com/uk/privacy/
http://tos.ea.com/legalapp/WEBPRIVACY/US/en/PC
Privacy policy change
7
Source: TRUSTe Mobile Privacy Survey 2011
9. Regulations
8
US EU HK
Governing Bodies Federal Trade
Commission takes
primary role
European
Commission, National
Data Protection
Authorities in EU27
Office of the Privacy
Commissioner for
Personal Data
Regulation 8 federal laws; state
laws
EU Law, Data
Protection Directive
Personal Data
(Privacy) Ordinance
Definition of Personal
Information
No single definition,
depends on
corresponding law
Any information
relating
to an identified or
identifiable natural
person
Data relating to a
living individual, for
identity of individual,
access or processing
is practicable
Principles Notice, Choice,
Access, Integrity,
Enforcement
Notice, Purpose,
Consent, Security,
Disclosure, Access,
Accountability
Purpose and Notice,
Accuracy, Secondary
Purpose Consent,
Security, Policy and
Practices, Access
Anti-privacy, state
security
Patriot Act Countries-specific
anti-terrorism
Interception of
Communications and
Surveillance
Ordinance
Safe Harbor Arrangement
10. What we can do?
Information owner
Information owner has little control
Read privacy policy before download
Review OS and app level privacy setting
Pay attention to pop-up
Personal responsibility
App developer
Get serious about privacy
Ask BEFORE collect
Transparency and Choice
Collect only what is required
OS developer
Privacy by design
9
Subjects: 1,000 US Consumers aged 18+ who are owning/using smartphonesUS residentsAge 18 or aboveCurrently owning or using a smartphoneNot employed in advertising, marketing research or telecom
device
The Ginger.io app runs silently in the background of participants’ smartphones, collecting text message habits, call frequency, and location. All that data is analyzed and sent back to both patients via the app and doctors and researchers via an online dashboard. If you suddenly stop calling your friends, or don’t go to work for a few days, that could be a sign to your doctors that they need to check in on you more aggressively.
Contacted 2 times on average, selling 4.5 years
TRUSTe Survey
France passed 13 anti-terrorism measures on Oct. 31, 2001, the United Kingdom passed the Anti-Terrorism, Crime and Security Act on Dec. 15, 2001 since replaced by the Prevention of Terrorism Act 2005; Belgium in December 2003 enacted legislation outlawing any action with the purpose of “destabilizing or destroying the fundamental political, constitutional, economic or social structures of a country”“the cure should not be worse than the disease”