FTC gives app developers new privacy guidelines, suggests 'Do Not Track' for mobile

Facebook Android login screen (stock)

In the wake of growing debates over mobile privacy, the US Federal Trade Commission has urged mobile platform and app developers to make users aware of what personal information is being collected and how it's being used. In a new report, the FTC notes that mobile devices "facilitate unprecedented amounts of data collection," since they're virtually always turned on and carried with a single user. To stop information from being collected and spread without users' knowledge or consent, the FTC says platforms and developers should require agreement when sensitive information like geolocation is accessed, and that they should consider doing the same for less sensitive but still personal data like photos or contacts.

That last point is an issue that came to a head last year when social network Path was revealed to have been surreptitiously collecting address book data. Path itself has now settled with the FTC, agreeing to develop a privacy framework and pay $800,000 for collecting the information, particularly some data from children under 13 — a violation of the Children's Online Privacy Protection Act (COPPA).

Mobile devices 'facilitate unprecedented amounts of data collection'

More broadly, the FTC says that platforms should consider implementing a version of Do Not Track, the privacy initiative currently being pushed for non-mobile web browsers. "A mobile DNT mechanism, which a majority of the Commission has endorsed, would allow consumers to choose to prevent tracking by ad networks or other third parties as they navigate among apps on their phones." Though mobile Firefox has a Do Not Track button and Apple has a "limit ad tracking" toggle for iOS, the system is still far from standard on mobile.

Though it's not mentioned in the report, the FTC spent late 2011 investigating Carrier IQ, a common carrier telemetry system that was said to be logging keystrokes and locations. More broadly, it's been revamping its privacy guidelines over the past year, for both traditional and mobile computing. A web privacy framework was announced in early 2012, and the Commission later strengthened COPPA, barring apps or websites from collecting geolocation data, photos, or videos for children under 13 without express parental consent.

The Verge
Log In Sign Up

Log In Sign Up

Please choose a new Verge username and password

As part of the new Verge launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Verge going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Verge username and password

As part of the new Verge launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Verge going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.