Application developers and store operators are in for further rough times, as reports emerged this weekend that a number of popular smartphone applications, including Facebook, YouTube, Flickr, and others, can access private text message data or other personal information.
The Sunday Times (paywall) reported that Android and iPhone users are vulnerable to such invasions of privacy, though it is unclear whether application developers actively access data, or whether it is a result of poor security permissions.
It is claimed that some applications can intercept phone calls, while others can allegedly remotely access a smartphone’s camera, or even pinpoint its location without the user’s knowledge.
Since the Path debacle, Facebook and Twitter later became embroiled in the privacy row, whereby contact list data was uploaded to their servers.
Apple responded by rolling out a fix — thought to be currently in development, though no definitive date on when the fix will reach consumers — which would require explicit user consent before contact list information was accessed.
But as terms and conditions are often criticised for being overly complicated and lengthy, the vast majority of users unwittingly allow such actions through accepting such terms.
The application industry is thought to be worth over $6 billion annually. Arguably the blame does not only fall on the developer, but the major application store owners, like Apple and Google, for allowing the applications to be downloaded. They have also criticised for failing to secure mobile devices against such data harvesting expeditions.
While Apple has an incredibly strict terms and conditions for submitting applications to the Apple App Store, Google does not. The search and mobile giant still removes applications daily that are found to contain malware.
One concern for many is that applications solely created for the purpose of accessing such information are being downloaded, in amidst a transatlantic shift on data protection and consumer privacy rights.
Update 1: Headline edited for accuracy. As per the table, YouTube does not collect text message data, but has the ability to collect calling information “among other things”, a Google spokesperson said. They did not wish to comment further.
Update 2: That was quick. A Facebook spokesperson said there is “no reading of user text messages.” Facebook calls out the Times piece as “completely wrong”, but acknowledges that the Android application permissions require SMS read and write capabilities.
Facebook said that lots of communications apps use these permissions, and the application technically has the capability to integrate with the phone’s SMS system, but added that it is for testing purposes.
The company did not respond to the claim that the Times “admitted” to reading text messages, however. One question answered, and another ten questions open up.