If you were lucky enough to get an iPhone, iPod Touch or iPad this holiday season, you have the bonus present of being included in a class action lawsuit against Apple. Actually, make that two bonus presents, one for each lawsuit.
The two class action suits filed over Christmas accuse Apple of passing personal information about its customers’ habits on to advertisers without customers’ permission. This includes not just information about app use, but the user’s identity as well. As BusinessWeek reports, iPhones, iPods and iPads—which all use iOS—are encoded with identifying devices called Unique Device IDs that function essentially like a social security number. Once given access, advertisers can use these UDIDs to track which applications users download, and how frequently and how long they use the apps. The suit on behalf of Jonathan Lano claims that some apps like Pandora, Weather Channel and Dictionary.com are also “selling additional information to ad networks, including users’ location, age, gender, income, ethnicity, sexual orientation and political views.” Advertisers can then use this information to create profiles of app users, or aggregate data.
The issue is not just lack of consent on the part of the consumer; the apps do not always make it clear that they are sending anything to third-party advertisers, let alone what identifying information will be sent. Apple is also culpable, say the lawsuits, because despite claiming it does not pass on customer information, it approves all of these applications before making them available in its App Store. Apple has significant control over developers, and shares profits with them, thereby creating what the lawsuits call “a community of interest”. Furthermore, because the UDID is unique to each phone or tablet, the user can’t change it, which means they can’t block or delete the profile the way they would a cookie on a computer.
Apple’s practice of curating its applications to control the user experience and protect the Apple ecosystem is what opened the company to lawsuits. But even companies like Google, with its open-source system, are not immune; a recent Wall Street Journal article exposed both iPhones and Android apps for spying on users. Investigators looked at 101 apps, but given that there are hundreds of thousands of apps available, no one knows how many of them pass on user information to third parties.
While lawsuits can help expose these practices, smartphone users may have to get used to living in a world where there’s no such thing as privacy. This practice of information sharing doesn’t qualify as identity theft, meaning consumers have limited recourse. So how do you protect your private information? Pay attention to your downloads. If you want to get tips about local goods and services, or ads that are relevant to your interests, then you might be ok with apps that reveal your age and location. If you’re not comfortable with ad networks knowing that much about you, don’t respond to prompts for more information, avoid downloading the apps tested by the Wall Street Journal, and do some research before downloading a new app. In the mean time, you may need to wait for the impact of these court cases (coupled with calls from the FTC) to bring more transparency to tech companies and online advertising agencies.