“Most people don't want to think about it because it's scary, from the user's standpoint,” he said. “They don't what to know who's tracking them. They think there is some magic task force of gnomes that goes out and fixes things.”
Lie Njie, a mobile app developer, technology consultant and privacy advocate, was part of a team of researchers hired by the Privacy Rights Foundation to look at the data practices of mobile health and fitness applications under a grant from the California Consumer Protection Foundation. Several reports based on their research were released last week.
Lie Njie and fellow researchers created a 150-point scoring matrix to rate 43 apps selected for review. Most—72%— were rated as either high or medium privacy risks, according to Lie Njie's technical report.
Only a quarter of the free apps and less than a third of the paid apps that investigators looked at had privacy policies linked to their apps or websites, according to a colleague's more consumer-oriented report. The consumer report warned that these privacy policies “are generally written by lawyers, and that their primary purpose is to protect developers from litigation, rather than protect users' interest in their personal privacy.”
“Developers are not developing with privacy and security in mind because there are no consequences for them,” Lie Njie explained. “The tension I found is, the people who are developing these apps are trying to meet several goals. One is cash from advertising. The other is figuring out why people are using it.”
The “big push” for developers is to put tools on the apps—including those also reporting to their parties—to monitor progress toward those goals. Meanwhile, privacy is ignored. “I don't think that's malicious, it's economic,” he said. “There's just not a budget for privacy.”
Lie Njie doesn't see Congress or federal regulators stepping up to the privacy protection plate any time soon – the IT industry has too much clout.
“There needs to be some kind of data Valdez,” he said, the digital equivalent of the Exxon Valdez oil spill, something so big and nasty and headline grabbing it will move consumer behavior.
“The only way it's going to change is if the market forces shift and the people will only buy products with privacy policies that are meaningful,” Lie Njie said.
Just in case, Lie Njie put together a six-page guide for app developers who want to create a product with privacy built in.
Follow Joseph Conn on Twitter: @MHJConn