The odds are pretty good that if you’re a big consumer of mobile apps, the private information on your phone has been collected and sent somewhere without your knowledge.
That’s a scary thought for consumers and a tantalizing one for attorneys in the small but growing arena of apps security. San Francisco-based Lookout says in its Apps Genome project report that 1 in 3 free iPhone apps and 3 in 10 free apps on Android access the location of the phone user. The report also says that 14% of iPhone apps extract personal information, as do 8% of Android apps.
Permission may be written into the user agreement, but is it prominent enough? And what assurances do apps makers give that the information will be both protected from hackers and not shared without the user’s permission?
We already have read horror stories about how corporations such as Monster, Second Life and Hell’s Pizza have had their customer databases hacked. While we may feel better that Apple vets its apps, Android apps come from an unrestricted market.
An iPhone has been breached, and so it’s a matter of time before snoopers find their way into the databases of legitimate apps makers and operators. The people who gave permission — and especially the people who did not — may have cause for action. How large could damages be? How well insured or solvent are some apps makers whose software contains flaws? And is there any third-party liability from companies that sell tools for building faulty apps?
Small, inconsequential breaches will likely not produce large damage claims, but could set import precedents for manufacturers, software developers, systems managers and data warehousers. Watch for the full report from Lookout and keep an eye on the dockets.