Mobile Applications for iOS, Android Lack Privacy Policies

Only one in two apps (55 percent) offer a privacy policy prior to download in app stores, according to an MEF survey on mobile app security.

More than one-quarter (28 percent) of the top 100 applications available from Apple’s App Store and Google Play still don’t have a privacy policy, and among other areas for improvement are ways mobile apps can present privacy information in a more consumer-friendly way, according to an analysis into how the top 100 free mobile applications inform consumers about their use of personal data.

The research follows global trade association MEF’s Global Privacy Report, supported by AVG Technologies, from earlier in 2013, which showed that 70 percent of consumers say it's important to know exactly what personal information is being collected and shared.

"Consumers must be able to make an informed decision about whether or not to download an app. Once it's on their device, they should be able to access the policy easily, from within the app," Simon Bates, MEF’s senior adviser on policy and initiatives, said in a statement. "MEF’s global Privacy in Apps Initiative is supported by members from across the value chain to increase consumer trust in apps. It is essential developers are transparent. Privacy policies should be accessible, brief and easy to understand."

Only one in two apps (55 percent) offer a privacy policy prior to download in the app store, and just under one-third (32 percent) offer consumers access to that policy within the app itself. Just under half (45 percent) of applications don’t make their privacy policy available for review before downloading the app.

Furthermore, the average policy length was found to be 3,068 words, taking 12 minutes to read (assuming the average ability adult reader can read 250 words per minute). The longest privacy policy was 8,124 words, which would take 32 minutes to read. Only 8 percent were written in less than 750 words, with 69 percent of privacy policies written in long form.

"Consumers demand transparency when apps are sharing their data, and, importantly, the app community needs to do a better job of explaining to consumers why it’s in their interests to do so," MEF global chairman Andrew Bud said in a statement.

In July, the U.S. National Telecommunications and Information Administration (NTIA) announced that the goal of the first multi-stakeholder process is to develop a code of conduct to provide transparency in how companies providing applications and interactive services for mobile devices handle personal data.

However, the Center for Digital Democracy (CDD) urged the Federal Trade Commission (FTC) to review the NTIA’s proposed code of conduct, pointing out the lack of independent user testing and vagueness in definitions and potential loopholes.

"The lack of candor from industry participants about their actual practices that should be addressed by privacy safeguards is just one glaring problem with the Commerce Department process," the CDD wrote in a company release. "The dominant app distribution companies--Google, Apple and Facebook--failed to provide information as well."

Advocacy group Consumer Watchdog was similarly disappointed with the code, arguing the method of allowing "support" without requiring compliance was enough to undermine the credibility of the entire process without even considering the details of the code’s provisions.

"This is absurd Orwellian doublespeak," John M. Simpson, Consumer Watchdog’s privacy project director, said in a statement. "A company can put out a press release saying it supports the Transparency Code, boosting its public image and then do absolutely nothing."