Slipstream: Effort to Clarify Mobile App Data Rights Hits Snags

We think they’re free, or nearly free, and invite them in — without always knowing exactly what’s inside.

Apps often collect all kinds of information from our smartphones, like our contact lists and data on our precise locations. Both Android and iPhone apps are supposed to ask users’ permission first. But many people probably don’t know that third parties, like ad networks, analytics companies and data brokers, may also gain access to that information, security experts say.

An Android photo-sharing app, for instance, might request access to a user’s contacts, making it easy for that user to share photos, says Harry Sverdlove, the chief technology officer at Bit9, a cybersecurity firm. But a banner ad running on that same app, he says, might also be able to get access to that list, too, and use it to profile the user’s activities.

“It’s like the app is asking, ‘May I have permission to enter your home?’ ” Mr. Sverdlove says. “Maybe I am coming over to visit and have dinner. Maybe I am coming over to steal.”

Now, a new joint effort of the app industry and advocacy groups is working to give consumers more clarity on this issue. Last month, the coalition — it includes the Application Developers Alliance, the American Civil Liberties Union, Consumer Action and the World Privacy Forum — proposed that mobile apps voluntarily display standardized, short-form notices that would list the main types of data they collect and the entities with which that information is shared.

The idea came in response to a federal effort to update consumer privacy rights for the digital era.

“App developers want to do something that advances consumers’ trust in their industry,” says Tim Sparapani, senior adviser for policy and law at the Application Developers Alliance, an industry group. “To make it work, they want it to be implementable and easy.”

The White House earlier this year asked the National Telecommunications and Information Administration, a division of the Commerce Department, to gather industry and advocacy groups together in an effort to develop a “Consumer Privacy Bill of Rights.” After reviewing public commentary on the process, the telecommunications agency announced its first step would be to convene interested parties to work out a code of conduct for transparency in how mobile apps handle consumer data.

The process has been bumpy. The mobile app meetings have been beset by animosity and incivility. And some of the parties are operating on different channels. Some advocacy groups have been publicly pushing for comprehensive, detailed disclosures on data use by apps and third parties. Meanwhile, an advertising industry alliance has been working outside of the process to privately develop its own self-regulatory code of conduct.

A recent report about the collection of mobile device location data issued by the Government Accountability Office faulted the telecommunications agency for its unstructured approach. Although the collection and sharing of location data could put consumers at serious risk of surveillance, stalking and identity theft, the report said, the telecommunications agency “has not set specific goals, milestones and performance measures for this effort.”

“Consequently, it is unclear if or when the process would address mobile location privacy,” the G.A.O. said.

The telecommunications agency sees its role as a facilitator or convener of the process, not as a director or active member.

“I am pretty pleased with the progress the stakeholders have made so far,” John Morris, the agency’s director of the Office of Policy, Analysis and Development, said in a phone interview last Thursday. “I am looking forward to seeing them reach a conclusion.”

But some stakeholders say they have been frustrated with the lack of progress. That is why the app developer and advocacy groups worked on their own to develop a more practical approach, designing what they call “voluntary transparency screens.”

“There’s a whole lot of shouting going on about process. There’s a whole lot of shouting going on about substance,” Jon Potter, the president of the Application Developers Alliance, said at a meeting of the stakeholders on Nov. 30. “What if we close the door, lower the temperature and try to get something done?”

THE level of strife so far over the narrow issue of mobile app transparency, some advocates say, doesn’t bode well for the larger federal effort to work out a comprehensive consumer bill of privacy rights.

App industry representatives and advocates wrangled for months to hammer out prototypes for their short-form notices, negotiating over the data disclosures they felt consumers should see and different ways to present them. They came up with an idea that users could click on a disclosure screen or two before they downloaded an app.

A first screen, the coalition proposed, might list the types of data an app collected, like a device’s location, personal contacts, Web browsing history, photos, financial or health information. A second screen could list the kinds of entities — ad networks, data brokers, data analytics companies, government agencies, social networks and so on — that could also gain access to that data. Or it could all be on one screen.

The idea, Mr. Potter says, is to give consumers a quick way to compare apps not just on utility but also on the extent of data collection. In an industry where long-winded, opaque privacy policies have become the norm, the proposed short notices seem radical in their clarity and brevity.

“The process is about effectively communicating to consumers what data is being collected and who it is being shared with,” Mr. Potter says.

Ad industry representatives applauded the simplicity of the notices. But they vociferously objected to the idea that app users would have to click through a screen before they could use an app.

“That you’d have to scroll through all this privacy stuff before you get to the app, there’s no public call for that,” said Stuart P. Ingis, a lawyer representing the Direct Marketing Association, an industry group, in the negotiations on mobile app transparency. “Consumers don’t want that.”

Mr. Ingis also represents the Digital Advertising Alliance, an ad industry self-regulatory initiative that offers an ad-choices program for Internet users. The alliance, he says, has been working outside of the telecommunications agency process to privately develop its own guidelines for third parties that collect consumer data across apps.

But advocates and app developers argue that consumers should receive clear notices of mobile app and third-party data collection practices before they download apps. It would be good for consumers and for commerce, they say.

“I think app developers see the market advantage to this,” says Michelle De Mooy, a senior associate at Consumer Action, a consumer group based in San Francisco. “The goal is to provide transparency that consumers, who after all are the customer of the apps, have asked for.”

E-mail: slipstream@nytimes.com

State of the Art: Apple’s New Maps App Is Upgraded, but Full of Snags - Review

The GPS navigation screen was clean, bold and distraction-free. The voice instructions spoke the actual street names. The prompts gave me just the right amount of time to prepare for each turn.

There was only one problem: When the app told me that I had arrived, I was sitting in a random suburban cul-de-sac. Children were playing in the front yard, the sky was a crisp blue, and I was late for my talk.

As almost everyone knows by now, that’s not an unusual tale. Horror stories about Apple’s maps — and ridicule — are flooding the Internet.

The iPhone’s old mapping app was powered by Google. But in the new iOS 6 software for iPhones and iPads, Apple replaced Google’s maps with its own, built from scratch.

Unfortunately, in this new app, the Washington Monument has been moved to a new spot across the street. The closest thing Maps can find for “Dulles Airport” is “Dulles Airport Taxi.” Search for Cleveland, Ga., and you’ll wind up right smack in Cleveland, Tenn. Riverside Hospital in Jacksonville, Fla., is in the right place but the wrong decade; it became a Publix supermarket 11 years ago.

And on, and on, and on. Entire lakes, train stations, bridges and tourist attractions have been moved, mislabeled or simply erased. Satellite photo views consist of stitched-together scenes from completely different seasons, weather conditions and even years. The point-of-interest data, in particular, seems to be incomplete or flaky, especially overseas (many snarky examples at theamazingios6maps.tumblr.com).

The most stunning new feature, Flyover, offers interactive, photorealistic 3-D models of major cities — but some scenes have gone horribly wrong. The Brooklyn Bridge has melted into the river, the road to the Hoover Dam plunges straight down into a canyon and Auckland’s main train station is in the middle of the sea.

In short, Maps is an appalling first release. It may be the most embarrassing, least usable piece of software Apple has ever unleashed.

Yes, it adds spoken turn-by-turn directions, auto-rerouting and a 3-D view of your route, all of which the old app lacked. Its design is elegant, smart and attractive. Flyover is neat. And Maps works beautifully with Siri; setting a destination is as easy as saying, “Give me directions to the White House,” and off you go. The spoken instructions continue even if you turn off the screen.

But Maps is missing Street View, which lets you see street-level photos of any address (it has taken Google’s photo cars five million miles of driving through 3,000 cities in 40 countries to build it). It’s also missing public transportation guidance; where Google’s maps could show you what buses or subways to take, the new app just hands you off to a list of independent bus and train schedule apps.

And while you’re navigating, you can’t zoom out from that spare, elegant routing screen to look ahead at your itinerary — to pick a better route on your own, for example. You can tap an Overview button for that kind of map, but now you’re flipping between two displays.

As the magnitude of Mapplegate (as one of my readers calls it) became clearer, I had three questions.

First, why did Apple jettison Google’s map service, which is polished and mature? Second, how did Apple and its squad of perfectionists misfire so badly? Third, what exactly is the underlying problem, and how long will it take to fix?

After poking around, here’s what I’ve learned.

First, why Apple dropped the old version: Google, it says, was saving all the best features for phones that run its Android software. For example, the iPhone app never got spoken directions or vector maps (smooth lines, not tiles of pixels), long after those features had come to rival phones.

The even greater issue may be data. Every time you use Google’s maps, you’re sending data from your phone to Google. That information — how you’re using maps, where you’re going, which roads actually exist — is extremely valuable; it can be used to improve both the maps and Google’s ability to deliver location-based offers and advertising.

Apple, of late, has been disentangling itself from Google. (It also eliminated the YouTube app from iOS 6, although Google quickly released a free downloadable app.) So when it came time to renew its contract, Apple declined. It was no longer interested in supplying so much valuable user data to its rival.

To build its replacement, Apple licensed data from other companies.

It bought map data from TomTom, which also supplies maps for BlackBerry, HTC and Samsung phones, and even parts of Google Maps.

Apple got restaurant and store listings from Yelp, traffic data from Waze and so on — more than two dozen sources in all, Apple says.

The resulting ocean of information is many petabytes of data (one petabyte is a million gigabytes, if you’re scoring at home). Well over 99 percent of it, Apple says, is accurate.