x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • The Personal Data Trade, and Apple's new permission requirement

The Personal Data Trade, and Apple's new permission requirement

The Personal Data Trade, and Apple's new permission requirement
In response to the outcry over Path, and iOS access to users' Address Books, Apple has come out and told AllThingsD that "any app wishing to access contact data will require explicit user approval in a future software release." This is raising all sorts of questions about privacy, and the personal data trade that we all make with companies. But, first of all, let's just get the blatant question out of the way: why weren't apps required before to get explicit consent from users before allowing apps to access Address Book data? Well, it sort of was and it wasn't. See, Apple has had an iOS App Guideline on the books for a while stating that developers should get authorization before "transmitting data about a user", but it wasn't a hard requirement. Now, because everyone has gone completely mental over a silly mistake by Path, Apple is making it a requirement that developers get "explicit consent" from users before the app can access the Address Book. 

Apple's concession

So, this means that we all have to get ready for more annoying dialog boxes to come popping up in all of our apps. This kind of reaction is perfectly understandable from a company like Apple, because Apple would rather make everyone's lives just a little less efficient, and add just a bit more annoyance, than ignore complaints from common users. Apple is perfectly willing to ignore complaints from power users, because that's a small group with a limited reach. However, when an issue threatens to take away the love that Apple gets from mass media outlets, that's a problem that will get fixed very quickly. Power users can complain forever about how they want widgets in iOS, but Apple won't bother, but if common users are scared that apps are accessing their address books, suddenly Apple has a new mandate for all developers. 

Here's the issue we have with this reaction: it's punishing the wrong people. Essentially, this new rule punishes users with more annoying dialog boxes to deal with, and it punishes all developers rather than the ones that are misusing user data. The problem with Path was not that it had access to user address books. The real problem was that Path was storing user address books on its servers, and keeping them in order to be able to continuously check and alert users when new people that they knew joined the service. Yet, somehow everyone has completely ignored that issue in order to rage against another perceived attack at user "privacy". 

Fighting wrongdoing rather than fear

Don't get us wrong, apps should be open about when and how they access user data, and companies should never store user contact data without consent, but that's as far as it needs to go. Path deserved to get some heat because it was storing user address books on its servers, but it is not some huge invasion of privacy that social apps access your address book. If you want to find friends through an app like Path, foursquare, Yelp, etc., how exactly would you expect that app to figure out who you know? It will access your address book. That's the way this stuff works. There is no value in social apps without knowing who you know and making those connections. Making it a requirement that every app get explicit permission before accessing the address book is overkill that's targeting the wrong problem, and all it will do is add a bit more annoyance to millions of users' daily lives. 

The problem is not that these apps have access to this data either. As was the same issue with Google's new privacy policy and Verizon's privacy policy before that, the only real problem was that the story about Path suddenly made people aware that their address books were being used. We shouldn't be wasting time fighting people's fears, because fears are nothing more than not understanding something, and not understanding the role you play. 

This awareness that apps use address data leads inevitably to fear, because people don't seem to understand how all of this stuff works. So, let's try to break it down: social apps need to make connections with the people that you know in order to give you any sort of value, and that means access to your contacts. The other side of the conversation is that ambiguous word "value." Value is a very personal thing, and when it comes to the Internet and apps, value is something that many people see as a one-way street. It is always seen as companies taking our data and giving nothing of value in return.

The Personal Data Trade

Likely, this is because that is how the personal data trade has traditionally gone down. Well before the Internet came along, advertisers got your information from newspaper subscriptions or cable subscriptions in order to send you ads. Every time you signed up for a "member's rewards card" at a store, you were trading those savings (which stores were offering before anyway) for your address and therefore more catalogs and advertising in your mailbox. Every time you dropped your business card in a bowl to "win a free lunch", you were trading that chance to win for your address and of course more ads in your mailbox. Personal data is currency, and it always has been, there's nothing new there. Of course mass media makes no attempt to change this view, so whenever software uses personal data, it is seen as though the tech company is "stealing" data and using it without giving users anything in return. The difference is that this trade is no longer as much of a one-way street as it has been in the past. 

The Internet adds major new benefits to the personal data trade dynamic. First, you control your data far more than ever before and more and more you can see where and how it is used. This level of transparency has never been around, and unfortunately it is a double-edged sword. We know far more about how our information is used, which means we can complain when we see misuse, but the visibility makes people think it is a new phenomena that has come along with technology. As we've covered, this data trade is nothing new, but the transparency allows us to control our data far better. More and more, we know how company's gather and use our data, and can act accordingly. The one big exception are Internet Service Providers, which know everything you do on the net, far more than Facebook, Google or anyone else, yet have no obligation to tell you how they use that data. 

Another major benefit of the Internet has been that you don't need to give personally identifiable data in order to get value. This is one benefit that is slowly fading, because personally identifiable information is far more valuable than simply personal data. You can give very little and you can still get a ton of value from Google with targeted ads, better search results, etc. even if you never sign-in to Google services. Your browsing history, search history, etc. has value on its own. Even when you are signed in, your data may be connected to demographic information or location information, but that still doesn't tell anyone who you are, and yet you get even better value for your data. And, this is all separate from the various benefits that we described before that could come from Google's new unified privacy policy, and its ability to mix together your data from different Google services.

The biggest benefit of all, however, is that the trade of personal data is no longer your data for some vague savings or potential to win something. Now, the trade is your data for a full service. Some people rage about how Facebook should be paying them for all of the data that it has. Of course, this is absolutely absurd. In the Internet world, we trade our data for the services that we use. Google connects us to any information we are searching for, and all we have to pay is a bit of attention to the ads on the side of the page and, if we choose, we can give Google our search history as well. Facebook connects us to everyone we've ever known (whether we want to or not), and we willingly add data to that machine, because it makes the service better. 

Conclusion

And, that's the dirty secret that people haven't yet understood, or are still choosing to ignore. Social companies aren't built on taking our data, they are built on us sharing that data both with them and with our networks that we build with the help of those companies. Facebook would be useless without people sharing data on it, and Path would be just as useless if it had no way to connect you with your friends.

We have every right to get angry and fight back when companies misuse data like Path did, but that doesn't mean we restrict access to everyone. We just have to be careful how and where we direct our anger, and we have to be very careful how these issues get framed. We all get quite a bit of value from social networks, and those networks need access to who we know. However, as long as the companies are transparent about how our data is used, all we need to do is fight back against misuse, not against the fear that maybe our data could be misused. 

And, maybe more than anything else, we have to make sure that we help those who are scared of these new services understand why there really isn't anything to fear, but rather there is a lot of value to be gained. If you think this article could help in getting the word out, please feel free to share it wherever you'd like. 

source: AllThingsD

14 Comments
  • Options
    Close




posted on 15 Feb 2012, 16:15

1. squallz506 (banned) (Posts: 1075; Member since: 19 Oct 2011)


great read. i remember when i picked up my optimus v a year or so ago the sales rep recommended that i do not share my location data with google (this was when that scare was going on), obviously he didnt understand the tradeoffs. but i do, i knew i wanted search results relevant to my location and that was a fair trade for me.

posted on 15 Feb 2012, 17:07 1

2. protozeloz (Posts: 5369; Member since: 16 Sep 2010)


There was one thing I never understood about iOS is why it never used a permission based system similar to Android. The user gets a message telling them what information they need from your phone to the points it affects the score of an app when permission are changed and creates a certain awareness from the user in why app X needs permission Y and Z. It also helps detect fake apps and help advanced users provide more bugs and errors easier (Skype bug, Dolphin bug) you don't have to worry about an app using your contact if you have not told the OS previously the app can use the contacts and there is no annoying pop up message. And in come cases you can even revoke access using an app with SU or a custom rom.

posted on 15 Feb 2012, 18:23 4

3. MichaelHeller (Posts: 2650; Member since: 26 May 2011)


That goes against Apple's design philosophy. Apple would rather hide how things work in order to make a simpler experience for users.

posted on 15 Feb 2012, 19:26

5. protozeloz (Posts: 5369; Member since: 16 Sep 2010)


well that's true, but it also causes panic when people are not told what the app needs to take form you or what they need from you and thing go all WW3 on small things (location, contacts etc) nothing is perfect I guess,

posted on 15 Feb 2012, 19:14 2

4. medicci37 (Posts: 593; Member since: 19 Nov 2011)


Everyone has gone completely mental because of a simple mistake by Path" WTF? What Path did was not a silly mistake. The author doesn't seem to understand, but people have a right to expect these companies respect their privacy!

posted on 15 Feb 2012, 20:00 3

6. squallz506 (banned) (Posts: 1075; Member since: 19 Oct 2011)


Maybe you should read the article again.

posted on 16 Feb 2012, 02:55

11. Victor.H (Posts: 406; Member since: 27 May 2011)


I second the frustration with that particular sentence.

posted on 16 Feb 2012, 08:35

12. protozeloz (Posts: 5369; Member since: 16 Sep 2010)


another writer!? :O

^this is needed

posted on 16 Feb 2012, 17:55 2

14. MichaelHeller (Posts: 2650; Member since: 26 May 2011)


Yes, it was a silly mistake. All Path did was store your contacts and the only way your contacts were used were to tell you that other people you know joined the service. Path didn't sell your data or anything else.

So, where exactly was the invasion of privacy?

posted on 15 Feb 2012, 20:51 3

7. bayusuputra (Posts: 941; Member since: 12 Feb 2012)


read the article, and then scrolled back to see who wrote this..
no wonder..

great article as usual, Michael.. thanks!

posted on 15 Feb 2012, 22:56 1

8. ChafedBanana (Posts: 355; Member since: 20 Sep 2011)


Blah, blah, blah. In conclusion......blah, blah, blah.

posted on 16 Feb 2012, 01:15

9. dreammixer (banned) (Posts: 81; Member since: 10 Feb 2012)


Totally disagree with this article. When you install a new app you will get asked once yes/no. It only takes a second and gives the user control.

posted on 16 Feb 2012, 08:36

13. protozeloz (Posts: 5369; Member since: 16 Sep 2010)


you read the article dude?

posted on 16 Feb 2012, 01:29

10. roscuthiii (Posts: 1785; Member since: 18 Jul 2010)


Par for the course Michael, another great article.

Want to comment? Please login or register.

Latest stories