Device Apps
Applications and Websites
For many years, mobile devices were relatively limited in function – typically providing only voice and SMS (or “text”) messaging. During this period, the mobile carrier served as a one-stop shop for the entire mobile user experience. The carriers provided the user’s equipment and services, as well as the few programs (or “applications” or “apps”) the device was capable of running.
Times have quickly changed. Although today’s wireless devices still provide plain old “phone” services, many more closely resemble personal computers than telephones. Today’s devices are often capable of running an array of applications that are increasingly available from various online “markets” and also provide an increasingly computer-like Web experience.
Although mobile carriers such as T-Mobile still provide the foundation equipment and services, in today’s environment, more and more entities (“third-parties”) are offering downloadable applications directly to consumers. Just as computer makers or Internet Service Providers (“ISPs”) don’t control the computer software a user chooses to run or the websites a user may visit from her computer, mobile carriers have less and less control over these user choices on their mobile devices. Specifically, the mobile carriers generally cannot dictate or control the information collection, use, and disclosure policies of the third-parties with whom the user chooses to interact through their mobile devices.
For example, if a user installs a third-party application or visits a third-party website on their mobile device, the privacy practices of the third-party will govern the way in which the user’s personal information may be gathered and used – not T-Mobile’s policy. The application or website may even access certain information stored on the device (for example, the user’s contact list or photos). For this reason, users must be aware of and cautious about those with whom they are dealing and pay close attention to the terms of use and privacy policies of these third parties.
Examples of potential activity on today’s mobile devices include:
• A mobile carrier hosts a mobile webpage on which it offers games, ringtones, and other content for purchase, and the mobile carrier gathers information about the mobile user’s interests and purchase history within that site in order to provide future recommendations and offers. In this case, the mobile carrier is solely responsible for its own information practices on the mobile site. This mirrors the traditional relationship between the carrier and user.
• A mobile carrier provides broadband access service that allows a user to visit websites hosted/operated by third-parties from their mobile device. These third-parties gather information about the consumer’s activities within the third-party websites. In this case, the mobile carrier cannot control and is not responsible for the personal information practices of the third-party. Instead, the third-party website operators are responsible – just as any website operator is responsible for their applicable information practices when visited by a user from a personal computer.
• A mobile user downloads a third-party photo-sharing application on a mobile device (from one of several “markets” for such applications). Among other things, the particular third-party application may automatically upload all photos taken by the mobile device and stores them on the third-party’s network servers. The mobile carrier cannot control and is not responsible for the third-party application’s access to photos on the device or how the third-party otherwise collects, uses, or shares information about the user. Instead, the third-party application provider is responsible for its own information practices associated with the application.
Today’s mobile devices provide many of the same computing and Internet capabilities that personal computers provide – leading to unprecedented innovation and consumer convenience. But these changes also require increased user awareness of the privacy implications when dealing with third-parties. As is the case with the personal computer, mobile device users must pay attention to the personal information policies of the applications they choose to download and the websites they choose to visit. In sum, mobile device users must always ask: “Who is gathering/using/sharing personal information in connection with a specific device application (i.e., who is the application provider) or mobile website (i.e., who is the website operator), and what are my options for controlling how my information is treated?”
