Apple Hit with iPhone Data Privacy Lawsuit

| News

Apple is facing yet another lawsuit, this time over allegations that the company is violating customer privacy by allowing third party iPhone apps to collect the device’s unique identifier number. The lawsuit also alleged that Apple is allowing developers to download user’s Web browsing history without consent.

The case was filed by Anthony Chiu in San Jose, California, for violations of state business and privacy laws, according to InformationWeek. The filing stated that by launching an app, or tapping an in-app ad, developers are able to download user’s UDID device number and Web browser history.

The complaint alleges, in part:

Anyone who has used a mobile device to browse the Internet to obtain advice about hemorrhoids, sexually transmitted disease, abortion, drug rehabilitation, or care for the elderly; to search for jobs, seek out new romantic partners, engage in political activity; in fact, to do more or less anything; can be reasonably sure that the browsing history created by such investigation has been incorporated into a detailed dossier for sale to marketers.

“Transmission of the UDID would allow the recipient to identify exactly what a user is browsing and, together with other information, where they are at any given time,” said Andre Rado of Milberg LLP, the law firm representing Mr. Chiu. “In addition, there are are disclosure-based and contract-based claims in the action.”

Along with Apple, the suit lists 50 unnamed defendants, hinting that at some point third party developers may get drawn into court as well.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

13 Comments Leave Your Own

Nemo

I wish Mr. Chiu good luck in his suit, and I hope that he prevails.  Should Mr. Chiu be successful, his suit will set a precedent that other courts and the FTC hopefully will follow.  Right now, nearly all who develop apps act as if they have absolute license to invade the privacy of those who use mobile devices and, for that matter, any device and as if a person has no interest in keeping his private data private.  That must stop, and instead we must at least establish a legal regime where a person must give his informed consent to the collection, use, and storage of his personal data.

Tiger

I too hope he succeeds in causing a change of policy in such that retail stores cannot sell your data to marketers, each other, etc. It’s gotten ridiculous.

Nemo, good choice of words…informed consent. Most people consent without ever reading a word of the language.  They’re given the opportunity, but never avail themselves of it.

Sounds like EULAs now, doesn’t it? tongue laugh

Nemo

Tiger:  “Informed Consent” is a legal term, which does not include a person choosing not to read the contract that is presented to them.  Informed Consent is providing a reasonable person sufficient information in a form that a literate person with at least a high school education can understand so that person has the opportunity to read and understand the obligations and considerations that the contract offers, or at least be aware that they don’t understand and, therefore, need to take counsel before entering the contract.  Apple certainly does that with its EULA.  If, however, you choose not to read Apple’s EULA or any properly drafted EULA, that is on you, as the law imposes on you the obligation of reviewing contracts before you enter into them.

Evan

I myself am an iOS developer. You are running the app under the developers EULA (which is generally provided by apple).  The EULA allows our apps to access your data.  You gave us permission to do so when you accepted the iTunes terms and conditions and when you purchased the app.

Nemo

I am thoroughly familiar with Apple’s iOS developers’ agreement, and it does not permit developers’ apps to access at least certain customer’s information that is categorized as personal information.  To access that information through an app, the developers must ask the customer’s permission to do so in the app.  If the customers refuses to consent, the only option for the developer is to either change the terms or not provide the app.

Christopher Edwards

So what choice do we as consumers have? If I don’t agree to the EULA’s then I have a useless device. If I want to use iTunes, or Apps, I HAVE to agree. I have no other option. None. No agreement, no iTunes, no Apps, no nothing.

The way it should work is this…if I agree to the EULA then developers/Apple can collect my data. If I don’t agree, I still can use the app as if I had agreed, but you just don’t get my data.

Nemo

Dear Mr. Edwards:  You only have a useless device, if you want it.  What you can do, if you reject the EULA, is return your device of software, whatever, for full credit.  You get your money back and, in Apple’s case, Apple get its device back.

For an app, you either agree to the terms, or the app disappears, and Apple or Google, as the case may be, credits your credit card.

And that is the way it should work and does work.

Chris Edwards

No. I have a useless device because a device is only as good as the software. Without it, it’s is useless.

Many times, I buy the software, then I am asked to agree to the terms. As a consumer, I should be able to give my permission to have the data collected. If I don’t agree I should still be able to use the software. I paid for it. Why should my use of the software that I pay for depend on me allowing developers peeking into my private data?

Why because that data is a profit center for developers and it can be sold. That’s wrong for consumers.

Nemo

I think that I see your point, but Apple can’t guarantee that some one else will provide their property, which is what the copyright in software is, on terms that are agreeable to you.  While you not having an app that you want may diminish the value to you of your iOS device or Mac, everybody has the right to sale or lease their software on their terms.  To which you can either say yes or no.  The most that Apple and/or the government can do is to say that an app can’t have your personal data without your permission.  Then you can read the EULA for the app, decide whether you accept the terms.  If not, then no app for your device.

Your proposal that you can decided to reject the developers terms and still get the app is nothing short of theft, and would simply lead to developer not developing any apps.  Right no you can see Apple’ EULA for its devices and software, so you know whether you can live with Apple’s EULA.  And Apple should require each developers to post its EULA for its app online, so that you can determine whether you will be able to get the apps that you need or want on terms that you accept.  But to say that you get the app, some of which get most or at least a significant part of their revenue from personal info, cause the business model to collapse and takes the developers software, which is his property, without the compensation that he bargained for.  Maybe in a communist state but not in America.

Christopher Edwards

Theft? I don’t see how it’s theft. A developer creates an app or program and prices it for $30. I pay $30 for the app and download it. How have I stolen the app?

Maybe they do this…price the app for $40 if I agree to the EULA. Price it at $50 if I don’t. This way any loss of “personal data revenue” will be made up by a slightly more expensive app.

As a consumer I can decide “Do I want to a cheaper app and give them my info or do I want to pay more and keep it private”

I can have an iPhone or MacBook full of software that I have payed more for but my info is private or I can have a bunch of software that I have received at a discount but I give my permission to have my data mined.

Nemo

The developer didn’t price it at $30, if the deal also include certain of your personal info.  The price was $30.00 plus your personal info according the terms agreed upon, and those are the terms on which the developer agreed to provide his app and not only $30.00. 

And as for how someone prices their property, whether it be $30.00 plus info or $50.00 without info, well that is for the owner of the property, the developer, to decide.  You only get to decide whether you wish to pay that price, both the monetary and non-monetary consideration.  If the developer wants to offer you a deal where you pay more but don’t provide your info, that is fine.  But if he doesn’t do that, that is his right too, for under the U.S. Const. no government in the U.S. can force a developer to offer certain terms for his software, because the U.S. Supreme long ago settled the question of whether a copyright is property:  it is property.  And, therefore, the terms for selling or leasing software, and most software is leased and not sold, as long as those terms are for legal consideration and don’t violate other applicable law, are solely at the developer’s discretion, just as you solely decide the terms on which you will sell or lease your house.

Christopher Edwards

Where did I say or imply that developers should be forced to price their creation in a certain way? Where?

I am simply saying that we as consumers are in a trap when it comes to software. If we don’t agree to terms then we don’t get the software. If we don’t get the software, we have an electronic device that is useless.

What other option do I have for iTunes that DOES NOT have some sort of agreement? Without iTunes, my iPhone doesn’t do what it’s supposed to and it’s usefulness is diminished.

You said that that data that is collected is more revenue for the developer. I am saying have two different prices for the software. A cheaper version where I agree to the terms and a more expensive version where I don’t.

Why is this such a bad thing? I’ll pay for the right to keep my data private and the developer makes more money on that sell by charging more.

Is it wrong if I use a program like Little Snitch to prevent my computer from dialing out and sending my information? Facebook has now said that all the photos that users have posted are owned by Facebook and can, if Facebook wants to, be used in advertising.

Wanna that photo of your mom used in a print ad? You agreed to the terms. How about that photo of your brother you posted to your Facebook page in memoriam because he was killed in Iraq? Maybe that would make a great banner ad for Facebook.

I’m willing to pay more for software to keep my data private. I bet others are also.

Nemo

Dear Mr. Edwards:  I didn’t saying paying more for privacy is bad.  I too would pay more to keep my personal data private, so I agree with you on that point.  But it will be up to the developer to offer such terms, because the app is the developer’s property.

As for whether using Little Snitch would be actionably wrong, I couldn’t say without seeing the particular EULA agree to.  However, as a practical matter, so few people even know what Little Snitch is, much less use it to control what leaves their computer, that such control of personal data won’t be a problem for developers, Google, or Facebook and their ilk.

My preferred approach is simply not to use apps or services that require the sacrifice of my privacy.  And yes, that does mean that I don’t use a lot of apps and services.

Log-in to comment