Android users should be very familiar with the installation dialogs they encounter when they install software from the Android Market. Essentially, users are told which services the app will access and asked if they still want to install it. Usually we click OK. Why wouldn't we want a location-aware service to access our GPS? That's the whole point. Unless, of course, those services are transmitting up-to-the-minute location data to servers for purposes other than giving you the services you expected. Which is precisely what several randomly selected applications from the Android Market were doing in a recent study by Duke, Penn State, and Intel Labs.
In fact, they aren't really doing anything wrong. When the app asks if it can have access to your GPS data and you say yes, then they're entitled to it. As Ars Technica points out, however,
It's a practical security measure, but one critical limitation is that there is no way for the user to discern how and when the application will use a requested feature or where it will send the information...The user has no way of knowing, however, whether the application is also transmitting that information to advertisers or using it for malicious purposes. Making the permission system more granular might potentially address those kinds of problems, but would also have the undesired affect of making it too complex for some users to understand.
Exactly. What they said. While the app makers might be stepping over some ethical or moral lines, clearly they aren't doing anything illegal. So how can Google solve this problem? Obviously they can step in and require greater transparency from their app developers but not only risk alienating an already tenuous developer community but also increasing complexity for users as Ars suggested. Similarly, creating guidelines preventing the sort of data mining and exploitation that is cropping up on a host of applications would help consumers, but may drive away developers looking for new revenue streams.
Again, as Ars suggests, Google does its own fair share of data mining (I don't care what Google's CEO says -- Google is the ultimate data miner), providing value to their advertisers, shareholders, and users through better search and relevant ads. The same could be said of the app makers mining our location data. However, by this time, most consumers know at least at a very rudimentary level what Google does with our search and Gmail. The same can't be said of apps that are downloaded willy-nilly by a population still glamoured by the novelty of little free applications that can do all sorts of seemingly wonderful things.
It's for this reason that the idea of an Amazon App Market on Amazon starts looking a lot more appealing. Developing an ecosystem of applications with a bit more oversight than can be expected from Google's laissez-faire approach means that users would have a trusted repository of applications from a brand that tends to inspire more confidence than Google's privacy-checkered name.
If Google not only wants to keep developers happy but also protect its consumer base and fend off competition from Amazon, it needs to address this issue quickly. How? The Google folks are all pretty bright, even if their concepts of privacy aren't always aligned with ours. I bet they can come up with something. On the double.