Apple sued for mobile app privacy breach

Reports say iPhone and iPad maker has been slapped with a lawsuit in the U.S. alleging that apps running on its mobile OS sent out information to ad networks without users' consent.
Written by Kevin Kwang, Contributor

Apple is being sued by a U.S. resident for allowing iOS-based mobile apps that run on its iPhone and iPad devices to transmit users' personal information to advertising networks without their permission, according to news reports.

Bloomberg, for one, reported that the complaint, which was filed on Dec. 23 in a U.S. federal court in California, alleged that Cupertino's iPhones and iPads are encoded with identifiers, specifically the Unique Device Identifier (UDID). The UDID then allows advertising networks to track what apps users are downloading, how frequently they download content and for how long, the report noted.

Besides Apple, developers of apps such as Pandora, Paper Toss, the Weather Channel and Dictionary.com were singled out as defendants in the lawsuit. Their inclusion was based on the allegation that these apps are "selling additional information to ad networks, including users' location, age, gender, income, ethnicity, sexual orientation and political views", stated Bloomberg, citing the lawsuit that was filed.

The claim runs counter to what Apple professes to be doing, which is that it would review all applications submitted to its App Store before publishing them and disallow apps to transmit user data without customers' permission, the report noted.

Also citing the lawsuit, the Wall Street Journal added: "Apple...purports to have implemented app privacy standards and claims to have created 'strong privacy protections' for its customers."

The class action, or group, lawsuit was filed on behalf of users who have downloaded an app on their iPhone or iPad between Dec. 1, 2008 and Dec. 23, 2010. The Journal went on to report that the claimant is seeking damages, restitution and an injunction that in part requires defendants to provide "notice and choice to consumers regarding defendants' data collection, profiling, merger and deanonymization activities".

The lawsuit was filed less than a week after the Journal had raised the issue of personal information being transmitted without users' consent.

On Dec. 17, the newspaper had published a report stating that based on its study of 101 mobile apps for Apple's iOS and Google's Android mobile platforms, 56 of the apps had transmitted the phone's UDID to other companies without users' awareness or consent. Another 47 apps transmitted the phone's location in some way while five sent age, gender and other personal details to outsiders.

Mobile platform operators, though, are not the only ones being scrutinized for how they protect users' privacy. Popular social networking site Facebook is also in the spotlight, following the revelation that a data broker had been buying up user information from developers.

A November report revealed that Facebook apps were transmitting user IDs, which can be used to look up users' names and, in some cases, the names of their friends, to at least 25 advertising and data firms. Developers who were found to be guilty of selling user information to the broker had received a six-month suspension and would have to submit their data practices to an audit in the future, according to Facebook.

Editorial standards