Leo Laporte was just ranting about how Color uses the iPhone's microphone to listen to ambient surroundings and today it's revealed the Fed is investigating whether bad apps illegally obtained information without consent.
It's funny, I was just listening to Leo Laporte complain on TWiT 295 about how the Color app uses the iPhone's microphone to listen to ambient surroundings (presumably to detect nearby users). While Color doesn't hide this, I'm with Leo on this one. I had no idea.
It turns out that the problem could be much worse.
WSJ reports that Federal prosecutors are investigating whether several mobile apps illegally obtained information about their users without proper disclosures.
Pandora admitted in a SEC filing it received a subpoena in early 2011 related to a federal grand-jury investigation of information-sharing practices by smartphone applications.
The Oakland, Calif., company said it had been informed it is "not a specific target of the investigation." Pandora said it believed similar subpoenas had been issued "on an industry-wide basis to the publishers of numerous other smartphone applications."
At issue is whether app developers violated the Computer Fraud and Abuse Act which was designed to prosecute hackers. The government could try to make a case that some app developers effectively "hacked" into user's devices.
In Pandora's case, both the Android and iPhone versions of its app transmitted information about a user's age, gender, and location, as well as unique identifiers for the phone, to various advertising networks. Pandora gathers the age and gender information when a user registers for the service.
Before installing an app from the Android Market it displays a concise and explicit list of exactly what access is being requested by that app (below) -- which you have to agree to to proceed. On the iOS App Store all you have to do is enter your password and the app is yours. iOS asks permission if an app requests your location or wants to display notifications.
While some iOS apps display terms and conditions on startup, it's rare because it's optional and usually only present in apps written by large developers with large legal departments. I prefer the way apps from the Android Market clearly disclose what access they need before installation.