It’s been a busy couple of days for the app police. First Apple announced a sweeping new lockdown of its app store to thwart fraudsters, then California’s attorney general published a 22-page binder of “suggestions” for how app developers should respect consumer privacy.
Both moves underline how tricky it’s become to navigate the world of app sales, a relatively fresh tech frontier that’s seen a big influx of money in a short period of time.
In Apple’s case, the company is trying to get a handle on a new trick from app scammers: upload a boring app, like a mundane game, wait for Apple to approve the app, and then swap in fake screenshots that make the app look much more interesting and fun than it really is. After legit app makers began complaining about the scam, Apple issued a fix: All screenshot updates must be reviewed by Apple staffers just like the apps themselves.
While it looks like Apple’s quality control systems will prevail in this case, the screenshot scam shows how the app market fails consumers. For example, one of the more prominent screenshot-scam apps, Mooncraft, was loaded up with scads of apparently fake five-star reviews before the crackdown. And this is just the latest example of how app scammers are gaming the system. Apple, Facebook, and other app store operators have their hands full dealing with bad actors who trick or even bribe consumers into installing and upvoting their apps.
It is probably no surprise then, given the Wild West nature of the app market, that government regulators are getting more aggressive about patrolling app stores. California Attorney General Kamala Harris Thursday put out detailed guidelines for app makers in a document called “Privacy on the Go,” intended to condense the state’s laws, as well as Harris’ suggestions, into 22 pages. The tips advise software makers to, among other things, create “conspicuous ... clear” privacy policies, to avoid collecting excess personal information, and to try and notify users whenever data is used in a way “that may be unexpected.”
Harris can’t enforce most of her suggestions. But she can pursue companies that refuse to post privacy policies like those displayed on websites. Harris interprets a 2004 state law mandating such policies on the web to also govern mobile applications. Her office sent letters to 100 top mobile app makers urging them to put privacy policies in place to comply with state law. It then sued one of the few app makers who did not comply, filing a case against Delta Airlines this past December. The attorney general’s office also convinced Apple, Facebook, Amazon, Google and other app store operators to agree to a set of privacy principles, including that they would allow consumers to have the option to read privacy policies before purchasing apps.
And Harris – the most powerful lawyer in the nation’s most populous state – is just getting started. “The world has gone mobile,” she wrote in the guidelines, “[and] the mobile environment poses uncharted privacy challenges.” With consumers using mobile phones and mobile apps compulsively, including during some of the most intimate moments of their lives, the specter of privacy violations looms large and could become a key issue for Harris if and when she decided to run for governor.
Lawmakers are increasingly taking on challenges in that mobile environment. The Federal Trade Commission, for example, on Thursday settled its first case involving both mobile apps and the Fair Credit Reporting App. For consumers, such regulatory crackdowns mean more protections. But state and federal regulations pose challenges for app makers, who each year make up a bigger portion of Silicon Valley's startup community. App makers as a group are much more attuned to the rules set by vendors like Apple and Google than those set by government. They’d be well advised to start diverting some of their fast-growing revenues to solid legal counsel.
