Six Lines

Smartphones and Social Networks

Posted by Aaron Massey on 12 May 2011.

The Wall Street Journal on the privacy risks of smartphone applications:

Mr. Cortesi said the gaming company, OpenFeint, fixed the Facebook and location issues after he contacted the company about a month ago. California-based OpenFeint provides a gaming network that has more than 75 million registered users across more than 5,000 games, according to the company. Mr. Cortesi described his findings in a blog post last week.

OpenFeint did not immediately respond to a request for comment.

The biggest risks from OpenFeint may have been resolved, but the study raises questions about the way app makers and their partners handle the phone identifiers.

Though they focus on OpenFeint, this could apply to any smartphone app that asks you to connect to Facebook, Twitter, Google, or any other online account. The article cites a previous study the Wall Street Journal conducted on smartphone apps as evidence.

Reputable companies wouldn’t intentionally do things like this, but the update at the end of the article is probably more representative of the state of smartphone application development:

OpenFeint says that upon learning of the vulnerability it immediately stopped transmitting location and disabled the use of Facebook for profile pictures on the service. “We are not aware of any of our user’s information falling into the hands of any third parties as a result of this issue,” CEO Jason Citron said.

The company added: “OpenFeint takes privacy concerns seriously and is constantly monitoring privacy developments in a rapidly evolving industry. We are committed to developing and implementing state of the art privacy policies and to protecting our users’ personal information to the best of our abilities at all times.”

They just don’t know about these privacy problems. What smartphone app doesn’t want to be able to put a Facebook or Twitter logo on their product at some point? From their perspective Facebook and Twitter are incredibly popular and easy to interoperate with. Potential risks to the user aren’t always immediately clear. Add in the fact that most smartphone apps are made by tiny software development teams, often just one or two engineers, and you’ve got a recipe for bad privacy practices.