18 firms sued for using privacy-invading mobile apps
Facebook, Apple, Twitter are among those charged in class action suit with surreptitiously taking user data
Computerworld - Facebook, Apple, Twitter, Yelp and 14 other companies have been hit with a lawsuit accusing them of distributing privacy-invading mobile applications.
The lawsuit was filed by a group of 13 individuals in the United States District Court for the Western District of Texas earlier this week. The suit charges 18 companies with surreptitiously gathering data from the address books of tens of millions of smartphone users.
"The defendants -- several of the world's largest and most influential technology and social networking companies -- have unfortunately made, distributed and sold mobile software applications that, once installed on a wireless mobile device, surreptitiously harvest, upload and illegally steal the owner's address book data without the owner's knowledge or consent," the lawsuit alleged.
The lawsuit seeks a permanent injunction against such data collection and the destruction of all personal data collected by mobile application vendors so far.
Most of the plaintiffs are from Austin and describe themselves in the complaint as users of Apple's iPhone users Android-powered handsets.
One of the companies, social networking service Path, was pressured last month into issuing a public apology after a Singapore-based programmer wrote a blog post describing how the company's journal application for iOS- and Android-based phones was secretly collecting address book data.
The apology by Path co-founder and CEO Dave Morin acknowledged that the company had made a mistake in gathering the data but noted that the information was collected purely to improve the quality of friend suggestions made by the application.
This week's lawsuit appears to have been inspired, at least in part, by an article in the New York Times in February which highlighted the practice by Path and several other developers and distributors of smartphone applications to collected data from address books without the user's permission. The article, headlined Mobile Apps Take Data Without Permission , was cited several times in the 152-page complaint.
The lawsuit comes at a time when privacy concerns over mobile applications appears to be steadily rising.
On Wednesday for instance, two senior lawmakers asked Apple for more details about the company's privacy policies for mobile applications running iOS software.
Rep. Henry Waxman, ranking member of the House Energy and Commerce Committee and Rep. G.K. Butterfield last month had asked Apple to respond to a series of questions about the company's polices for vetting the privacy practices of iOS mobile application developers.
The questions were prompted by the controversy surrounding the Path disclosure.
Apple submitted its initial responses earlier this month.
However, the two lawmakers this week contended that the letter did not answer all their questions and asked that Apple representatives brief members of the committee on the remaining issues.
Earlier this month, U.S. Senator Charles Schumer (D-NY) called on the Federal Trade Commission to investigate Apple and Google following reports that some iOS and Android applications uploaded photos from mobile phones without the user's knowledge or permission.
Apple, Facebook, Yelp and Foursquare did not immediately respond to a request for comment on this week's lawsuit. A Twitter spokesman said the company did not comment on pending litigation.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts