IDG News Service - Delta Air Lines quickly published a privacy policy for its mobile application on Friday after the company was sued by California's attorney general, but a privacy researcher has already found a fault with it and the app.
Ashkan Soltani, who was previously a staff technologist within the Division of Privacy and Identity Protection at the Federal Trade Commission, found that Delta's updated iPhone application reveals a unique device identifier (UDID) to third-party advertising networks, which is not noted in the privacy policy.
A UDID is a 40-character sequence of letters and numbers assigned to a piece of hardware, such as an iPhone or an iPad. Developers have used UDIDs for authentication and tracking purposes, but the practice is frowned upon as a potential privacy concern. In March, Apple stopped accepting iPhone and iPad applications for submission to the store that collect and share UDIDs.
Soltani analyzed Fly Delta using an application called MobileScope, that he and two other researchers, David Campbell and Aldo Cortesi, developed. MobileScope analyzes mobile applications to see what information the applications handle.
Soltani wrote on Twitter that Delta does not say in its privacy policy that it shares the UDID with third parties. He described the behavior as "silly."
California's lawsuit alleges that Delta violated the state's Online Privacy Protection Act for failing to include a privacy policy in its app, which has been distributed since at least October 2010. California Attorney General Kamala D. Harris has aggressively pursued companies this year to comply with the law, which is intended to give consumers more visibility over how their personal information is shared.
Delta could face a penalty of $2,500 for each time a non-compliant mobile application is downloaded, the attorney general's office said. The application has been downloaded millions of times from Google's Play and Apple's iTunes application markets, according to the lawsuit.
Delta published an updated version of its application on Friday, noting in the update on Apple's iTunes store that Fly Delta now has a privacy policy.
Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
