Questioning privacy - what about usage data?

Many users question the whole concept of privacy on mobile devices. There are specific restrictions that are enforced by the platform developers - for example, whenever an application is submitted to a Marketplaces (be that Windows Phone, Android or iPhone), the developer must declare the set of capabilities his application is going to require.

For extremely private personal information, the application notifies the user about the potential usage and displays a prompt. That would be the user's location - after all, if an application will constantly track a user without his consent, it won't stay installed for long. The same doesn't apply to other information and users are somewhat more tolerant with it being shared, especially when it's collected as general usage stats.

The fact that an application sends analytical information is not set as a requirement in the pre-set requirements so unless a developer openly tells the user that he collects data, there is no direct way of knowing this. Analytics are cool and I can see where those can be useful - developers want to track the application usage and what exactly the user does to make sure that they focus on the right development areas and such (or at least that's the declared reason). The only negative aspect is when this is done without the user knowing that. Here are some of the reasons:

• It is using my data plan, and it is not free. I don't really know the amounts of information being sent, so why not let me know that I can opt-out if I really wanted to? Not everyone has unlimited data (even with a smartphone).
• I want to know what information is being collected and what events are tracked.
• Some applications send data constantly for every single event that occurs in the app itself. Due to the nature of some self-made analytics frameworks, this once again affects bandwidth and performance.
• I want to know where information is sent. It's been known that there are services out there that can use private information for ads and third-party distribution, so if that's the case I probably will opt-out.
• I would like to know the privacy policy applied by the developer. That encompasses pretty much everything I mentioned above but in a formal manner. Just a few applications I know have a privacy policy applied to analytics (e.g. 4th and Mayor has both a privacy policy and an option to opt-out).

The issue lies in the fact that the number of applications that are using analytics is growing because the default Marketplace data is not suitable to track usage stats. Developers avoid declaring the fact that their applications are using analytics because in many cases users will simply not agree to their data being shared. One might say that web analytics are doing the same thing for a long time, collecting such information as the location, IP-adress, exact page hits and so on. After all, nobody is complaining about these, right?

However, there are a couple of important differences:

• An IP address isn't necessarily associated with a specific person, while a phone is.
• In most cases there is no bandwidth cap on regular Internet use
• There is are well-defined privacy policies that are publicly availble for third party analytics services
• Most important: I can block analytics on my PC. I can't do the same on my phone if there is no in-app option.

In order to look up what applications are sending data (also, to check what data is being sent), connect your device via a wireless ad-hoc network and fire up a tool like Fiddler or Wireshark. You'll be surprised how much data is being collected without you knowing about it. Wall Street Journal already runs a report page that shows what applications (currently only on the iPhone and the Android) collect what data.