Photo: Boonsri Dickinson, Business Insider
If you’re a startup, Ashkan Soltani is the last guy you want to stumble across your app and sniff out what kind of information you’re accessing.Soltani is an independent consultant that works on security and online tracking issues, and spends his days digging up what information is available to apps, carriers, and websites. When he detects a company has gone too far, it usually makes national headlines.
Most recently, he helped the Wall Street Journal unravel how Google was circumventing the default privacy settings on Safari.
“It’s like breaking into a bank to deposit a check, but inadvertently robbing the place,” Soltani said. “Recently we’ve seen these issues keep popping up with regard to personal information. Developers will write software that accesses personal data and want to do something cool with it. That’s where a lot of the tension comes from,” he added.
Soltani breaks down why developers make mistakes and suggests some ways to keep privacy issues from embarrassing startups:
- It is polite to ask: Regarding a different recent privacy flap, where Path and other iPhone apps were uploading users’ address books without permission: “Some people might be fine with it, in fact my feeling is most people would be fine with it, if you asked. The iPhone relies on the developer and the Apple approval process. Path was accessing contact information. Someone in the Apple approval store decided that it was OK for Path to access contacts …. Android does a better job at asking for permission, with the exception of photos.”
- Have some manners: “People that write the software might not have the same sensitivities. Geeks are typically asocial and aren’t concerned with this stuff as the average user may be.”
- Don’t surprise users: “You are the wrong guy to do this test if you are the app developer. What you want to do is ask a friend, your mum, or even ask a focus group, to see if there’s anything surprising that the app has access to.”
- Don’t be greedy: “Platforms themselves have mixed incentives. When you purchase an Android phone, the software is free. Google doesn’t charge you for the software. But Google makes money from that exchange and monetizes the software from the sale of apps and display of ads, both of which require a rich personal ecosystem to work. In order to have a rich ecosystem, apps collect location information, contacts, and photos. So the platforms make this stuff available, but maybe they don’t get the balance right.”
- No privacy rules: “There are little restrictions on secondary use of the data. You tell Google you like a band because you do a Google search and they use that to target ads to you. Maybe that is OK. I don’t know if most people know that.”