Back of the Envelope | Jonathan Wegener's Technology/Marketing Blog » questionable conduct http://blog.jwegener.com Jonathan Wegener's Technology/Marketing Blog Mon, 23 Aug 2010 14:50:54 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Think Palm and iPhone ‘Spyware’ is Scary? Try Google Android http://blog.jwegener.com/2009/08/20/iphone-spyware-google-android-worse/ http://blog.jwegener.com/2009/08/20/iphone-spyware-google-android-worse/#comments Thu, 20 Aug 2009 06:46:07 +0000 Jonathan http://blog.jwegener.com/?p=501 Lions, Tigers, and Spyware on Phones, Oh My!

Mobile spyware is the focus of the tech media’s latest frenzy. It started when a hacker discovered that the Pre sends back location data about users to Palm.  Next, a blogger ‘discovered’ that certain iPhone apps also phone home.  The frenzy came to a head when ReadWriteWeb published Dear iPhone Users: Your Apps are Spying on You.

(from www.flickr.com/photos/gerlos/3119891607/)

(from www.flickr.com/photos/gerlos/3119891607/)

This article focused on the NYC-based iPhone Analytics company Pinch Media. The issue? Pinch Media’s software allows developers to learn a lot about their users: Apps with geolocation features can return information about the location of their users. Apps using Facebook Connect can even return demographic information (gender and age) about their users.

Of course, there’s no personally identifiable information here. It’s all aggregate anonymous information — and this has been Pinch Media’s response to the issue. Tracking anonymous information for benign purposes is analytics — not spyware. At the end of the day, developers simply don’t know all that much about their individual users. It’s not like they can identify them by name, right? RIGHT?

Well, um, on that note… we know the full name and location of each and every Android user with our app.

How?!  Did we build in some sneaky spyware into Exit Strategy NYC?

Nope.  Google tells us. This information is part of the Google checkout process behind android app purchases.  Each app download contains the full name of the user:

androidpurchases

Clicking on the order number reveals a more detailed page containing the billing city and zip code of the user:

androidpersonalinformation

Creepy?  Absolutely.  A google/facebook/linkedin search can reveal incredibly detailed information about every android user with our app. Furthermore, this information is pushed on us — I certainly didn’t choose to see this detail about our users!

Seeing this level of user information displayed was extremely alarming at first. But when you think about it, it’s really not that surprising. Google Android purchases are processed through Google Checkout — the same system that applies to e-commerce transactions.  Certainly I would need to know my customers’ personal information if I were shipping a physical product.  Should digital purchases be any different?

Possibly Related Posts:


]]> http://blog.jwegener.com/2009/08/20/iphone-spyware-google-android-worse/feed/ 20