Lookout, the mobile security company, has announced its Mobile App Advertising Guidelines: A Framework for Encouraging Innovation While Protecting Privacy. The Guidelines provide a framework to help app developers and ad providers (e.g. ad networks and ad exchanges) to "understand how they can explore new ad display techniques and access personal information while adhering to strong mobile privacy and user choice principles."Or what?
Or, Lookout will label those companies as adware due to their "reckless mobile ad practices." Lookout Chief Technology Officer Kevin Mahaffey told CNet "I think there are a lot of unknowns about what is acceptable behavior…. We want to fix this problem before it gets so big that it needs regulation."
As the company observes, a number of mobile ad providers have adopted aggressive behavior over the last year, including pushing out-of-app ads, changing browser and desktop settings, and accessing personally identifiable information without suitable notification or transparency. Based on Lookout’s analysis, more than 5% of free apps have included aggressive ad networks, affecting millions of increasingly annoyed people.
"People want to have confidence and trust that they’re not being compromised while on devices that have access to their most personal information," said Jules Polonetsky, Director and Co-Chair of the Future of Privacy Forum. "For many years, desktop users were plagued with programs that triggered pop-ups, added unwanted toolbars, and changed homepages. These guidelines make it clear, while mobile marketing business models and practices are still developing, some practices are out-of-bounds. That’s good news for both consumers and responsible businesses."
By equipping mobile advertisers and developers with clear privacy and user experience guidelines, Lookout claims to enable growth and innovation in mobile advertising, while protecting user privacy and increasing the trustworthiness of ads.
“Mobile has become the dominant computing platform in an incredibly short amount of time, changing the lives of people around the world and creating a booming economy for businesses and app developers. In order for these great benefits to continue, everyone in the mobile ecosystem must respect individual privacy choices and hold user experience in the highest regard,” said Mahaffey.
These guidelines include the following requirements for ad providers:
- Provide comprehensive, readable privacy policies and related FAQs to their app publishing partners, making educated integration easier for app developers.
- Provide a conspicuous opt-in or opt-out for users within the mobile app if the ad network intends to access personal information like phone number, email, and name.
- Provide clear attribution to the host application for ads that appear out-of-app. In addition, ad providers that modify browser settings or add an icon to the mobile desktop must provide a readily available and actionable opt-in / opt-out mechanism to users before such behavior is triggered.
- Move away from using permanent, unchangeable device identifiers and move towards using independent and/or temporal device identifiers that provide the same level of functionality with respect to targeted advertising.
- Do not collect device identifiers that are tied to mobile subscriber identities, unless the collection of such identifiers enables a demonstrable feature or service for the user.
- Securely transport personal information, including device identifier data and personal information.