But Ashkan Soltani, an independent researcher and consultant who also testified at the hearing, suggested that Tribble’s explanation was disingenuous. For users who live in urban areas, Soltani said, the data on phones pinpointed hot spots as close as 20 feet away—which, he argued, is effectively the user’s location. “We need a clear definition of what ‘location’ means,” he said, and also called for more clarity about what constituted an “opt-in” policy.
The picture gets even muddier when third-party apps are considered. “Users don’t have a very good idea about what a lot of the applications on their phones are doing,” says Stuart Anderson, cofounder of Whisper Systems, a company that makes security and privacy software for Android phones. “Applications ask for very broad permissions.” Anderson notes that these permissions include the functions users expect, but might also cover unexpected actions from third-party code, such as monitoring used by advertisers.
To make matters worse, users don’t have fine-grained control—Anderson notes that they don’t have the ability to adjust a phone’s behavior or give selective permissions (his company recently released a product designed to do just that).
Apple, which observes a strict review policy for entrants to the App Store, seems to hope that its design standards will keep third-party apps on their best behavior. “What we need to do is put things in the user interface that make it clear what the app is planning to do,” Tribble said. He pointed out that Apple currently has an icon that shows whether an app has used location data within the past 24 hours. He said that Apple doesn’t believe that providing a technical means of limiting the information that apps can access would work. Instead, he said, the combination of the review process and design decisions would provide sufficient quality control.
Alan Davidson, Google’s director of public policy for the Americas, pointed to Google’s contrasting vision of an open app market. Instead of Google reviewing apps, Android devices are designed to recognize what an app is asking for, and alert the user, he said. Google has worked hard to make the resulting notifications understandable and useful, he said.
Both companies argued that they weren’t responsible for what apps do on their platforms. Such a stance, however, is unlikely to appease regulators or customers, which means that Apple and Google may soon have to take more responsibility for how third parties behave on their platforms