Last week, Google and Apple both made headlines for troublesome accounts of their voice-activated devices listening in inappropriate fashions. The flood of data privacy concerns won't let up, and the public, governments around the world, and other affected parties, including businesses, have had it. What's essential is that we don't move onto the next shiny object of data privacy breaches before addressing the last issue at hand. We can't let another Cambridge Analytica scandal inform our future as a human race, because of neglect by responsible parties.

Take FaceApp, for example. The popularity of the AI-driven photo editing app recently caught the attention of the Democratic National Committee (DNC). Based on security and privacy concerns (FaceApp is owned and operated in Russia), the DNC quickly released an email cautioning campaigns about using the app and advised candidates to remove it from their staffs’ devices.

Although the DNC’s actions may sound extreme, it was a smart move.

Mobile apps increasingly control our lives. But as consumers, we rarely understand the actions app developers take behind the scenes. We have little or no visibility to the data our apps collect, store and share — let alone the entities to whom we’ve agreed to give legal rights and ownership of our proprietary data.

FaceApp isn’t an outlier. It only made headlines because of its overnight popularity, Russian origin, and perpetual ownership of data and photos. But while news outlets are focusing on this particular app, they’re missing the more important story: the need for OS providers (Apple, Google, etc.) to take a more proactive and vigilant role in protecting consumers who use their products.

Mobile apps present serious privacy concerns for consumers

As consumers, we believe privacy is important and our data should be protected. However, OS providers have taken a laissez-faire, Ayn Randian stance on consumer privacy. The prevailing industry mindset is that it’s the consumer’s responsibility to read, understand and ultimately accept the terms and conditions of the apps they download.

But we all know that’s ridiculous. Most consumers lack the time and knowledge to become technology and legal experts relative to Terms of Service (TOS), data and consumer privacy usage.

  • The average smartphone user has more than 80 apps downloaded and utilize, on average, 40 apps per month.
  • It’s estimated less than 25% of users even look at the TOS let alone fully read and comprehend the legalese.
  • The same study estimated that the average user would need to spend 40 minutes every day to read all of the privacy and TOS policies related to the services they use.

A better option is for Google and Apple to become more proactive on behalf of consumers and protect them in two important ways.

The first step involves OS providers working with industry trade organizations to develop a basic consumer bill of rights relative to data and privacy. If a company wants to launch an app inside the OS provider’s store, the default settings of the app must adhere to strict privacy guidelines. These guidelines would include important items such as:

  • Automatic location-sharing is turned off
  • Data collection is limited and all data is wiped from the app company’s servers after a reasonable time period
  • Data sharing with third parties is generally prohibited without user consent
  • Ownership rights of all data, including text, images and videos, belongs exclusively to the user and cannot be used outside of the intended purpose of the app without the express consent of the consumer
  • Users have the ability to wipe their data off the app company’s servers under Settings — at any time, for any reason

In addition to the above default settings, OS providers could develop an acceptance window (rather than 8-10 pages of legalese) that spells out the Terms of Service in plain language. For example, consumers must agree to allow the app to:

  • Track location at all times
  • Listen to and record conversations, and store segments of conversations on its servers for up to 30 days
  • Track and send specific information (e.g., device make and model, mobile OS, IP address, email address, etc.) back to its servers
  • Transfer other app-specific information (e.g., medical conditions for a health app or product searches for retail app) back to the app’s servers
  • Share the data it collects with unidentified third-party companies for the purposes of improved search results, more accurate advertising relevancy or cross-platform identification

Sounds simple, right? It is. And that’s the point. Rather than frustrating consumers’ efforts to actively protect the privacy of the data, Apple and Google could empower consumers to become more knowledgeable about the apps on their devices. More importantly, consumers would gain an opportunity to become more informed about the ways app developers use their data behind the scenes.

Data privacy issues aren’t going away. If anything, they will only multiply as AI and other advanced technologies gain traction in the mobile arena. But despite the sophistication of the technology, the solution for protecting consumers’ data privacy could boil down to a few plain and simple permission-based questions.

And it’s up to mobile OS providers to make it happen.

Shawn Riegsecker is CEO at Centro, a media buying and workflow platform