A Wall Street Journal examination in 2010 of 101 popular apps for iPhone and Android phones showed at the time that 56 apps transmitted that device's ID to third parties without the user's knowledge or consent. Forty-seven of the apps sent the phone's location. Five sent age, gender and other personal details. Forty-five of the apps didn't provide privacy policies on their websites or inside the apps.
"The mobile space is just like the Web in the first 10 years or so: It's the wild, wild West where there are a bunch of privacy problems and there is a lack of controls," independent privacy researcher Ashkan Soltani said.
In February, Path and other app makers found themselves embroiled in controversy when a blogger blew the whistle on apps uploading and storing users' address books from their phones without notifying them. The mobile app maker apologized and changed the way its software accesses user data.
The incident was just one in a series of privacy breaches that underscores how vulnerable mobile device users can be. Requiring app makers to have privacy policies "is at least a way to get developers to start thinking about privacy," Soltani said.
He said few consumers are aware of what's happening to their information. Even if they are, they assume that someone is watching out for them.
"If we need to get work done or we need driving directions or we need to connect with our friends, we are just going to do it, and hope that there are privacy protections in the law or that the consumer protection agencies are watching out for us," Soltani said. "And that's in fact not the case."
"We are still in the phase of raising awareness," LeBlanc said. "We don't want to squelch innovation. But there will be a point at which we take significant actions."