Absolutely shocking iPhone privacy holes

Following on the heels of the Writing for the City Brights blog, Yobie Benjamin pens a very damning attack against the iPhone from a privacy advocate standpoint. His article is an easy read even for those relatively unfamiliar with concepts such as cookies.

The single most horrifying thing I have yet to read about Apple or the iPhone, however, is summed up by this quote from the article:

I know what these tracking tools can enable iPhone developers and it’s pretty powerful and devious. If you’re privacy advocate, it’s bad. It’s really very bad.

Why is it bad?

For the most part, if you like your privacy – there is no opt-out feature unless you have a jailbroken/unlocked (more later on this) iPhone.

Combine this with the fact that jailbreaking is something Apple really doesn’t want you to do (from their point of view, the iPhone still technically belongs to them in a way because of the OS on it, another reason to condemn the use of the misleading and loaded term “intellectual property”), and all of a sudden, Apple doesn’t look a whole lot better than many other large corporations when it comes to concern for the privacy of their customers.

Yobie goes on to give a specific example using TwitterFon in which the iPhone’s UDID (serial number) is sent no less than three times to three different places. And unless one is willing to roll the dice and jailbreak one’s iPhone, there is no way to opt-out of this.

There is no “privacy” menu on a standard iPhone; this is something added by those who made the jailbreaking programs. The single most responsible thing Apple can do to regain some of my respect–and the respect of just about anyone with any significant concerns about their privacy–is add this option to the stock iPhone OS.

I’d like to think Apple hasn’t grown too big to give a damn. Especially in light of the fact Apple charges a premium for their hardware and software, I think Apple should be held to a higher standard than most similar companies. Not surprisingly, I think they have fallen far short of it.

Palm’s leaking mobile phone miscue

Matt Hartley writing for Lockergnome reports on a disturbing privacy problem with the Palm Pre, citing a BBC story. The detail of data being sent back to Palm is rather alarming, including user location, application usage patterns, and a list of applications installed on the phone.

Palm’s PR department, of course, responds with more spin than a Steve Mizerak masse shot. Quoting the BBC article:

Palm issued a statement about Mr Hess’ discovery and said it “offers users ways to turn data collecting services on and off”.

It added: “Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer’s information, all toward a goal of offering a great user experience.”

“We appreciate the trust that users give us with their information, and have no intention to violate that trust,” said Palm.

Excuse me Palm, but I really think you just did exactly that. I would be willing to bet it has been intentionally made difficult to turn off the “data collecting services” you refer to.

It’s inexcusable to leak that kind of detailed data and bury it under some kind of legalese “privacy policy.” How about being honest about this and telling the user, in plain English, you’re going to do this the first time the phone is turned on?

And we wonder why Palm nearly went bankrupt. Wonder no more. At least now we know this time they’re going to sink for a good reason.