Mobile security firm Lookout has issued guidelines to help mobile ad providers and app developers standardize privacy practices for app-based mobile ads. According to Lookout Chief Technology Officer Kevin Mahaffey, the guidelines are intended to provide guidance about what constitutes “acceptable behavior” in the mobile ad ecosystem, and to “fix this problem before it gets so big that it needs regulation.”
Among other things, Lookout’s guidelines suggest that ad providers should:
- work toward a cross-provider, persistent opt-out mechanism for both mobile web and mobile app advertising;
- gain consent and provide attribution for ads delivered outside the context of an individual app, including opt-in consent for ads that modify browser or home-screen settings or that incorporate touch-to-call capability;
- avoid collecting device identifiers that are tied to mobile subscriber IDs unless necessary to provide a service or feature;
- gain user consent before accessing personal information like name, phone number, e-mail address, contacts, browser history, or fine-grained location information.
These new industry guidelines are part of a broader movement to develop best practices for privacy in mobile space. The National Telecommunications & Information Administration will hold its first privacy multistakeholder meeting tomorrow to begin developing a code of conduct for mobile app transparency. The California Attorney General’s Office and the California Office of Privacy Protection are also convening an advisory group to develop best practices for mobile privacy generally and mobile privacy policies in particular.