This paper first provides a background discussion of the rapidly developing mobile app industry. It discusses the market for apps, the key players in the industry, and focuses on the privacy and security implications of mobile apps. The paper next examines the roles of key United States regulators of app privacy, as well as current relevant legislation and litigation. We next explore non-U.S. legal frameworks for app privacy. Lastly, we analyze new directions for app privacy propounded by privacy advocates and NGOs.
A. Cell Phone Data as Intrinsic to “Self-Expression” or “Self-Identification”
In 2010, the Supreme Court noted in City of Ontario. California v. Quon, that “cell phone and text message communications are so pervasive that some persons may consider them to be essential means or necessary instruments for self-expression, even self-identification. That might strengthen the case for an expectation of privacy.” Like the Supreme Court, lower courts have also recognized the “power of technology to shrink the realm of guaranteed privacy,” and thus, in August 2011, District Judge Nicholas Garaufis carved out a new constitutional privacy right protecting historical cell phone location data.
The court found that a search warrant was required for the government to obtain cell tower location data even though the Stored Communications Act treats such subscriber information as “mere” transactional data, and even though the “third party doctrine” would previously have been applied to defeat a cell phone user’s reasonable expectation of privacy in such data (thereby extinguishing constitutional protection). Judge Garaufis opined:
“In changing existing Fourth Amendment doctrine in order to accommodate changes in technology, the [Supreme] Court noted that “[t]o read the Constitution more narrowly is to ignore the vital role that the public telephone has come to play in private communication.” . . . The cell phone has replaced the public telephone to near extinction; yet, to date Fourth Amendment doctrine has not developed to embrace the vital role the cell phone has come to play in private communication and the new Fourth Amendment challenges in creates.”
B. What Is an “App”?
For the purposes of this paper, the term “app” refers to an application designed for use on a smartphone or tablet. Today, most apps are designed for, and distributed through, an app store that serves a particular mobile operating system. These are known as native apps, and are designed to run on a single platform or operating system. The market for native mobile applications has exploded in the three years since Apple launched its App Store and is expected to continue its rapid growth in the short term. One industry report estimates that apps generated $6.8 billion in 2010, and that the market will grow to $25 billion by 2015.
Alternatively, apps can be designed using HTML5 and accessed on smartphones’ web browsers. HTML5 is the fifth revision of the language that supports most Internet content, and is still under development—though parts of it are supported by many browsers already (including mobile browsers). Among other things, it supports the development of web pages that operate in ways similar to native apps. Unlike native apps, these web apps are available through any mobile browser. Some predict that HTML5-based apps will eventually replace native apps, since they have a greater potential to operate across many platforms and are not subject to the requirements and fees of the various app stores.
Currently, limits to high-speed wireless data coverage, the cost of extra bandwidth, and the unfinished standardization process mitigate these competitive advantages, but Facebook is reportedly working on an HTML5-driven app distribution platform to compete with Google and Apple’s stores. The launch of Facebook’s app store is expected sometime this summer, and could represent a serious upheaval in the mobile app space.
To receive a copy of the full paper, please contact Jonathan Yonce (jyonce@sidley.com).