Since AndroidPIT members Jörg and Andreas first broke the story that the popular Vlingo voice control software was collecting user data far beyond what was specified in their user agreement, the AndroidPIT forums have been in up in arms and it's easy to see why. With smartphones becoming a more integral part of our lives, it's only natural that users would be concerned that a popular voice control app that comes preinstalled on many Samsung devices would be uploading location, phone ID and carrier information unencrypted before users even had a chance to agree to their Vlingo's privacy agreement.
Last night, Vlingo took the time to sit down with AnroidPIT editors and users to discuss our concerns. While Vlingo representatives did their best to address the problems Andres and Jörg uncovered and seemed to be making a good-faith attempt to correct these “bugs”, one couldn't be blamed for thinking that app producers all too often play fast and loose with user privacy.
Bugs In The System
In case you missed it, AndroidPIT users Andreas and Jörg recently took a look a build of the popular Vlingo software on a Samsung Galaxy Note and discovered that the voice control software was collecting user information far beyond the scope of Vlingo privacy agreement and, according to some privacy groups we contacted, this represented a clear violation of European privacy law. To put it bluntly, taking your information and uploading it UNENCRYTED to your own servers + without asking permission to do so = stealing. The accusations leveled against Vlingo included: That Vlingo was collecting user location, phone ID (IMEI) and carrier information before users agreed to the user agreement. That Vlingo was also collecting information from user's contacts and media collections without informing users. That collected information was been uploaded to unencrypted, insecure servers which could easily jeopardize user privacy. That user information was been collected even when the app was inactive.
According to Vlingo, whos software teams spent the last several days attempting to reproduce the behavior AndroidPIT users reported, a synchronization issue was to blame for the overly aggressive data collecting we noticed on the Galaxy Note. When users start-up the Vlingo app, background process automatically fire up that start collecting user data to make Vlingo's voice control software faster and more efficient. But apparently, these processes were poorly designed and continued collecting data even when the app should have been inactive. WOW. Mr. Nguyen stated that Vlingo was previously unaware of this bug and would be taking steps to correct the issue by way of a software update in the coming weeks.
Addressing the accusation that user data was traveling though insecure channels to reach the Vlingo servers, Mr. Nguyen emphasized that Vlingo was moving their data collection system away from an insecure HTTP system to an encrypted system that should help protect user information from prying eyes. I don't know about you guys, but after something like this, it's pretty hard for me to ever imagine installing this app again.
Playing Fast And Loose With User Information
I personally came away from the conversation with Vlingo with the impression that the company was making their best effort to address the privacy concerns raised by AndroidPIT members. At the same time, I found many of their "reasons“ to sound more like excuses, and poor ones at that. However, due to the complex nature of issuing updates for mobile software, they were unable to give us a concrete time line for when they would be able to say that users right to privacy was truly being respected. After similar scandals involving Dolphin Browser HD and HTC, it seems like tech companies the world over are willing to sacrifice user privacy in their mad-dash to get the newest, coolest technology to market. Lucky for Vlingo that it's a free app, or else they could be issuing A LOT of refunds right now.
Of course it would be easy enough to brush off our concerns because, at the end of the day, does it really matter if some company knows what Mp3s you like to listen to on your way to work or what friends you like to call from you Android phone? If companies embrace Google's policy of “not being evil” probably not– but playing fast and loose with user information seems to be the new norm in the mobile community and the culture of “features over privacy” should be of grave concern to modern “web natives” who increasingly rely on the internet to take care of their most basic functions.
Since the Web 2.0 business model took off in the early 2000's our identities have become the new digital oil, so to speak. Targeted advertising is what makes the internet go round and since information about your identity, tastes and habits is what large tech companies by and sell, it's only natural that you would expect to have some say in what online companies are allowed to find out. But all too often many tech companies are willing to forgot necessary due diligence when it comes to protecting their customers right to privacy to beat the competition to market.
Of course, I applaud Vlingo's quick action to address privacy concerns but the privacy “bugs” that the AndroidPIT community discovered seem to be a clear case of the oversight that all too often plagues new digital services. It's come time for consumers to make a stand and demand that companies pay less attention to the bottom line and to take the necessary steps to protect customer's rights to privacy. Honest mistake or not, there is NO excuse for it.