Jay-Z’s App Highlights Privacy Issues in Collecting Vast Amounts of Smartphone Data
Jay-Z’s new album, Magna Carta… Holy Grail, was released last week after much hype. But if you own a Samsung Galaxy phone, you had the option to get the album for free. Great deal, right? Samsung reportedly paid $5 million for the privilege of providing a million copies to its users, gratis. All a user had to do was be one of the first million users to install an app called Magna Carta, which Samsung had developed, and they’d receive a copy of the album 72 hours before its official release.
In exchange for a chance to get the album for free, the app required several permissions from the user, without clearly explaining for what purposes data was being collected. The Samsung Galaxy runs Google’s Android operating system, which notifies users of specific permissions that each app requires to function. In this case, the app requested several permissions, including the ability to modify or delete USB storage, prevent the phone from sleeping, gain access to location data, obtain full network access, and read the phone’s status and identity, among others. When rapper Killer Mike saw this request list, he took a screen shot of the permissions list and tweeted it with the caption “Naw I’m cool”, later elaborating that he’d just buy the CD because his other apps weren’t as probing.
Killer Mike was right to notice that the Magna Carta app was collecting more information than it required to function. While apps certainly need some permissions in order to effectively operate, in this case some of the permissions requested were clearly unnecessary for proper functioning. For example, it’s not clear why the Magna Carta app would need a user’s location – one of the most sensitive pieces of personal information that a smartphone can collect – in order to work. Given that Samsung was surely confident that millions of users would download the app for a chance to get the album for free, the company was gaining access to a vast amount of location data with ease. While some users might view that as a fair trade, others – like Killer Mike – wouldn’t.
Some argue users have no rights to affirmatively use apps and can merely vote with their feet by not using apps that collect too much information, but in this case it’s difficult to know what information is being collected. Some users might be willing to grant Samsung and Jay-Z access to their data, if there was more clarity regarding the uses and retention periods that the company would institute. CDT has provided best practices for mobile app developers on how to ensure that users understand what data is being collected and for what purposes. By incorporating privacy into the earliest stages of product development, mobile app developers can ensure that user privacy is respected and that data is collected, used, and retained with appropriate limits. By doing so, developers can ensure that they avoid the same problems that Jay-Z and Samsung ran into. No matter how amazing your album is, your fans should at least have a sense of what they’re giving up to hear it.