Palm Pre users watch out. Palm may know a lot more about you than you would like to share.
Programmer Joey Hess found that Palm Pre’s operating system webOS sends his GPS location back to Palm every day. Hess also found code that sends Palm data on which webOS apps he has used each day, and for how long he used each one.
“I was surprised by this,” Hess, who bought the Pre about a month ago, told Wired.com. “I had location services turned off though I had GPS still on because I wanted it to geotag photos. Still I didn’t expect Palm to collect this level of information.”
In its defense, Palm says the data is used to offer better results to users. For instance, when location-based services are used, the Pre collects information to give users relevant local results in Google Maps, says Palm.
“Palm takes privacy very seriously and offers users ways to turn data collecting services on and off,” says Palm in a statement. ”Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer’s information, all toward a goal of offering a great user experience.”
Palm’s actions trigger questions about consumer privacy and the extent to which handset makers and developers are gathering and using data about buyers’ behavior. In this case, some of the concerns may be overblown, says Charles Golvin, an analyst with Forrester Research.
Golvin cites Sun CEO Scott McNealy, who said in 1999: “You have zero privacy. Get over it.” Says Golvin, “While that is certainly overstated, it is also true. Consumers, in general are concerned about privacy but look at the number of people who are willing to give up every detail of their personal lives for the opportunity to win a big screen TV.”
Palm launched the Palm Pre on June 7 exclusively on the Sprint wireless network. Despite some criticism around its battery life and display, consumers have appreciated the phone’s sleek hardware and the webOS operating system. Palm built webOS from scratch for the Pre.
Hess says he stumbled on to the privacy problem while trying to find a fix for another issue. “I bought the Touchstone (wireless) charger and found that the screen stays on all the time when the phone is on it,” says Hess. “That was keeping me up at night so I started looking around to find a fix .”
Instead Hess, who works as an embedded systems developer, stumbled into the code that showed how the webOS collects data.
As with most phones and computers, the Pre reports back to Palm with data when an application crashes. But where Palm may have erred is in how it discloses to Pre users that it is collecting this information.
“Palm says users have settings in their phone to turn this off,” says Hess. “But, as far as I can see, I haven’t been able to do that.”
Individual apps on the iPhone, for instance, often check in with users asking for permission to use location. The iPhone itself has a setting that allows users to turn location services on or off. For Palm lack of full and clear disclosure may be the problem.
“The question here is the level of granularity when it comes to seeking permission,” says Golvin. ” If the permission on part of the user is overarching, which seems to be the case with the Palm Pre, then it is a rather crude way of doing things.”
Palm, so far, is yet to respond to user concerns. The company is yet to spell out clearly how users can opt out of this data-sharing service. It has also not disclosed if it is sharing the information it collects with Sprint or other third parties.
Meanwhile, Hess is still waiting to hear from Palm. Palm hasn’t gotten in touch with him since he highlighted the problem.
See Also:
Photo: Jim Merithew/Wired.com
