![]() Sensitive information about you gets shipped off to all sorts of other companies whose code is tucked into that app, too. This means when you open up an app, you’re not just dealing with the company that made it. “That’s dangerous, because if you’re blindly just pulling in any library and you don’t know what it’s doing, you’re putting your users at risk.” “We’re at this state now where a lot of developers are pulling in code that they couldn't even explain how it works-they just know the end result,” says Patrick Jackson, Disconnect’s chief technology officer. An app-maker that wants to add a new feature-a chat function, say-may just choose one based on recommendations on an online forum without thinking too hard about what the new code will do with users’ data. On the other hand, the hodgepodge of various people’s code in any one app invites privacy perils. Instead, a developer will usually rely on code from a trusted company for these difficult jobs. Unless it's a cryptography expert, it's liable to make a mistake that would leave your data vulnerable to hackers. On one hand, you wouldn’t want every last app developer to try making the most complex or sensitive parts of a program on its own-like, say, the tools that encrypt personal information before sending it off over the internet. “Novice and professional programmers alike by necessity only focus on a tiny fraction of the code in the final products they create-far less than 1 percent,” says Cynthia Lee, a Stanford computer science lecturer.įor consumers worried about their data, that's both good and bad. ![]() Making an app without these tools would be like building a house by first mining clay for bricks or felling lumber for beams. These software tools, which are usually licensed for a fee or at no charge, enable developers to run ads in their app, figure out who’s downloading it, and know when it crashes. SDKs and code libraries allow an app-maker to offer basic functions, like a login page or notifications, without having to cook them up anew. Rather than designing every element from scratch, developers spend much of their time assembling bits of code written by other people. Making an app is a lot like putting together a Lego set. Last year, an investigation from Upstream, a mobile security company, found that Elephant Data’s code secretly recruited consumers’ phones into a scheme that jacked up their phone bills and contributed to the tens of billions of dollars digital ad networks lose to fraud every year. Proposals like Elephant's often come from companies trying to collect user data for advertising, which could not be more at odds with Disconnect's mission.Īs it turns out, what Elephant was doing was much worse. It develops apps and research that promote digital privacy-and occasionally collaborates with Consumer Reports on security investigations. Thousands of dollars a month is a tidy sum for a small app company, but Disconnect turned down the offer. All Disconnect had to do was to add a few lines of code into its apps. ![]() A couple of years ago, Disconnect, a small tech company in San Francisco, was approached with an enticing offer: For every 100,000 people who used Disconnect’s apps, a company called Elephant Data promised to pay it $1,000 a month. ![]()
0 Comments
Leave a Reply. |