Jay Z might have the hottest album and mobile app on the market right now, but the flip side of his success includes claims of consumer privacy invasion by the Magna Carta app, sparking an investigation by a U.S. government agency.
Samsung Electronics and, to some extent, Jay Z learned a painful lesson over the past several weeks as fans, reviewers and consumer advocacy groups objected to the app, created to give away 1 million copies of the rapper’s latest album, Magna Carta . . . Holy Grail.
The app generated a maelstrom of malcontent after rapper Killer Mike tweeted a photo of the app requesting permission to access his personal data — including his precise geographic location — and who he’s calling, his friends’ email addresses and social media user names, among other things. After reading the list, Killer Mike declined to install the app, which would have given him a free copy of the $15 album five days ahead of its official release. The app also prompted users to tweet or put up a Facebook post for each of the album’s 16 tracks.
The New York Times and the Washington Post also weighed in with negative reviews. On July 14, the Electronic Privacy Information Center (EPIC) filed a complaint with the U.S. Federal Trade Commission (FTC) requesting that the agency force Samsung to erase the data it collected on the grounds that the data had little to do with the app’s function, claiming the company failed to disclose how it would use the information.
Samsung said the complaint was “baseless.” “Any information obtained through the application download process was purely for customer verification purposes, app functionality purposes and for marketing communications, but only if the customer requests to receive those marketing communications,” the company said in a statement. “Our permissions are in line with other apps’ standard permissions.”
Just the same, Samsung and Jay Z both had their credibility and trust called into question in the process, according to privacy experts and music executives who spoke with Billboard on the subject.
“It’s a little tainted,” says Dick Wingate, principal at digital consultants DEV Advisors in New York.
To be sure, the Samsung app’s requests were not unusual compared to other applications. Many require access to social friends lists when using Facebook Connect and Twitter to sign in. Map services gather precise locations to provide directions. And preventing the phone from sleeping is desirable when music is playing.
So why the hue and cry? It turns out that, while the app may not have violated criminal laws, it did violate a number of app design principles regarding privacy.
“People want transparency and control, but they want it on their own terms,” says Ilana Westerman, who has studied people’s attitudes toward privacy for more than five years as a principal with Create With Context. Those principles revolve around the context of the app, the benefits of providing data and the expectations of anonymity, among other things, Westerman says.
“People need to see a clear connection between providing information and the benefits they receive,” she says. “Consumers are most sensitive when it comes to their identities and their contact lists. Even when there is a benefit, giving away that data still feels creepy.”
Last year, 57% of Americans uninstalled an app or avoided installing an app because of privacy concerns, according to a Pew Research Center poll. “Cellphones have become repositories of our digital lives,” Pew senior researcher Mary Madden said.
Even with full disclosure, most people don’t read privacy statements, especially on the smaller screens of mobile devices, Madden said.
Recognizing this problem, the FTC published a white paper in February titled “Mobile Privacy Disclosures,” calling on app developers to design easy-to-understand visual cues and “just-in-time” disclosures that tell users what’s being gathered at the time it’s being collected, rather than hit users with a densely packed blanket statement in fine print as the app is downloaded.