April 2, 2010
Web and mobile apps come under review on new Stanford site
By Adam Gorlick
About to download a new application to your smartphone? Ready to play a game on Facebook that requires you to join a network? All you have to do is share a little bit of personal information, trust the systems are secure, and you're on your way.
But before you enter your password or click the box allowing access to your profile, there's probably a moment of wonder: Who wants to know these things, and why?
M. Ryan Calo, a residential fellow at Stanford Law School's Center for Internet and Society, has helped design a website to erase some of that mystery. WhatApp?, officially launched this month at http://www.whatapp.org, reviews web and mobile apps for privacy, security and openness.
The goal is to help guard against computer hacking, identity theft, spam and phishing.
The reviews, now being written by a team of about 15 lawyers, computer scientists, and privacy and security experts from Stanford and other institutions, are about to become the responsibility of those who visit the site. Think Consumer Reports blended with Wikipedia and Yelp, but focused on the narrow issue of Internet security and privacy.
"People are going online to opine about the security and privacy of apps all the time," Calo said. "But none of that discussion is centralized. What we're trying to say is that if you're doing it already, come and do it here."
The site also reviews web browsers like Firefox and Safari, social networks including Twitter and Facebook and the mobile platforms that run them Apple's iPhone, Windows Mobile and Google's Android.
More than 200 apps are listed on the website now, and dozens have been reviewed. Calo expects those numbers to grow quickly as users begin adding their evaluations and start requesting reviews on specific apps.
Visitors will have the chance to register as "expert reviewers" and create public profiles that list their credentials. Calo and his team will verify that new reviewers are who they claim to be, but will leave it to the What App? community to size up the experts and even rebut their claims.
"The idea is not to be exclusive and create a club," Calo said. "If you know something or have an opinion about how good or bad an app's privacy is, feel free to weigh in."
Reviewers will be asked to rate an app based on several questions, some of which can be answered after a careful study of an application's privacy and security policy the small print of the app world.
The reviews come in the form of written comments and badges that award applications up to five green bars for privacy, security and openness. Wikis accompany the reviews to summarize what the app does, and the site immediately serves up a list of links to news stories about an app's privacy and security issues.
The site also allows app developers to sign in and write notes about the privacy and security of their creations. Again, Calo says the reviewers and other site users will help keep those claims honest.
"The entire point is to drive the application market toward better privacy and security practices by rewarding those who do a good job and penalizing those who don't," Calo said. "Privacy is about having control over information that pertains to you. I think we're rapidly losing that control, and this is a way to monitor what's being done with information being collected."
WhatApp? is funded by a grant from the Rose Foundation.