As I see it, this recent report barely scratches the surface of privacy and security concerns with downloading apps. I fear the report may do more harm than good by creating a false sense of security about these apps simply because the summary statement in the store detailing what data may be gathered and shared matches the app's actual privacy policy. Shouldn't the real concern be whether the download software surrepticiously provides the owner with much more extensive data from and/or, worse yet, an ability to remotely control a device?
The concern is not theoretical. In my own experience downloading "critical security" updates from a respected and widely-used vendor, I've had changes made to my computer that were neither needed or disclosed and when I raised the question with the vendor, the reponse was to laugh at me and my naivety in having trusted them. There is little honor in this business and little repect for the truth or the customer.
Mozilla's commitment to privacy and security is far too unique in this business. It is an important voice in the wilderness. But projects such as this are so niche that I fear the larger battle is already lost. The world needs a bolder Mozilla with a larger vision of the threats we face and the work it will undertake. Instead, I see only the well-intentioned investigator, microscope in hand looking at the weeds. For the sake of all of us, please, be better!
