When you download an app on your smartphone, do you know what types of information that app can gather from your device? Many users expect that apps will only have access to their personal information if granted express permission. However, according to recent New York Times reports, a number of iPhone and Android apps can access and copy users’ personal photos and videos without the person’s express consent. For Apple apps, the user would only have to consent to location-based services in order to open up their personal files to the app developer. For Android apps, the user would have to allow the app to use Internet services.

These concerning reports come just weeks after the discovery that some apps on Apple devices were copying entire address books from user devices, including names, phone numbers, and email address, and uploading them to their own servers without user permission.

Yesterday, Senator Charles Schumer of New York sent a letter to the Federal Trade Commission, asking the agency to consider launching an investigation into this stealthy collection of personal user data by mobile app developers.  He also argued that smartphone makers should be required to put in place data security measures that would ensure third party apps would not be able to access photos or information without user permission.

Consumers Union believes mobile apps should never access or copy personal consumer data without getting the express, informed authorization of the individual. Users’ private photos, videos, and contact lists must remain just that – private. When seeking consumer consent, we strongly urge developers of mobile apps to be transparent and clear about what personal data the app will access on a user’s device and how that data will be used.

However, Consumers Union also urges app platform providers such as Google and Apple to thoroughly screen apps offered to consumers and to monitor their data collection practices. While many of the mobile app practices described in the New York Times reports do indeed violate Apple and Google’s terms of service, the onus must be on these companies to remain vigilant and ensure that their policies are being respected.

The bottom line here is that consumers have absolutely no way of knowing whether these apps are behaving appropriately and no way of protecting themselves against these types of stealthy data collection practices. Platform providers have much more leverage here to persuade app developers to do the right thing.