Castro praised Harris for issuing recommendations instead of suing app developers for privacy violations. But the report makes some bad assumptions about mobile apps, he added in a blog post. The report's authors said advertising is not a part of an app's basic functionality, he said.
"For all of the talk in this report about a 'mobile ecosystem,' the report authors apparently do not seem to clearly understand that this ecosystem depends on revenue," Castro wrote. "Many mobile apps are ad-supported software."
Consumer Watchdog, a group focused on privacy and other consumer issues, praised the report, which provides the first state recommendations on mobile app privacy.
"This is an important step towards taming the Wild West in the mobile world," John Simpson, of Consumer Watchdog's Privacy Project, said in an email. "Significant as it is, however, the key guidelines must be enacted into law with strong enforcement provisions. I call on the legislature to follow Harris' lead and tackle the issue this term."
Steve DelBianco, executive director of e-commerce trade group NetChoice, called the guidelines reasonable, but said the report, if turned into law, would "become a road map to ruin for California's economy and its thousands of cutting-edge companies."
If the report becomes law, it would drive innovative businesses out of California, he said in an email. "If this became a legal requirement, businesses based in California would need to get a privacy permission slip from the state government," he said. "Under an open government privacy approval process, competitors and privacy advocates could see and replicate innovations before they came to market. "
Because of the smaller screens of mobile devices, the report recommended special notifications, such as icons or pop-up notifications, to inform consumers about how personally identifiable information is being collected and shared.
Mobile apps should also use special notices when they collect sensitive information, the report recommended. App developers should also make their privacy policies clear and understandable by using plain language. Some ways to do this is by using layered notices that highlight the most important privacy issues or by using graphics or icons to help users recognize privacy practices and settings, the report said.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.