SV's dashboard

seau, I believe you've misread dmetzcher's post. He's not disagreeing that it is a privacy issue.

Moving forward, I just noticed a link to Tapulous' privacy statement at the bottom of their website. In it, the following is stated:

"When you launch or interact with a Tapulous application, we collect your device type and IP address. This information is gathered for all users. In addition, we use the unique Device ID (“UUID”) that Apple makes available for each iPhone/iPod touch device in order to authenticate the user session. This UUID functions similarly to a persistent cookie to make it possible to authenticate the user without the need for a password. You can disassociate a UUID from a user account at any time by emailing us at privacy@tapulous.com. You can also do so through a form accessible through the Help button on the login/settings screen in each application."

Fair enough. At least they're being upfront about it, but I think a few improvements are in order.

To the folks at Tapulous:
(a) Include a link to this privacy statement in all of your apps, and most importantly, make it visible. Users need to know that the UUID is the only method of authentication and that it's being collected and used every time a Tapulous app is in use.
(b) That said, is it really so hard to use passwords instead of UUIDs for authentication? I don't believe so.
(c) However, if you really insist on using UUIDs, don't make an e-mail to privacy@tapulous.com the user's only 'get-out-of-jail' card. It's unreliable and subject to delays.

I'm sorry, Tapulous. You make some great apps and I have total respect for the work you put into improving your apps and creating a great environment for your users, but something needs to be done about the practices described in your privacy policy, either by amending them or increasing awareness amongst your users. There are many users out there who take their privacy seriously and would refuse to use your apps unless some or all of the aforementioned changes are made. Considering your apps are free, I'm sure losing users is no real loss to you from a business standpoint, although it's certainly not a nice feeling either way.

Food for thought.

Thanks for the reply, dmetzcher.

Yes, this is a privacy issue on two fronts. One, Tapulous has a database linking device IDs and Twitter/Tapulous accounts. Two, if you eventually sell your iPhone to Joe User, they're going to get a pleasant surprise when they see your Twitter/Tapulous account names the first time they install Twinkle. Oh, and your e-mail address, too.

To the Tapulous devs, if you're reading this and it is indeed true that you're collecting device IDs and linking them to our accounts, I strongly urge you to reconsider this practice.