Why does your Windows Phone 7 app need access to my phone calls?

  • Article

If you’ve been playing around in the Windows Phone 7 marketplace or downloading apps to your shiny new Windows Phone 7 (w00t!), you may have noticed something interesting.  Some applications seem to require a lot more privileges than you’d expect.  Take for example my little game (Zune link, plug) …

image

Why would a little kids’ game need access to my phone calls and my owner identity??  The answer is simple, the Microsoft Advertising SDK’s AdControl is the culprit.  But, why?  

Let’s take a closer look at how this puppy works.  Here is a tremendous FAQ for developers that want to advertise using the AdControl (PDF link).  That FAQ discusses in part how to maximize ad revenue …

image

Basically, the best way to make more money is to give the AdControl more information about the user!  That makes perfect sense as the more the advertiser knows about the user, the more targeted the advertisement is and thus the more valuable.  Let’s check out the AdControl properties

image

BirthDate? Gender? IncomeRange?  Now, I understand why those properties are there.  And, now I understand the warnings:  If the user provides information to the application and the application provides it to the AdControl, that information may be sent to the advertiser.  Furthermore, the application may be providing the advertiser with the location of the user.  (Although it seems that is not indicated until the location API is detected during the certification process.)  But, what about Phone Calls and Web Browser?  Back to the FAQ …

image

A click on an ad might cause the web browser to launch (no shock there) or a call to be dialed (that one was unexpected to me).

But (you might say), my app does not give any information to the AdControl!  Unfortunately, I don’t really see a good way around informing the user.  There is no way to really tell the user “don’t worry, it’s just the AdControl”.  Otherwise, it might be possible for the application to use the AdControl to try and shield the fact that it is otherwise doing something else (nefarious or not) with the information.  Frankly, I think this is going to make advertising applications a harder sell … I think I would rather pay $0.99 and know that the app did not have any access to my identity.  In any event, now you know why.