Tango app missteps, downloads all your contacts without consent

With the increasing count of native applications – those with special blessing from Microsoft to use C++ and private APIs – showing up in the Windows Phone Marketplace, I’ve been as increasingly focused on ensuring my privacy is kept intact. Tango, a Skype-like video calling startup, recently released an application for Windows Phone and it’s one of those native applications. It has a simplistic UI, unlike Skype’s dumpster fire on the desktop, and is super fast thanks to it’s native access. But all that aside, I want to focus on privacy issue that I discovered.

Tango "Create Account" and "Edit Account" views.

Figure Uno – Screenshots of the Create Account and Edit Account views in Tango.

When I downloaded and installed Tango, I was presented with the Create Account screen (figure 1, left). I provided the usual amount of information, agreed to some terms set forth, and tap the Save button. Logged in and ready to go, I receive a call. Bringgg ringg ringgg! That’s nice… wait, what just happened here?

I was surprised to discover that tapping on Contacts revealed my entire contact list with Tango presence data intertwined. In my case, someone had discovered I was online and tried to make a call. Did I miss a consent somewhere? (Answer: No.)

I read over the Terms of Use that I agreed to at startup, admittedly after agreeing to them, and the word “contacts” is missing completely. (I assume these are the latest because the latest privacy policy link is broken.) No where in the terms does it mention a privacy policy (for Tango) but at the very bottom of the webpage itself, there’s some itty bitty text – yep, Privacy Policy.

Tango’s Privacy Policy specifically calls out the information they collect, which is excellent. But it fails to accurately portray how the phone retrieves consent and gathers this data in the real world, which is a huge no-no. They state (emphasis mine):

In addition, when you install the Service on your device and register with Tango, you will be asked to allow us access to your address book. If you consent, we will have access to contact information in your address book on the devices you use for the Service (names, numbers and emails, but not notes or other personal information in your address book). If you consent separately to the storage of this contact information, we will store it on our servers and use it to help you use the Service, for example, by synchronizing your Tango contacts between different devices you may want to use with the Service. If you do not want Tango to store this information, you may opt-out through your account settings at any time. However we may not be able to offer some of the features that require this information.

After installing the client on my test phones, I was never asked to give Tango access to my address book. Nor was I separately asked if I wanted Tango to store this information on their servers. They do, to be fair, have a slider that shuts off the flow of contacts to their servers – but at this point, it’s too late. And it’s on by default (figure 1, right). Fortunately, the policy explains you can undo this mess by emailing them (privacy@tango.me):

You can remove your data anytime you want. If you ask us to delete your account, we will use commercially reasonable efforts to remove your data from our servers.

Any personally identifiable information you submit on a blog, bulletin board or chat room on our website or elsewhere can be viewed and used by others, including to send you unsolicited messages or to commit identity theft. Tango is not responsible for any misuse of your information that might result from your disclosure of information in these forums or elsewhere.

I sent them an email, which landed me in a support queue, which is fair enough. I haven’t made my way through it yet but I suspect it’ll be rather painless.

Now to work on decrypting its XMPP-TLS traffic so I can peek inside…

Update 11/11/11 (4:04pm): Tango support responded to my deletion inquiry and noted that turning off the Save Address Book feature wipes your data off their server. Handy tip.

When you disable the 'Save Address Book' option in your Tango profile, that actually will dynamically delete your address book from the server so in the future you don't need to have the account removed. Please let me know if I can be of further assistance.