Why is it exactly that App Store developers seem to have a common tendency to ignore their users’ rights to privacy? After the Loopt debacle (which most of my readers may not know about, because the app isn’t available outside the U.S.: it basically sent a list of all your contacts to the Loopt servers — with little or no warning — and spammed them all with SMS messages specifying your current location — every single one of your contacts), I now find out that I should probably not have recommended Twinkle to my friends.

Twinkle is a cute, functional and efficient Twitter client for the iPhone (unlike Twitterific, which isn’t really usable in its current state) that hooks into the developer’s private servers to geotag your tweets and display Twitter activity close to your location (which works as advertised, and is cool). It never warns you, however, that your Twitter login and password are being saved on Twinkle’s servers^* (so that tweets can be stored and resubmitted later if Twitter fails — it’s mostly^** well-intentioned, which doesn’t make it okay that a native, local application saves your credentials on a third-party server without asking). Or that your tweets will appear in the Nearby tab even if you set your Twitter account to private (with all that’s happened before, it’s very naive to think Twitter accounts marked as private actually are, but that’s no excuse).

How on earth does a developer launch a 1.0 version on the App Store and think those things are okay? Wouldn’t those people be upset if Firefox saved their banking passwords or personal messages on Mozilla’s servers? It’s exactly the same — especially with people’s propensity to use the same password on everything they log into (not their bank, but e-mail accounts, Paypal, etc.) — except I’d trust Mozilla much more than a little shareware developer (like I trust Google, and maybe I shouldn’t) to store my data with reasonable security.

It’s pretty likely I’m never checking out a Tapulous application again.

^* I posted a comment requesting clarification, but it’s been “awaiting moderation” for several hours and more recent comments have appeared, so I’m taking that as a confirmation.

^** I say “mostly” because their real motivation isn’t so much serving your needs as it is to launch their own social network, Friendfeed-style. Incidentally, Friendfeed works perfectly well without asking for my Twitter password.