Lately I've been working on an iOS app that has strong local functinality but also backs up user data automatically, and for the sake of user convenience it doesn't seem sensible to make the user go through a registration process (so I just use UDID, no storing age, name, or location--just UDID). The data is used on the server side for machine learning and recommendation generation, as well as product improvement down the line. For example (and this isn't the actual app), you can imagine an app called iBookie that lets you store debts, interest rates, and days past due. The iPhone can calculate amount owed, set up payment reminders, etc, but it can also use a cloud service to calculate likelihood of payment with data collected from other iBookie users. Something like that.

I know that for web apps this kind of use of customer data is far more acceptable, or perhaps expected on the part of customers. I can imagine that if this kind of data transmission were ever "discovered" by customer advocacy groups, it could cause a kind of privacy firestorm. So, both ethically and legally:

1) Can carefully worded EULAs and Privacy Policies make this permissible? What are the resources available to craft or find pre-written agreements of this nature? 2) Should the user be given some kind of explicit prompt about this kind of backup, and might this bias data for cloud analysis? Or 3) Is it simply okay to back up the data provided that it isn't shared with advertisers and sensitive, identifying data are not stored? Maybe, say, as a necessary prerequisite for the app to function as advertised.