User Privacy: Seven Ways App Developers Can Protect It

With the unprecedented growth of the app ecosystem, user privacy is becoming more and more of a hot button issue, especially when that privacy is violated. For many users, finding and downloading a new app is something that has become almost second-nature; we browse our favorite app stores, we find an app that looks promising, we download it. Done. However, while it’s certainly a good thing that users are becoming accustomed to apps, it’s also bringing up to the surface privacy problems that need to be addressed before this ecosystem – as beautiful and thriving as it certainly is – gets out of control.

The problem

Even though most people realize that many apps and social networking services do indeed gather personal information – location, names, addresses, etc. – users still value their privacy very highly, and want a reasonable amount of control over how that data is collected, used, and shared. Even though a lot of information gathering is definitely becoming standard in the industry, it’s disrespectful to the user to make this the default state of affairs within the app experience. Users are worthy of developers’ respect, and to that end, there need to be safety measures in place within an app itself that protect their data.

While the process of gathering information within an app is certainly becoming commonplace, there have got to be privacy guidelines in place to make sure that nothing is shared or collected that shouldn’t be. It’s easy to focus on just getting the product out to market and keeping up with innovation, and there’s definitely nothing wrong with either of those things. However, developers also need checks and balances at every stage of development to make sure that privacy rights are not being violated.

How much is collected?

The rapid increase in growth of the app ecosystem has made the line between what users expect from apps and what they will actually tolerate in terms of data collection somewhat blurred. What’s acceptable to one user is not to another. In addition, we expect that our app experience does rely at least in part on how much of our data is being used to personalize it. The conflict lies between these two points: how much data are users comfortable giving to their favorite apps, and how much of this data do these same users expect to remain protected? It’s a fine line that is being kicked at on a regular basis, especially as we become a more interconnected society. A privacy policy is obviously needed.

A framework for privacy

Privacy policies need to be basically “baked in” to an app; in other words, privacy shouldn’t be an afterthought. Providing a privacy policy is certainly a good start but it doesn’t necessarily safeguard user data the way it needs to be.

Last February, the White House released a lengthy (45+ pages, PDF) treatise titled “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy”.  If you’re an app developer looking to get a good overview of how user privacy should be protected within software applications, this is a good one to read. According to the paper, there are seven basic rights that users have within apps in regards to privacy:

Individual Control. “Consumers have a basic right to exercise control over what personal data companies collect and how they use it.” Users need to know what is being collected and how it’s going to be used. This should be something that is easily accessible by the user; in fact, it should be as easy to give consent as it is to withdraw. For example, if I tell you it’s okay for you to use my location, it should be just as easy for me to tell you NOT to use it.

 

Transparency. “Consumers have a right to easily understandable and accessible information about privacy and security practices.” It should be clear what data the app actually intends to access, along with how long this data will be kept and who it will potentially be shared with. In addition, all privacy policies should be available to users both before and after initial app installation.

 

Respect for Context. “Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.” The specific set of data ths is found on mobile devices, tablets, and convertibles/PCs – address books, photo collections, location data, information from phone calls, text messages, etc. – is all a wide set of data that could potentially be used for many different purposes. Developers are responsible to notify users of possible collection of this data, as well as exactly what the information is going to be used for, and where. There should also be significant effort aimed at making this information as anonymous as possible while still accomplishing maximum functionality within the app.

 

Security. “Consumers have a right to secure and responsible handling of personal data.” All this data that users are sharing with the app is the responsibility of the developer to keep safe. It should be encrypted and protected when being used, collected, shared, or transported.

 

Access and Accuracy. “Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.” Information should be used appropriately or out of context. For example, if the privacy policy says that address books are going to be used to find friends with the same interests, than this same information shouldn’t be used in a PPC affiliate network. All information that is potentially going to be used for another use than has originally been given permission for needs to have another layer of opt-in from the user.

 

Focused Collection. “Consumers have a right to reasonable limits on the personal data that companies collect and retain.” We know that it’s important to have some information collected as part of the personalization process; this is something that users expect and it definitely improves the overall user experience. However, there should be a reasonable expectation of how much information is actually collected.

 

Accountability. “Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.” Users do have rights to privacy and developers should be respectful of these rights. Consumers also have the right to hold developers accountable for the privacy policies that they integrate in apps; in other words, if developers post that they are not going to use user information in third-party advertising networks – but go ahead and do so otherwise – than users have a legitimate bone to pick.

 

Privacy as a right

 

The app ecosystem is growing at leaps and bounds, and shows no signs of stopping anytime soon. It’s a great time to be a developer! Along with this fantastic growth comes a rising concern about privacy, especially in regards to data collection. Developers should be mindful of the different privacy pitfalls that are possible, and strive to make their apps as secure and as respectful to users as possible.

 

If you’re a developer, how have you implemented privacy within your apps? What do you think is something that more apps should be doing (or not be doing) in regards to privacy? Share with us in the comments.

 

Para obtener más información sobre las optimizaciones del compilador, consulte el aviso sobre la optimización.