Developers offered tips on mobile app privacy
Over-communicating, recruiting the right talent and knowing the law are all smart ideas, experts say at conference
IDG News Service - Mobile app developers face a huge challenge in keeping up with the fast-changing landscape of data privacy law. They got some tips Wednesday at a conference devoted to the topic in San Francisco.
The services mobile apps provide, which often draw on location, contact lists and other personal data, are raising more and more questions about how appropriately that data is collected and used. Developers are having to ask themselves: Should I notify people when I collect data? Are certain things off limits legally? Am I protected if I tell my users what data I'm collecting? If so, where should I tell them that?
Those questions and others were debated during a conference on mobile app privacy at the University of California's Hastings College of Law in San Francisco.
"Consumers want convenience, social tools and relevance," said Kevin Trilli, vice president of product at San Francisco-based TRUSTe, which works to help companies safely collect and use customer data. "And privacy is hot now because of the data and behavior interaction that enables these apps," he said.
One piece of advice for developers aiming to keep users happy: Don't be afraid to over-communicate. Displaying clear, friendly, plain-English language within the app whenever it asks for certain types of private information is not a bad idea, said Tim Wyatt, director of security engineering at Lookout, a San Francisco-based mobile security company.
"The question is always, 'Will someone be surprised if they find out we're doing this?' If there's a hint that that's the case, then that's when you need an explicit opt-in feature," he said.
For example, if an app has a feature that automatically uploads photos from a smartphone's camera roll, an artfully designed pop-up box could appear when the user gets to that point in the app, saying, "If you let us do this automatically, it will provide a faster, better user experience for you. Would you like us to do that?" Wyatt said.
Others commended this approach. "Most people may not read a long policy, but if you can put little things in along the way where it's most sensitive, that's good," said TRUSTe's Trilli.
Making these types of notifications appear consistently, while always providing consumers the option to opt-out, is also a good idea, others said.
"The thing people don't like is when things happen behind their back," said Casey Oppenheim, cofounder at Disconnect.me, a startup based in Palo Alto that aims to help consumers understand what's happening with their personal information online. With apps that share content liberally among users' friends, for example, "maybe users won't like it, but if they know about it, if you give users some context about what's happening, you may be surprised what they're willing to accept," Oppenheim said.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Legal White Papers | Webcasts