Skip the navigation

Developers offered tips on mobile app privacy

Over-communicating, recruiting the right talent and knowing the law are all smart ideas, experts say at conference

By Zach Miners
April 11, 2013 06:15 AM ET

IDG News Service - Mobile app developers face a huge challenge in keeping up with the fast-changing landscape of data privacy law. They got some tips Wednesday at a conference devoted to the topic in San Francisco.

The services mobile apps provide, which often draw on location, contact lists and other personal data, are raising more and more questions about how appropriately that data is collected and used. Developers are having to ask themselves: Should I notify people when I collect data? Are certain things off limits legally? Am I protected if I tell my users what data I'm collecting? If so, where should I tell them that?

Those questions and others were debated during a conference on mobile app privacy at the University of California's Hastings College of Law in San Francisco.

"Consumers want convenience, social tools and relevance," said Kevin Trilli, vice president of product at San Francisco-based TRUSTe, which works to help companies safely collect and use customer data. "And privacy is hot now because of the data and behavior interaction that enables these apps," he said.

And it's not just smaller, new entrants facing these questions. Delta Airlines is in the midst of a lawsuit for allegedly failing to comply with a California law requiring websites and online services, including mobile and social apps, that collect personally identifiable information to clearly post a privacy policy.

One piece of advice for developers aiming to keep users happy: Don't be afraid to over-communicate. Displaying clear, friendly, plain-English language within the app whenever it asks for certain types of private information is not a bad idea, said Tim Wyatt, director of security engineering at Lookout, a San Francisco-based mobile security company.

"The question is always, 'Will someone be surprised if they find out we're doing this?' If there's a hint that that's the case, then that's when you need an explicit opt-in feature," he said.

For example, if an app has a feature that automatically uploads photos from a smartphone's camera roll, an artfully designed pop-up box could appear when the user gets to that point in the app, saying, "If you let us do this automatically, it will provide a faster, better user experience for you. Would you like us to do that?" Wyatt said.

Others commended this approach. "Most people may not read a long policy, but if you can put little things in along the way where it's most sensitive, that's good," said TRUSTe's Trilli.

Making these types of notifications appear consistently, while always providing consumers the option to opt-out, is also a good idea, others said.

"The thing people don't like is when things happen behind their back," said Casey Oppenheim, cofounder at, a startup based in Palo Alto that aims to help consumers understand what's happening with their personal information online. With apps that share content liberally among users' friends, for example, "maybe users won't like it, but if they know about it, if you give users some context about what's happening, you may be surprised what they're willing to accept," Oppenheim said.

Reprinted with permission from Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies