Several organizations have released best practices and a bill of rights on privacy as connected with users of applications on mobile devices — cellphones, tablets, etc. The Electronic Frontier Foundation has released a “Mobile User Privacy Bill of Rights“:
Mobile smartphone apps represent a powerful technology that will only become more important in the years to come. But the unique advantages of the smartphone as a platform—a device that’s always on and connected, with access to real world information like user location or camera and microphone input—also raise privacy challenges. And given the sensitivity of the data that many consumers store on their phones, the stakes are even higher for manufacturers, carriers, app developers, and mobile ad networks to respect user privacy in order to earn and retain the ever-important trust of the public.
Fortunately, frameworks exist for understanding the privacy rights and expectations of the users. The following guide of best practices pulls from documents like EFF’s Bill of Privacy Rights for Social Network Users and the recently released White House white paper “Consumer Data Privacy in a Networked World” to set a baseline for what mobile industry players must do to respect user privacy. […]
A mobile user bill of rights
Developers need to create applications that respect these rights.
- Individual control: Users have a right to exercise control over what personal data applications collect about them and how they use it. Although some access control exists at the operating system level in smart phones, developers should seek to empower users even when it’s not technically or legally required by the platform.The right to individual control also includes the ability to remove consent and withdraw that data from application servers. The White House white paper puts it well: “Companies should provide means of with drawing consent that are on equal footing with ways they obtain consent. For example, if consumers grant consent through a single action on their computers, they should be able to withdraw consent in a similar fashion.”
- Focused data collection: In addition to standard best practices for online service providers, app developers need to be especially careful about concerns unique to mobile devices. Address book information and photo collections have already been the subject of major privacy stories and user backlash.Other especially sensitive areas include location data, and the contents and metadata from phone calls and text messages. Developers of mobile applications should only collect the minimum amount required to provide the service, with an eye towards ways to archive the functionality while anonymizing personal information.
The full list of privacy rights for mobile apps users is available at EFF.
The Future of Privacy Forum and the Center for Democracy and Technology have released “Best Practices for Mobile Application Developers” (pdf). Here’s the introduction:
“Mobile applications” – software programs for mobile device operating systems (such as Android, Blackberry OS, iOS, or Windows Phone OS) – can collect, use, and transfer users’ personal information from a mobile device. As the mobile app developer, you are responsible for thinking about privacy at all stages of your app’s life cycle.
Mobile apps are at the forefront of current consumer privacy concerns. High profile media attention1 and a series of class action lawsuits2 have prompted close scrutiny of app developer data practices from federal and state regulators.3 As a result, the U.S. the Federal Trade Commission (FTC)4 is actively enforcing consumer privacy rights against application developers that surreptitiously access or misuse user data.5
Although other actors in the mobile ecosystem may also have access to personal information – including OS developers, device manufacturers, app store platforms, service providers, and advertisers – as the app developer, you are often in the best position to provide notice and disclosure due to the end-user.6 However, limitations inherent in current mobile architecture can sometimes make it difficult for developers to adequately inform users of data collection, use, and sharing practices.
The guidelines set forth in this document are intended to serve as a road map for you, the mobile app developer, to build privacy into your apps, better inform and empower end-users, and foster trust and confidence in the mobile app ecosystem.7