• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Designing for privacy in mobile applications
 

Designing for privacy in mobile applications

on

  • 2,578 views

 

Statistics

Views

Total Views
2,578
Views on SlideShare
1,521
Embed Views
1,057

Actions

Likes
4
Downloads
30
Comments
0

6 Embeds 1,057

http://developer.vodafone.com 1046
http://translate.googleusercontent.com 7
http://devportalsit.vfnet.de 1
http://localhost 1
http://202.191.128.227 1
http://202.191.128.218 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • SOLUCION

Designing for privacy in mobile applications Designing for privacy in mobile applications Presentation Transcript

  • ?
  • Designing for Privacy in Mobile ApplicationsGuidelines for Vodafone application developers
    18 July 2011
  • Introduction
  • What is privacy?
    Keep in mind that the guidelines here form part of our Developer Agreement, so you’re bound to comply with them when you participate in our programme.
    The guidelines here are intended to help you ensure that your applications don’t violate your users’ privacy. But what does that mean?
    Privacy means different things to different people in different contexts, but, when we use it here, we mean making sure that, when your application collects and uses personal information, it does it in ways that meet users’ expectations and gives them proper control, and it doesn’t disturb them or behave intrusively.
  • What is personal information?
    Personal information is personal information no matter how it’s collected. For example, you could:
    Ask your user for it directly (for example, in a registration flow).
    Collect it directly from your user’s handset (for example, a unique identifier like IMSI, MSISDN or EEID).
    Infer it indirectly, like when you profile or segment users based on their observed behaviours or locations.
    Collect it when it’s generated by the user (for example, tweets, status updates and other user-generated content, such as photos).
    But there is not necessarily a privacy problem because your application collects and uses personal information – that’s what the guidelines below are intended to help you determine.
    There are lots of legal definitions we could throw in here, but we’ll try to keep it simple: if information relating to an individual could identify, locate or enable you to contact them, then it’s personal information.
    But that individual doesn’t need to be identified by name, for example, or by phone number. A name or a phone number are each personal information, but not the only examples. A user is identified (and could be contacted or located) even when you’ve only associated them with an anonymised (or, really, pseudonymised) unique identifier if it persists over multiple sessions.
  • Why should I care?
    Some other important expressions
    What happens if your application does have a privacy problem? In a worst-case scenario, a regulator or consumer protection authority might investigate you for a legal or regulatory violation – which might cause you to have to pull your application, pay fines or even face criminal penalties. A privacy problem with your application will also likely lead to unhappy consumers and bad ratings, or you might find yourself being “named and shamed” by a privacy advocate – many of them are paying particular attention in this space and are actively engaged. Of course, if your application is identified by our testing or reported by your users as violating privacy, it goes without saying that we will not approve your application or we’ll pull it from our platforms.
    When we talk about applications needing active consent, we mean an affirmative indication of agreement by the user to a specific and notified use of their personal information. Active consent can typically be captured by ticking a consent box or clicking an ‘OK’/‘Allow’ button. Active consent must be captured in a way so that consent is not the default option (for example, if there’s an ‘I Accept’ tick box, it should not be pre-ticked so that consent is bundled in with agreeing to install).
    When we refer to location information, we mean any information that identifies the geographical location of a user’s device, including Cell ID, GPS, Wi-Fi, or other, less granular, information, such as town or region.
  • Index
    Guidelines for all applications
    Guidelines for applications that use location
    Guidelines for applications with social networking elements
    Guidelines for age-appropriate applications
    Guidelines for applications that use mobile advertising or analytics
  • Guidelines for all applications
  • Guidelines for all applications
    BACK
    Don’t sneak around. An application must not secretly access, collect or share personal information.
     
    Identify yourself. Users must know who is using their personal information and how they can contact you for more information or to exercise their rights.
    ABOUT US
    App Adventures is a company that develops apps. You can reach us on our email address superappsapps@appsarethebest.com. Our address is on App street n5, App country.
    i
  • Guidelines for all applications
    BACK
    Make sure users are informed. Use contextual disclosures to make sure users understand how your application will collect and use their personal information. Sometimes, a “privacy policy” will be necessary to achieve this, but many times a “just-in-time” notice is the right way to set expectations about your application and its personal information uses.
    My Great App Privacy Policy
    Sections:
    - What we collect
    - How we use it
    - Your choices
    - How to contact us
    A privacy policy isn’t always the best way to give notice. When a user clicks on “Find Photos near me” (and that’s all you’re using location for),
    he or she’s given her implied consent.
  • Guidelines for all applications
    Financial Times App
    My Great App
    CANCEL
    Gain the user’s consent, where necessary. Sometimes users will need to give their active consent to uses of their personal information.
    • Collection or use of personal information not necessary for the application’s primary purpose.
    • Sharing personal information with third parties.
    • Storing personal information after immediate use of the application.
    Name: Richard Stacey
    Age: 52
    Hobbies: Golf, Sailing, Food
    Religion: Agnostic
    My Great App is requesting access to your address book to invite friends to join the game.
    SEND
    ALLOW
    DON’T ALLOW
    Example 1
    Example 2
  • Guidelines for all applications
    Settings
    Give users control over prompting. Where possible, users should have choices about how – and how often – they are reminded about features and functionality that use their personal information.
    Please let us know how often we should prompt you with this message
    Every day
    Once a week, Monday
    Once a month
    Never
    Save
  • Guidelines for all applications
    Games
    No silent updates. Users must agree to any updates pushed to their device. And they need to be able to understand what the update contains.
    UPDATE
    SUPER GAME
    Development: Game Inc.
    This new version includes the following features:
    • Bug fixing
    • Ten extra missions
    • Scoreboard sharing to Facebook and Twitter
    • In app advertisement
    If you make changes to your app, let the users know what changes have been made so they can make decisions about whether to continue to use it; don't cover those changes under a text like “only minor changes”.
  • Guidelines for all applications
    On the server side,
    do not log locations that can be associated with individual users.
    Instead log aggregates of what you´re interested in. For example, just keep a list of how often people are using your app in London; there is no need to remember which user was in London and when.
    Minimise the information collected. Personal Information collected by an application must be reasonable, not excessive, and within the scope of the user’s expectations.
    Keep data secure. Take appropriate steps to protect users’ personal information from unauthorised disclosure or access.
    Note: The more sensitive the data, the more security you need.
     
  • Guidelines for all applications
    RSS Feed App
    Authenticate where security calls for it. Authenticate users where possible using risk-appropriate authentication methods.
    Set retention and deletion periods. When you no longer need the data you’ve collected for the reasons you collected it, make sure it’s appropriately and completely deleted. If data must be kept (for example, for billing, tax or other good reasons), make sure you keep only the minimum that will meet those needs.
    Reporting. Give users the tools to report privacy problems within or about your application.
     
    Send us feedback
    Type text
    Send Log report
    Send
  • Guidelines for all applications
    MyDreamTrip
    Give users control over remote storage. Tell the user if your application will send data to a remote server and use or store it there. Let them know how long you’ll keep the data and why you need it. You should also let them review and delete the information if possible.
     
     AMSTERDAM
    Price
    100 Eur
    Low Cost
    Bcn 3:00 pm
    Ams 5:00 pm
    Price
    125 Eur
    Iberia
    Bcn 5:00 pm
    Ams 5:00 pm
    Your search info will be stored on a remote server for three months so we can improve our search engine
    Okay
  • Guidelines for applications that use location
  • Guidelines for applications that use location
    Book Recommender
    Inform the user that location will be used. Access, use and share location data only when users have a clear understanding that you will do so and of the consequences of participating.
    Don’t facilitate stalking or surveillance. Applications must not collect, use or share location data about someone other than the user, except where another user has chosen to publish such information.
     
     
    This app would like to use your current location to be able to pull the list of nearby book stores
    Locate me
    Cancel
    Sometimes, it will be very clear in context why and how you’ll use location. In those cases, minimal notice is necessary.
  • Guidelines for applications that use location
    Tetris
    Capture appropriate consents where necessary. For many location-enabled applications, the use of location is clear, and is in fact why your user chooses your application. But where location isn’t the primary purpose of the application, or where users might need a little more help in understanding how you use location, more active prompting and consent may be necessary.
     
    This app would like to detect your current location to be able to post your points in your national ranking
    Post my score and location
    Locate me
    No, Thanks
    If location is not the primary purpose of the application or enables a secondary feature, let the user choose to activate location at the time that they use the feature.
  • Guidelines for applications that use location
    HIKING ROUTES
    This app would like to use your current
    location
    Consent and control are necessary if you collect or retain a location history. If you will retain a history of location, tell the user how long the data is retained and why. Let them review and delete their history.
    Yes
    No
    Share location with the park ranger
    Yes
    No
    Keep location history of my hiking routes
    Yes
    No
    Edit history
    View history
    Settings
  • Guidelines for applications that use location
    Walk with your friends
    Consent and control are necessary if location use persists when the application is active or closed. If you will continue to collect, use or share location data during operation of the application or after a user has closed the application:
    • Get the user’s active consent.
    • Alert the user when the location feature continues to operate with a persistent indicator. If technically possible, this indicator should appear even when the application is running in the background or does not otherwise appear to be active.
    • Prompt the user that location will continue to be collected, used or shared after the application is turned off, or placed in the background, and allow them to turn this feature off.
    • Provide easily accessible settings that allow the user to immediately turn location on or off, including a “location off” feature that overrides all other location settings in the application.
     
    Even when closed, App Skywalker will keep collecting your location data in order to trace your walking route
    Don´t Allow
    Allow
  • Guidelines for applications that use location
    Running Community
    Strawberry finder
    When you start your run, the app will shared your location automatically with:
    Consent and control are necessary if you share location. If you will share location data with other applications, sites or services:
    • Get the active consent of the user.
    • Identify and provide a link or other means to access the recipients.
    • Give users a way to easily manage recipients (for example, to withdraw their consent if they want).
    This app will make use of your GPS location
    Facebook
    Twitter
    Hyves
    Foursquare
    Yes
    Yes
    Allow
    Yes
    Yes
    Bad practice
  • Guidelines for applications that use location
    Carefully set defaults and give users control over social location features. When users can share their location with the public or with their contacts, the default setting must be private. That is, the user must give active consent to begin sharing location, and must affirmatively choose individual users or groups of users who will have access to their location. In addition:
    • Show a clear indicator when location-sharing is active.
    • Allow the user to set the level of granularity of the location (city, street, exact physical location etc.).
    • Allow the user to manually override the location presented, e.g. by typing in an alternate location
    • Allow users to turn off location-sharing at any time.
  • Guidelines for applications that use location
    This application is offered for free, and sponsored ads are included. You can download the ad-free, paid version here: LINK
    Give appropriate choices for location-based advertising. Label your application as ad-supported if it will include contextual location-based advertising or sponsored results. Make sure to get active consent before sending advertising or sponsored results based on a stored history of a user’s location.
     
    Can we use your location to show you relevant advertising in your area?
    Allow
    Enter location manually
  • Guidelines for applications that use location
    My Shops
    My Shops










    Protect children from endangering themselves with social location features. Users who are identified or age-verified as children must be prevented from publishing their location (that is, sharing with the general public). If children are able to share location data with their contacts, granularity must by default be set at the city level or wider. (See more in Guidelines for age-appropriate applicationsbelow).
    @ Shop X
    @ Shop X
    Road 360 number 5, City
    City
    Your detailed address will not be shared –
    only your city. More Info
    @ Shop X
    @ Shop X
    Road 360 number 5, City
    City
    Refresh
    Share location
    Refresh
    Share location
    Settings
    More
    More
    Settings
  • Guidelines for applications with social networking elements
  • Guidelines for applications with social networking elements
    KAMASUTRA
    You are about to share adult content in a social network. Are you sure?
    Encourage responsible social sharing. Allow users to choose to share personal information, but make sure they know and understand the consequences. Give users control of their personal profiles and ensure that defaults protect privacy. Prompt users to register for social networks, but be careful about mapping registration information to profiles. 
    Ensure that children are prevented from endangering themselves on social networks. Underage users require more restrictive defaults and other protective measures. (See more in Guidelines for age-appropriate applications).
    YES
    NO
  • Guidelines for age-appropriate applications (children’s applications or adult applications)
  • Guidelines for age-appropriate apps
    SchoolBook
    Tailor applications appropriate to age ranges. Applications that are intended for children and adolescents should ensure that they understand the consequences of using the application by describing features and functions in age-appropriate language. Children will, in some instances, require more restrictive default settings than adult users.
    Create age-appropriate defaults. The younger the user, the more conservative or restrictive your default settings should be. If you don’t have an actual age, then use the context as a proxy - e.g. applications that are aimed at or are likely to be used by younger children should assume a user age consistent with that type of application
    Name: Richard
    AGE: 8
    To keep you safe, SchoolBook will not share your current location with your friends
    OK
    Messages
    Map
    Friends
  • Guidelines for age-appropriate apps
    We are sorry, you may not use this application.
    Please check the section About Us to read more information about our products and services.
    Please enter your date of birth:
    Where possible and appropriate. Under certain circumstances, you may need to verify a user’s age (for example, where applications contain social networking features or allow access to adult content). Where impossible to verify age using automated means, self-certification may be an acceptable alternative, but should not be done in such a way that children are encouraged to falsify their ages.
    18
    8
    2000
    OK
    EXIT
    Do not ask this question again. We do not save or share your date of birth. It is checked locally on your device.
    About Us
    EXIT
    Ask for users' date or year of birth instead of are you older than X years, but let them know how you will use it. Let them know why and offer them an exit button. Give adults the same choice too. Let them know what type of adult content to expect and give them the option to opt out.
  • Guidelines for applications that use mobile advertising or analytics
  • Guidelines for applications that use mobile advertising or analytics
    Sports/Games
    CONFIRM
    Comply with direct marketing standards, laws and best practices. In most countries, before you can send direct marketing communications (e.g. email or SMS) to users who install your application, they must at least be given: 1) an opportunity to opt out of receiving those messages when and where you collect their contact details; and 2) unsubscribe directions in each communication.
     
    Inform users about embedded advertising features. Let users know when an application is ad-supported before they choose it.
    CACHULI
    Development: Julian Muñoz
    The free version of Cachuli is ad-supported. If you would like to remove the ads and support the continued development of Cachuli, you can do so. From the main screen, press your phone’s menu button, then tap the “remove ads” button. This will let you install the paid app, which removes the ads.
  • Guidelines for applications that use mobile advertising or analytics
    My Great App
    i
    Use third-party analytics tools appropriately. Tools like Google Analytics can be important and useful. But users should be notified that you’re using them and given an opportunity to choose not to participate. Give them an opt out within your application or, where available, instructions on how to use the third-party tool’s opt out. If possible, prevent these tools from collecting full unique identifiers like IMSI, MSISDN, IP address or EEID.
    To improve our app, we´d like to log some basic information about how you use it. This data will not be linked to you – we’ll combine it with other users’ information to create aggregate statistics.
    Under My Profile you will be able to change your choice at any time.
    Continue
    To improve your app, collect information on how users
    interact with it.
    But let your users know, what and why you're collecting. Do it without personal information, and let them opt out if it makes them uncomfortable.
  • Guidelines for applications that use mobile advertising or analytics
    Capture appropriate consent to advertise to a user. Users must agree to advertising targeted to them based on behavioural profiles about how they use your application collected over time, and give active consent to profiling across applications or by third parties. Before you embed code from third-party advertising companies, make sure they meet these requirements and don’t violate your users’ privacy.
     
  • Guidelines for applications that use mobile advertising or analytics
    My Great App
    CANCEL
    Respect privacy when viral marketing. Get the active consent of the user to access information about or send information to their contacts.
    My Great App is requesting access to your address book to invite friends to join the game.
    ALLOW
    DON’T ALLOW
  • Guidelines for applications that use mobile advertising or analytics
    Financial Times App
    i
    Target based only on legitimately collected personal information. The only personal information you may use to target advertising is the information you have legitimately collected as necessary for your application’s primary purpose. Please note that our rules require us to reject your application if it collects additional information solely for the purpose of targeting advertising.
     
    Name: Richard Stacey
    Age: 52
    Hobbies: Golf, Sailing, Food
    Religion: Agnostic
    Submit
    TAP HERE TO GET A CHEAP GOLF COURSE IN SPAIN
    Bad practice
  • Thanks!