Your SlideShare is downloading. ×
Designing for privacy in mobile applications
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Designing for privacy in mobile applications

3,219
views

Published on

Published in: Technology, News & Politics

0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,219
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
33
Comments
0
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • SOLUCION
  • Transcript

    • 1. ?
    • 2. Designing for Privacy in Mobile ApplicationsGuidelines for Vodafone application developers
      18 July 2011
    • 3.
    • 4. Introduction
    • 5. What is privacy?
      Keep in mind that the guidelines here form part of our Developer Agreement, so you’re bound to comply with them when you participate in our programme.
      The guidelines here are intended to help you ensure that your applications don’t violate your users’ privacy. But what does that mean?
      Privacy means different things to different people in different contexts, but, when we use it here, we mean making sure that, when your application collects and uses personal information, it does it in ways that meet users’ expectations and gives them proper control, and it doesn’t disturb them or behave intrusively.
    • 6. What is personal information?
      Personal information is personal information no matter how it’s collected. For example, you could:
      Ask your user for it directly (for example, in a registration flow).
      Collect it directly from your user’s handset (for example, a unique identifier like IMSI, MSISDN or EEID).
      Infer it indirectly, like when you profile or segment users based on their observed behaviours or locations.
      Collect it when it’s generated by the user (for example, tweets, status updates and other user-generated content, such as photos).
      But there is not necessarily a privacy problem because your application collects and uses personal information – that’s what the guidelines below are intended to help you determine.
      There are lots of legal definitions we could throw in here, but we’ll try to keep it simple: if information relating to an individual could identify, locate or enable you to contact them, then it’s personal information.
      But that individual doesn’t need to be identified by name, for example, or by phone number. A name or a phone number are each personal information, but not the only examples. A user is identified (and could be contacted or located) even when you’ve only associated them with an anonymised (or, really, pseudonymised) unique identifier if it persists over multiple sessions.
    • 7. Why should I care?
      Some other important expressions
      What happens if your application does have a privacy problem? In a worst-case scenario, a regulator or consumer protection authority might investigate you for a legal or regulatory violation – which might cause you to have to pull your application, pay fines or even face criminal penalties. A privacy problem with your application will also likely lead to unhappy consumers and bad ratings, or you might find yourself being “named and shamed” by a privacy advocate – many of them are paying particular attention in this space and are actively engaged. Of course, if your application is identified by our testing or reported by your users as violating privacy, it goes without saying that we will not approve your application or we’ll pull it from our platforms.
      When we talk about applications needing active consent, we mean an affirmative indication of agreement by the user to a specific and notified use of their personal information. Active consent can typically be captured by ticking a consent box or clicking an ‘OK’/‘Allow’ button. Active consent must be captured in a way so that consent is not the default option (for example, if there’s an ‘I Accept’ tick box, it should not be pre-ticked so that consent is bundled in with agreeing to install).
      When we refer to location information, we mean any information that identifies the geographical location of a user’s device, including Cell ID, GPS, Wi-Fi, or other, less granular, information, such as town or region.
    • 8. Index
      Guidelines for all applications
      Guidelines for applications that use location
      Guidelines for applications with social networking elements
      Guidelines for age-appropriate applications
      Guidelines for applications that use mobile advertising or analytics
    • 9. Guidelines for all applications
    • 10. Guidelines for all applications
      BACK
      Don’t sneak around. An application must not secretly access, collect or share personal information.
       
      Identify yourself. Users must know who is using their personal information and how they can contact you for more information or to exercise their rights.
      ABOUT US
      App Adventures is a company that develops apps. You can reach us on our email address superappsapps@appsarethebest.com. Our address is on App street n5, App country.
      i
    • 11. Guidelines for all applications
      BACK
      Make sure users are informed. Use contextual disclosures to make sure users understand how your application will collect and use their personal information. Sometimes, a “privacy policy” will be necessary to achieve this, but many times a “just-in-time” notice is the right way to set expectations about your application and its personal information uses.
      My Great App Privacy Policy
      Sections:
      - What we collect
      - How we use it
      - Your choices
      - How to contact us
      A privacy policy isn’t always the best way to give notice. When a user clicks on “Find Photos near me” (and that’s all you’re using location for),
      he or she’s given her implied consent.
    • 12. Guidelines for all applications
      Financial Times App
      My Great App
      CANCEL
      Gain the user’s consent, where necessary. Sometimes users will need to give their active consent to uses of their personal information.
      • Collection or use of personal information not necessary for the application’s primary purpose.
      • 13. Sharing personal information with third parties.
      • 14. Storing personal information after immediate use of the application.
      Name: Richard Stacey
      Age: 52
      Hobbies: Golf, Sailing, Food
      Religion: Agnostic
      My Great App is requesting access to your address book to invite friends to join the game.
      SEND
      ALLOW
      DON’T ALLOW
      Example 1
      Example 2
    • 15. Guidelines for all applications
      Settings
      Give users control over prompting. Where possible, users should have choices about how – and how often – they are reminded about features and functionality that use their personal information.
      Please let us know how often we should prompt you with this message
      Every day
      Once a week, Monday
      Once a month
      Never
      Save
    • 16. Guidelines for all applications
      Games
      No silent updates. Users must agree to any updates pushed to their device. And they need to be able to understand what the update contains.
      UPDATE
      SUPER GAME
      Development: Game Inc.
      This new version includes the following features:
      • Bug fixing
      • 17. Ten extra missions
      • 18. Scoreboard sharing to Facebook and Twitter
      • 19. In app advertisement
      If you make changes to your app, let the users know what changes have been made so they can make decisions about whether to continue to use it; don't cover those changes under a text like “only minor changes”.
    • 20. Guidelines for all applications
      On the server side,
      do not log locations that can be associated with individual users.
      Instead log aggregates of what you´re interested in. For example, just keep a list of how often people are using your app in London; there is no need to remember which user was in London and when.
      Minimise the information collected. Personal Information collected by an application must be reasonable, not excessive, and within the scope of the user’s expectations.
      Keep data secure. Take appropriate steps to protect users’ personal information from unauthorised disclosure or access.
      Note: The more sensitive the data, the more security you need.
       
    • 21. Guidelines for all applications
      RSS Feed App
      Authenticate where security calls for it. Authenticate users where possible using risk-appropriate authentication methods.
      Set retention and deletion periods. When you no longer need the data you’ve collected for the reasons you collected it, make sure it’s appropriately and completely deleted. If data must be kept (for example, for billing, tax or other good reasons), make sure you keep only the minimum that will meet those needs.
      Reporting. Give users the tools to report privacy problems within or about your application.
       
      Send us feedback
      Type text
      Send Log report
      Send
    • 22. Guidelines for all applications
      MyDreamTrip
      Give users control over remote storage. Tell the user if your application will send data to a remote server and use or store it there. Let them know how long you’ll keep the data and why you need it. You should also let them review and delete the information if possible.
       
       AMSTERDAM
      Price
      100 Eur
      Low Cost
      Bcn 3:00 pm
      Ams 5:00 pm
      Price
      125 Eur
      Iberia
      Bcn 5:00 pm
      Ams 5:00 pm
      Your search info will be stored on a remote server for three months so we can improve our search engine
      Okay
    • 23. Guidelines for applications that use location
    • 24. Guidelines for applications that use location
      Book Recommender
      Inform the user that location will be used. Access, use and share location data only when users have a clear understanding that you will do so and of the consequences of participating.
      Don’t facilitate stalking or surveillance. Applications must not collect, use or share location data about someone other than the user, except where another user has chosen to publish such information.
       
       
      This app would like to use your current location to be able to pull the list of nearby book stores
      Locate me
      Cancel
      Sometimes, it will be very clear in context why and how you’ll use location. In those cases, minimal notice is necessary.
    • 25. Guidelines for applications that use location
      Tetris
      Capture appropriate consents where necessary. For many location-enabled applications, the use of location is clear, and is in fact why your user chooses your application. But where location isn’t the primary purpose of the application, or where users might need a little more help in understanding how you use location, more active prompting and consent may be necessary.
       
      This app would like to detect your current location to be able to post your points in your national ranking
      Post my score and location
      Locate me
      No, Thanks
      If location is not the primary purpose of the application or enables a secondary feature, let the user choose to activate location at the time that they use the feature.
    • 26. Guidelines for applications that use location
      HIKING ROUTES
      This app would like to use your current
      location
      Consent and control are necessary if you collect or retain a location history. If you will retain a history of location, tell the user how long the data is retained and why. Let them review and delete their history.
      Yes
      No
      Share location with the park ranger
      Yes
      No
      Keep location history of my hiking routes
      Yes
      No
      Edit history
      View history
      Settings
    • 27. Guidelines for applications that use location
      Walk with your friends
      Consent and control are necessary if location use persists when the application is active or closed. If you will continue to collect, use or share location data during operation of the application or after a user has closed the application:
      • Get the user’s active consent.
      • 28. Alert the user when the location feature continues to operate with a persistent indicator. If technically possible, this indicator should appear even when the application is running in the background or does not otherwise appear to be active.
      • 29. Prompt the user that location will continue to be collected, used or shared after the application is turned off, or placed in the background, and allow them to turn this feature off.
      • 30. Provide easily accessible settings that allow the user to immediately turn location on or off, including a “location off” feature that overrides all other location settings in the application.
       
      Even when closed, App Skywalker will keep collecting your location data in order to trace your walking route
      Don´t Allow
      Allow
    • 31. Guidelines for applications that use location
      Running Community
      Strawberry finder
      When you start your run, the app will shared your location automatically with:
      Consent and control are necessary if you share location. If you will share location data with other applications, sites or services:
      • Get the active consent of the user.
      • 32. Identify and provide a link or other means to access the recipients.
      • 33. Give users a way to easily manage recipients (for example, to withdraw their consent if they want).
      This app will make use of your GPS location
      Facebook
      Twitter
      Hyves
      Foursquare
      Yes
      Yes
      Allow
      Yes
      Yes
      Bad practice
    • 34. Guidelines for applications that use location
      Carefully set defaults and give users control over social location features. When users can share their location with the public or with their contacts, the default setting must be private. That is, the user must give active consent to begin sharing location, and must affirmatively choose individual users or groups of users who will have access to their location. In addition:
      • Show a clear indicator when location-sharing is active.
      • 35. Allow the user to set the level of granularity of the location (city, street, exact physical location etc.).
      • 36. Allow the user to manually override the location presented, e.g. by typing in an alternate location
      • 37. Allow users to turn off location-sharing at any time.
    • Guidelines for applications that use location
      This application is offered for free, and sponsored ads are included. You can download the ad-free, paid version here: LINK
      Give appropriate choices for location-based advertising. Label your application as ad-supported if it will include contextual location-based advertising or sponsored results. Make sure to get active consent before sending advertising or sponsored results based on a stored history of a user’s location.
       
      Can we use your location to show you relevant advertising in your area?
      Allow
      Enter location manually
    • 38. Guidelines for applications that use location
      My Shops
      My Shops










      Protect children from endangering themselves with social location features. Users who are identified or age-verified as children must be prevented from publishing their location (that is, sharing with the general public). If children are able to share location data with their contacts, granularity must by default be set at the city level or wider. (See more in Guidelines for age-appropriate applicationsbelow).
      @ Shop X
      @ Shop X
      Road 360 number 5, City
      City
      Your detailed address will not be shared –
      only your city. More Info
      @ Shop X
      @ Shop X
      Road 360 number 5, City
      City
      Refresh
      Share location
      Refresh
      Share location
      Settings
      More
      More
      Settings
    • 39. Guidelines for applications with social networking elements
    • 40. Guidelines for applications with social networking elements
      KAMASUTRA
      You are about to share adult content in a social network. Are you sure?
      Encourage responsible social sharing. Allow users to choose to share personal information, but make sure they know and understand the consequences. Give users control of their personal profiles and ensure that defaults protect privacy. Prompt users to register for social networks, but be careful about mapping registration information to profiles. 
      Ensure that children are prevented from endangering themselves on social networks. Underage users require more restrictive defaults and other protective measures. (See more in Guidelines for age-appropriate applications).
      YES
      NO
    • 41. Guidelines for age-appropriate applications (children’s applications or adult applications)
    • 42. Guidelines for age-appropriate apps
      SchoolBook
      Tailor applications appropriate to age ranges. Applications that are intended for children and adolescents should ensure that they understand the consequences of using the application by describing features and functions in age-appropriate language. Children will, in some instances, require more restrictive default settings than adult users.
      Create age-appropriate defaults. The younger the user, the more conservative or restrictive your default settings should be. If you don’t have an actual age, then use the context as a proxy - e.g. applications that are aimed at or are likely to be used by younger children should assume a user age consistent with that type of application
      Name: Richard
      AGE: 8
      To keep you safe, SchoolBook will not share your current location with your friends
      OK
      Messages
      Map
      Friends
    • 43. Guidelines for age-appropriate apps
      We are sorry, you may not use this application.
      Please check the section About Us to read more information about our products and services.
      Please enter your date of birth:
      Where possible and appropriate. Under certain circumstances, you may need to verify a user’s age (for example, where applications contain social networking features or allow access to adult content). Where impossible to verify age using automated means, self-certification may be an acceptable alternative, but should not be done in such a way that children are encouraged to falsify their ages.
      18
      8
      2000
      OK
      EXIT
      Do not ask this question again. We do not save or share your date of birth. It is checked locally on your device.
      About Us
      EXIT
      Ask for users' date or year of birth instead of are you older than X years, but let them know how you will use it. Let them know why and offer them an exit button. Give adults the same choice too. Let them know what type of adult content to expect and give them the option to opt out.
    • 44. Guidelines for applications that use mobile advertising or analytics
    • 45. Guidelines for applications that use mobile advertising or analytics
      Sports/Games
      CONFIRM
      Comply with direct marketing standards, laws and best practices. In most countries, before you can send direct marketing communications (e.g. email or SMS) to users who install your application, they must at least be given: 1) an opportunity to opt out of receiving those messages when and where you collect their contact details; and 2) unsubscribe directions in each communication.
       
      Inform users about embedded advertising features. Let users know when an application is ad-supported before they choose it.
      CACHULI
      Development: Julian Muñoz
      The free version of Cachuli is ad-supported. If you would like to remove the ads and support the continued development of Cachuli, you can do so. From the main screen, press your phone’s menu button, then tap the “remove ads” button. This will let you install the paid app, which removes the ads.
    • 46. Guidelines for applications that use mobile advertising or analytics
      My Great App
      i
      Use third-party analytics tools appropriately. Tools like Google Analytics can be important and useful. But users should be notified that you’re using them and given an opportunity to choose not to participate. Give them an opt out within your application or, where available, instructions on how to use the third-party tool’s opt out. If possible, prevent these tools from collecting full unique identifiers like IMSI, MSISDN, IP address or EEID.
      To improve our app, we´d like to log some basic information about how you use it. This data will not be linked to you – we’ll combine it with other users’ information to create aggregate statistics.
      Under My Profile you will be able to change your choice at any time.
      Continue
      To improve your app, collect information on how users
      interact with it.
      But let your users know, what and why you're collecting. Do it without personal information, and let them opt out if it makes them uncomfortable.
    • 47. Guidelines for applications that use mobile advertising or analytics
      Capture appropriate consent to advertise to a user. Users must agree to advertising targeted to them based on behavioural profiles about how they use your application collected over time, and give active consent to profiling across applications or by third parties. Before you embed code from third-party advertising companies, make sure they meet these requirements and don’t violate your users’ privacy.
       
    • 48. Guidelines for applications that use mobile advertising or analytics
      My Great App
      CANCEL
      Respect privacy when viral marketing. Get the active consent of the user to access information about or send information to their contacts.
      My Great App is requesting access to your address book to invite friends to join the game.
      ALLOW
      DON’T ALLOW
    • 49. Guidelines for applications that use mobile advertising or analytics
      Financial Times App
      i
      Target based only on legitimately collected personal information. The only personal information you may use to target advertising is the information you have legitimately collected as necessary for your application’s primary purpose. Please note that our rules require us to reject your application if it collects additional information solely for the purpose of targeting advertising.
       
      Name: Richard Stacey
      Age: 52
      Hobbies: Golf, Sailing, Food
      Religion: Agnostic
      Submit
      TAP HERE TO GET A CHEAP GOLF COURSE IN SPAIN
      Bad practice
    • 50. Thanks!

    ×