1. Privacy for Mobile Developers
Kasey Chappelle
http://www.vodafone.com/start/privacy.html
Ricardo Varela
http://twitter.com/phobeo
OverTheAir 2010
image borrowed from http://xkcd.com
2. What is Privacy?
The ability of individuals to know of, and to
express choice and control over how information
about them is collected, shared and used
3. Why should I care?
Your users (increasingly) care
The press loves a privacy story
Regulators are watching
4. Some defnitions: Personal Information
Data relating to an
identifed or identifable
individual, for example:
●
collected via an
application UI
●
gathered indirectly from
To be identifed, an
user's device individual doesn't need to
●
gathered from user's be called by name, their
behaviour information may be
associated to a unique
●
generated by the user identifer
5. Some defnitions: Location data
Information that
identifes the
geographical location
of a user's device,
which may include
GPS coordinates, cell
id info, wif essids or
other less granular
data such as town or
region
6. Some defnitions: Active Consent
Affrmative indication
of agreement by the
user to a specifc and
notifed use of their
personal information.
Must be captured in a
way in which consent
is not the default
option.
13. No surreptitious data collection
Before users activate the app, make them aware
of features that might affect their privacy
Eg: don't access/use location data without letting
them know
14. No surreptitious data collection
Remember that there is some data you may have
access to even without specifc APIs or prompting
(for example, location from their IP) and inform your
user if you intend to use it too
15. Identify yourself
Users must know who is using their personal
information so they can exercise their rights to
access, correct and delete information.
That info can be included in the application itself
18. Minimize the info collected
The application should collect and use only the
info required for its normal operation and other
legitimate uses (e.g., consent, required by law)
19. Minimize the info collected
Do you really need
all that information?
20. Gain their consent
Sometimes (but not always) users will need to
give active consent to use of their information:
secondary purposes, public display, sharing with
third parties or remote/persistent storage
23. Help them choose
Make users aware of the privacy-related default
settings and allow them to exercise their privacy
choices (in an easy way)
You can help a user decide by showing the
consequences of the actions being proposed
25. Beware of the blanket
Whenever you access data with a blanket
permission (no prompts required) be sure to
show your own prompt reminding the user that
this is the case, at least once and until the user
confrms they want no further reminders
image borrowed from http://www.starkeith.net/
26. No silent updates
Inform the users of material changes in the way
your application will collect their data BEFORE
you enable the changes. If the change is
essential for the application, give them a chance
to disable/exit the application
27. No silent updates
Use whichever
mechanisms your
platform has to let users
know what has changed
28. No silent updates
Use whichever
mechanisms your
platform has to let users
know what has changed
29. Don't facilitate stalking or surveillance
Applications should not collect, use or share data
about someone other than the user except when
the other party has chosen to publish that
information
34. Explain them how you know so much
Whenever you offer results based on data
mining, try not to surprise your user by providing
some explanation about how their data has been
used to reach those conclusions
35. Explain them how you know so much
Let the users know what
part of their information
you use to minimize the
surprise
36. Keep it secure
User data stored on the device or remotely must
be stored somehow securely, for example by
being encrypted (and ensuring the encryption
keys are kept in a trusted environment)
40. Not all Advertising has an impact in
Privacy
When we talk Advertising here, we refer to
Advertising that uses personal information, such
as targeted advertising, or advertising that
involves user data being send to a third party,
such as embedding a third party ad tracking
code
41. Let me know you have Ads
Let users know the application will display ads
before they activate it. Additionally you can
mention what to do if they don't want ads (like
getting the paid-for app)
42. Let me know you have Ads
Users should know
beforehand what to
expect
43. Let me know you have Ads
Users should know
beforehand what to
expect
44. rd
Give users choices about 3 parties
If you're using analytics or network advertisers,
you're required by law to let users know
(generally in a privacy policy) and tell them how to
opt out (or get their opt in, in some countries).
45. rd
Give users choice about 3 parties
Let me opt out if I don't
want to share data (and
is not essential to the
service)
46. Target advertisement using legitimate
data
Avoid targeting ads using personal information
which hasn't been collected for the application's
primary purpose
47. Respect the privacy of my network
Don't spam your users' contacts - applications
should not collect information about or send
messages to contacts without the user's active
consent
50. Age verify where possible and
appropriate
If the application context requires features like
social network access or displays restricted
content, integrate age verifcation controls. When
not possible, you can implement self-certifcation
asking for a date of birth before activation of the
application or feature.
51. Age verify where possible and
appropriate
If nothing else is
available, self-verifcation
is fne
52. Set privacy-protective default settings
Applications targeted at children and adolescents
should will require careful treatment of social
features, especially those using location.
54. High Level Principles
Be transparent – don't surprise your users with
unexpected data uses or sharing
Be reasonable – if you don't need data, don't
collect it; if it's no longer needed, don't keep it
Give your users meaningful choices about how
their data is collected, used and shared
Respond to your users' queries – in some cases,
the law requires it
55. Thanks! :)
Kasey Chappelle
http://www.vodafone.com/start/privacy.html
Ricardo Varela
http://twitter.com/phobeo
thanks to Belen Albeza (@ladybenko) for
the cartoons!