Best Practices for Mobile App Developers: Privacy Guidelines

Center for Democracy & Technology Mobile Application DevelopmentAs you go about building and deploying your mobile apps, you could find that privacy for the intended users rises in importance. In order to help you out in your quest for a more private app, The Center for Democracy and Technology (CDT) has made available a set of guidelines for ensuring privacy for the users during and after App development.

The challenge, as the CDT puts it:

“Mobile applications” – software programs for mobile device operating systems (such as Android, Blackberry OS, iOS, or Windows Phone OS) – can collect, use, and transfer users’ personal information from a mobile device. As the mobile app developer, you are responsible for thinking about privacy at all stages of your app’s life cycle.

The best practices PDF breaks it down into 7 simple steps, and then goes into more detail on some of the steps as well aw important situations and challenges.

The seven steps are:

1. Practice Privacy By Design

2. Communicate Openly & Effectively

3. Make Your Privacy Policy Easily Accessible

4. Use Enhanced Notice

5. Provide Users with Choices & Controls

6. Secure Your Users’ Data!

7. Ensure Accountability

Here is an example of some of the more in depth discussion, in this case on data retention and security:

Don’t access or collect user data unless your app requires it. If you gather or transmit data that your app does not need for
a legitimate purpose, you put both yourself and your users at risk. Advertising may well be a legitimate purpose—so long
as the collection and transfer of targeting data is transparent, and users are given options about usage of their information
for that purpose (see “Individual Choice,” below). However, platform and app stores may have their own rules about the
collection and use of user information for certain purposes, including advertising. Violating a platform’s terms of service
could get you in trouble with the platform or app store, or even regulators. Delete data that does not need to be retained for
a clear business purpose.

If privacy is important to the people who will be using the apps you develop, then this guide is a must read.

To read the full PDF, click here.