The Too Often Overlooked Aspect of App Development: Privacy
If there’s one aspect of app development that’s too often overlooked (other than testing), it’s Privacy. At this point in the mobile app lifecycle, I think we’ve gotten a pretty good understanding about writing code, visual design, and marketing. However it seems like Privacy is often relegated to a dark corner of an “about” page.
It’s no secret that you have to protect your user’s privacy. Some places like the State of California, have laws that regulate what kind of data your app can collect and how that data is stored. California even published well-organized guidelines with the best practices for protecting user privacy.
If you’re not building a shopping, banking, or health app, it might not be obvious why you need special privacy considerations. Don’t assume users won’t enter sensitive data.
For example, if your app has:
- To-dos: users may enter sensitive financial information (for example, your user could be a CFO and have a secret deal to make)
- Events: an event might be an innocuous party or it could be a secret rendezvous
- Games: federal laws already exist regarding the collection data for children under 13
- Browsers: users might not want certain pages shared with others
- Location: people generally don’t like to be tracked
For just about any type of mobile application, you can imagine a reason why the user might not want to share that information with a 3rd party.
Fortunately, there are some guidelines to help:
- Don’t collect unnecessary data. Or more realistically, only collect data that your app needs. If you can’t justify why a current feature needs that particular piece of data, don’t save it. Don’t save data “that might be useful in the future.” If you need access to sensitive phone data such as call logs, location or contacts, try to get the minimum amount needed. Do what you need to do with it, and discard the data as soon as you can.
- Anonymize. If you need to store data, don’t store it along with personally identifiable information. This not only includes names and email addresses, but also location data, search history, device identifiers, IP addresses, etc. If you need data for analytics, aggregate them from users in an anonymous fashion. Allow your users to sign in using a minimum set of information. For example, with Kinvey you can let your users have a username without collecting any additional data. With our native libraries, you can create implicit users, where the username is even randomly generated.
- Encrypt. Any data you do keep, be sure to store and transmit in an encrypted manner. Watch out for device logs as well! Never display sensitive information or passwords in the logs. It’s too easy to forget to turn off logging and therefore, let that data be available to anyone with console access.
- Discard the data. Don’t hold on to data any longer than you need to. Be sure to delete it from the server when you no longer need it. For example, if you are building a pedometer app, maybe once an “activity” is complete, only store the distance traveled and not all the locations along the way. Expire cached data like browser history.
Do rely on the developer community and platform guidelines for delivering the best experience for your users. And if you’re ever in doubt, don’t collect it!