Best Practices for Mobile Applications Developers

UPDATE: CDT and FPF released the final version of these best practices on July 12, 2012. The final document can be found here.

Today, CDT and the Future of Privacy Forum publicly released a beta version of their “Best Practices for Mobile Application Developers.” We have been working on this guidance over the past year in consultation with stakeholders from industry and civil society, both in the United States and abroad. We hope that this document can serve as a primer for developers who are interested in preserving their customers’ privacy but who aren’t necessarily privacy experts themselves.

We started on this project because of heightened privacy issues in the mobile environment. Application developers can access a considerably broader range of information about users than traditional web developers. Last year, the Wall Street Journal reported that of the top 101 apps, most were transmitting personal information about users, such as unique device identifiers, age, gender, and precise geo-location information to third parties. Research from the Future of Privacy Forum has shown that even in the most popular applications, less than half have privacy policies detailing what they do with customer data.

The best practices are based on long-established privacy principles that we believe should apply to everyone who collects and processes individual information, not just mobile developers. Among the recommendations that we make to developers are:

  • Be completely transparent about how you are using or transmitting customer data
  • Don’t access more data than you need, and get rid of old data
  • Give your customers control over uses that users might not expect
  • Use reasonable and up-to-date security protocols to safeguard data
  • As the app developer, you need to be responsible for thinking about privacy, and taking privacy into consideration during the various stages of your app life cycle

This is not a final pronouncement on our view as to what app developer best practices are. We’re soliciting public comment on this draft — if you have feedback, please send your thoughts to apps@cdt.org

Share Post