Privacy on the Go

When you’re developing an app, what do you need to keep in mind about privacy?  We’ve provided the following food for thought.

Does the mobile application collect, use, or disclose any of the following?

  • Student information
  • Financial or payment information
  • Health or medical information
  • Unique device identifiers
  • Geo-location (GPS, WiFi, or user entered)
  • Mobile phone #
  • Email address
  • User’s name
  • text messages or email
  • call logs
  • other logs
  • contacts or address book information
  •  photos or videos
  • web browsing history
  • Information from or about other applications downloaded or used

Answer the following for each of the above types data identified as relevant to the application.

  • Is the data type necessary for your app’s basic functionality (that is, within the reasonably expected context of the app’s      functions as described to users)?
  • Is the data type necessary for business reasons (such as billing)?
  • How will you use the data?
  • Will it be necessary to store data off the device, on your servers?
  • How long will you need to store the data on your servers?
  • Will you share the data with third parties (such as ad networks, analytics companies, service providers)?  If so, with whom will you share it?
  • How will third parties use the data?
  • Who in your organization will have access to user data?
  • Is your app directed at or likely to be used by children under the age of 13?
  • What parts of the mobile device do you have permission to access?  Can you provide users with the ability to modify permissions?

Abstracted from a document produced by the Office of the Attorney General for the State of California, “Privacy on the Go.”