SecureState Blog

Read SecureState's award winning blog.

The mobile application market is flourishing, expected to reach $58 million worldwide by 2014. This euphoric projection has app developers looking for the next Angry Birds. Yet, too often the privacy ramifications are not considered during application development or by the consumers who use them. With new useful and entertaining applications being released daily by large software developers and also by garage developers, the atmosphere is ripe for improper data location, sharing, and retention. So, how private are smartphone apps?

Businesses need to weigh the associated risks for:

  • Legalities of collecting data
  • Data protection
  • Syncing privacy practices with corporate policy

Application users that enter data into their Smartphones can make the conscious choice to not enter their private information. Surreptitiously collecting data or possibly collecting data from minors raises concerns. Is it permissible to collect personal information from minors under age 13? How can applications validate a user’s age?

Applications collecting Personally Identifiable Information (PII) may have a legal requirement to protect that information. For example, applications that allow repeat purchases via cell phone may retain the credit card to streamline subsequent purchases.  Although this creates a perceived value to both the consumer (ease of use) and the developer (complete the sale quickly), certain data sets are protected by state and federal law. Additional security controls must be implemented to safeguard the data with which they have been entrusted.

Clear and conspicuous disclosure on the collection, use, retention, and ultimately, proper disposal of private information is typically outlined in a business’ privacy policy. Privacy policies in the past were verbose documents written by a team of lawyers that were difficult to read on a 20-inch computer monitor, let alone on a 2-inch Smartphone. Businesses are challenged to conspicuously disclose their intentions, so that consumers may review them and make informed decisions.

The nascent mobile app market will continue to grow to meet consumer demand, thus favorable double digit growth is expected to continue unabated. To capture consumer favor it is important to meet expectations, including privacy protections. Responsible application developers need to balance this reality when deciding what to collect, its retention, the safeguarding of the data they are entrusted, and downstream manifestations of the data. This business model is driven not just by ethics, but also by various regulatory requirements.