Major app makers and distributors are now forced to have privacy policy for their apps. Here is what arstechnica.com had to say about it:
The makers of the most widely used mobile app stores have agreed to comply with a California law requiring mobile apps that collect personal information to have a privacy policy. California Attorney General Kamala Harris announced the agreement today with Apple and Google, which run the two most popular mobile app stores, as well as Amazon, HP, Microsoft, and Research In Motion.
“These platforms have agreed to privacy principles designed to bring the industry in line with a California law requiring mobile apps that collect personal information to have a privacy policy,” Harris’s office said in a press release. “The majority of mobile apps sold today do not contain a privacy policy.”
The agreement doesn’t place restrictions on what types of data app makers may collect. But app makers must describe “how personal data is collected, used and shared,” and make their privacy policies easily found by users. App store listings will contain either the text of the privacy policy or a link to the policy.
There have been several controversies over mobile app privacy, and one of the most recent centered on the social network Path accessing and uploading iPhone users’ contact databases without permission. Harris noted that a Wall Street Journal report last year found “that 45 of the top 101 apps did not provide privacy policies either inside the application or on the application developer’s website,” despite the fact that most of the mobile apps were transmitting a phone’s unique device ID or location “to other companies without users’ awareness or consent.” Some apps were also transmitting the user’s age, gender, and other personal details.
This goes back to the following Google post Best Practices for Handling Android User Data . Here are the recommendations from that post:
As the use of mobile applications grows, people are paying more attention to how these applications use their data. While the Android platform contains extensive permissions designed to protect users, application developers are ultimately responsible for how they handle users’ information. It’s important for developers to understand the code they include, and consider the permissions they request, as mishandling these issues can result in users perceiving a violation of trust.
Maintaining a healthy and trustworthy ecosystem is in every Android developer’s best interest.
Here are a few tips for writing trustworthy Android applications:
- Maintain a privacy policy
- Minimize permissions
- Give your users a choice regarding data collection
- Don’t collect unnecessary information
- Don’t send data off the device
- … but if you have to, use encryption and data minimization
- Don’t use code you don’t understand
- Don’t log device or user specific information.
There is a new field in the developer’s console, when publishing an app to the Google Play field.