There have been several controversies over mobile app privacy, and one of the most recent centered on the social network Path accessing and uploading iPhone users’ contact databases without permission. Harris noted that a Wall Street Journal report last year found “that 45 of the top 101 apps did not provide privacy policies either inside the application or on the application developer’s website,” despite the fact that most of the mobile apps were transmitting a phone’s unique device ID or location “to other companies without users’ awareness or consent.” Some apps were also transmitting the user’s age, gender, and other personal details.
This goes back to the following Google post Best Practices for Handling Android User Data . Here are the recommendations from that post:
As the use of mobile applications grows, people are paying more attention to how these applications use their data. While the Android platform contains extensive permissions designed to protect users, application developers are ultimately responsible for how they handle users’ information. It’s important for developers to understand the code they include, and consider the permissions they request, as mishandling these issues can result in users perceiving a violation of trust.
Maintaining a healthy and trustworthy ecosystem is in every Android developer’s best interest.
Here are a few tips for writing trustworthy Android applications:
- Minimize permissions
- Give your users a choice regarding data collection
- Don’t collect unnecessary information
- Don’t send data off the device
- … but if you have to, use encryption and data minimization
- Don’t use code you don’t understand
- Don’t log device or user specific information.
There is a new field in the developer’s console, when publishing an app to the Google Play field.