Hey mobile developers — here’s one way to make your apps more privacy-friendly

Excellent news for those who worry about the privacy implications of apps: MEF, a trade organization for mobile content and commerce firms, launched a privacy policy generator called AppPrivacy. I reckon it’s an important step towards developers taking “privacy by design” principles into account.

This is a crucial issue, particularly as people become more sensitive to the implications of apps sucking up their personal data and sending it who-knows-where. And with Android(s goog) having introduced toggles that let users kill specific elements of an app’s functionality, the tide is turning — developers have to be more on-the-level with their customers these days.

Policy generation

AppPrivacy comes out of an MEF working group dedicated to, well, app privacy. The group includes a bunch of lawyers and representatives from companies such as Mozilla, Vodafone(s vod), mobile ad network InMobi, privacy management firm TRUSTe and security outfit Kaspersky Labs.

The tool is for use by developers, who simply fill in a series of tickboxes detailing what data they use, why they use it and who else gets access to it. At the end, AppPrivacy generates a straightforward HTML privacy policy for customization and embedding into the app itself. Here’s one I made earlier:


What’s cool about the tool is the way it gently harangues the developer as they’re filling out the forms. Playing devil’s advocate, I decided to make my “HappyFunTimes” app truly obnoxious, and I ticked the box that said I wanted to send marketing messages to my users’ contacts.

“Warning!” a pop-up box read. “If you are going to access the user’s contacts database and use it for marketing purpose, you must have their permission first. Also, you should gain consent from any contact you plan to send marketing messages to.”

I ticked the box saying I wouldn’t require consent from my users in order to send them marketing messages. “Warning! Many countries require marketers to gain consent from any contact you plan to send marketing messages to. If you do not – and are not able to prove it – you may find yourself in trouble with the relevant authorities.”

HappyFunTimes should collect user location data, I decided. The warning: “While there’s no doubt consumers enjoy the location-enabled functionality of modern smartphones, many are concerned at having their movements monitored. It’s important you let them know why you’re tracking their location and who you’re sharing that information with.”

An excellent start

Did I mention that I love this tool? Sure, it’s not perfect and yeah, an ad firm is part of the working group, but you know what? It’s an excellent start.

Why? Because, as MEF itself found in a recent survey, more than 25 percent of the top 100 free apps have no privacy policy at all. And only a third of those that do give access to it from within the app. Meanwhile, 70 percent of consumers surveyed by MEF said it’s important to know when an app is gathering and sharing personal data.

People do care about this stuff and, as platforms gradually give users more control over their data, developers need to care about it too. AppPrivacy is not hard to use (I managed it) and it bluntly spells out the factors that developers should be taking into account.

As MEF Global Chair Andrew Bud put it:

“Consumers’ trust in our industry will be built on transparency and ease of understanding in dealing with their private data. That’s a tough combination to deliver, and our research shows that many providers have struggled with it. Now, building on the expertise of our cross-stakeholder group, AppPrivacy delivers credible, practical solutions to ensure best practice in our industry.”

What we need now is the introduction of more informative and granular permissions at the time of an app’s installation. But that’s a platform thing – over to you, Google(s goog) and Apple(s aapl)…