User Privacy: There’s a theme here!

These days, it’s not enough to “just” build a fantastic app. Developers have to carefully consider how to integrate user privacy within their apps, especially in light of both new and pending legislation that is changing the way software programmers actually create the framework of their apps.

There are a lot of people within Intel®’s community that have written about app privacy and what it means for developers in various contexts. In this article, we’re going to take a quick survey of what’s been written about app privacy for developers from people who have “been there, done that”. This is not meant to be an official megaphone for Intel privacy policies; merely a sampling of what’s already been written in the community so developers can get a feel for what Intel expects. In addition, while I am interested in app privacy, I do not work directly with  the privacy group for Intel; I'm just covering content that developers might find interesting and helpful. 

“No interest in spying on you”

One of the more popular destinations on the Intel Software Network is the Intel Mash Maker; a browser extension that gives you the ability to supplement the page(s) you’re currently looking at with information from other websites. Here’s what they have to say about possible privacy implications:

“In order to protect your privacy, Intel® Mash Maker tells the server as little as possible. Intel® Mash Maker runs entirely inside your client browser, on your personal machine. Intel® Mash Maker communicates with the central server in the following ways:

• When you first browse to a particular domain (e.g. bbc.co.uk, or craigslist.org) Mash Maker asks the central server to send it the information it has about that domain. Mash Maker only sends the name of the domain, and not the particular page you are browsing. When requesting this information, Mash Maker does not send your username, and we do not log incoming IP address. Thus Intel does not know, nor do we desire to know, either the pages, or the domains that you browse to.
• When you click on a mashup suggestion, Mash Maker contacts the server, and informs it that you like this mashup. This is treated as a vote of support for this mashup, to encourage Mash Maker to suggest this mashup to others, and ask Mash Maker to suggest other mashups you might like based on the fact that you liked this mashup. The information that Mash Maker sends to the server does not include any content on the page, or even the URL, but does include the general category of the page (e.g. restaurant listing).
• When you teach Mash Maker a new Mashup, this mashup is saved to the central server to be shared with the community. Any information you enter in the mashup description may be shared with other users.

Translation: Don’t worry. We have no interest in spying on you.”

AppUp® and privacy

The Intel AppUp store is a great opportunity for developers to get their apps published and noticed. In order for developers to get their apps past the gatekeepers on this platform, privacy requirements must be taken very seriously; in fact, apps not meeting the specific privacy requirements may actually be rejected or removed from the store itself. Here’s a sampling of AppUp’s privacy policies (for a much more in-depth article on this, I invite you to read Privacy Requirements and Recommendations for Application Development for the Intel AppUp Store):

• On gathering user information: “If your application collects any personal information, the user must be notified about what is being collected, why it is being collected (purpose) and whether the information will be shared with anyone else.”
• On third party sharing: “If you share any collected personal information with third parties, you must obtain the user's permission before the information is transferred.”
• On the priority of privacy within apps: “Privacy should be a key part of the requirements and design of your application. The requirements should be formed to ensure that the application not only meets these privacy and security guidelines.”
• On the validation process watching for security issues: Security and Protection - checks for unacceptable behavior that can result in harm to other software or networks and acquires or uses privacy information without explicit consent by the user.”

In addition, this article has many practical suggestions for developers who are looking for ways to incorporate privacy features within their apps; for example, how to incorporate privacy consent policies:

• “When installing an application or completing a registration form, configure the default to not collect personal information.
• Use radio buttons, check boxes, or menu selections to notify the individual of their choices and require the individual to select before proceeding.
• If an individual elects not to have personal information collected, allow the individual to participate as a guest if possible.
• Add a convenient location in your menu where individuals can revisit your personal information handling practices (e.g. privacy option in help menu, privacy footer in website).
• When transferring the personal information to third parties, you need to inform the individual. If an individual elects not to have personal information transferred to third parties, you need to honor their decision.
• Inform the individual for how long you will retain the personal information. Don't retain it for longer than required to meet your business objectives (e.g. not beyond the end of a support agreement) or to comply with applicable law.”

 There’s a theme here somewhere

The more I looked at privacy documentation on the Intel Software Network, the more I realized that there was an overwhelming theme that seemed to be popping up over and over: user privacy. For example:

• From the Intel Software Improvement Program: “Intel takes many precautions in protecting the information that is collected and transmitted from potentially harmful access. We only collect data for the specific Software(s) listed in the Intel Software Improvement Program dialog box, and it's only disclosed according to the terms described in the Intel privacy policy.”
• From the Intel AppUp® Software Developer Kit (SDK): “Respect User Privacy: Users may entrust personal information to your software as part of the transaction process. That process and the applications need to maintain the privacy of personal information and payment credentials. Users should be offered terms of service and details on how personal information is gathered and disclosed.”
• From Geo-Location on Windows*8 Desktop Applications Using WinRT: “Before jumping in and writing code, it’s important for developers to consider and respect user privacy.”

 User privacy is the focus

Hopefully, from this brief foray into a sampling of what privacy means for app developers, you’re able to see that user privacy is definitely a priority. How do you handle privacy in your applications? How should developers approach the subject of privacy when developing an app? How can developers incorporate privacy safeguards within the app infrastructure? Share with us in the comments section below.