Is your mobile app collecting too much private data from its users and may attract a FTC sanction? Find out in this article.
For some time now, people worldwide live in a world which entices them to give away more and more of their privacy in exchange for various benefits, starting from security and ending with entertainment.
These benefits are provided through the use of websites, and mobile apps developed by companies and government organizations to provide users with information, products and services.
While at the beginning of the internet age people would click on the “I Agree” button on privacy policies without even reading the first paragraph of the text, things are drastically different at present.
The increased awareness of privacy risks and less willingness to give away personal data are the results of bringing together the Internet and the list of personal and business contacts into a device called the smartphone.
Related Article:Lock It Up: Top 5 Mobile Security Issues Your App Must Avoid
How Did Things Change in Terms of Privacy Concerns?
When people were able to keep their most critical personal data separate from internet browsing, they were less worried about how much companies and government agencies knew about them, about their habits, preferences, hobbies and interests.
But once mobile internet took over and everyone used their phone as the primary device for browsing websites or even gaining quick access to their accounts with various companies through dedicated mobile apps, things have changed.
Little by little, people started paying more attention to the privacy policies provided by each web and mobile app and especially at the type of data and resources which these apps would gain access to on their mobile phone. A study by Pew Research shows the most requested permissions for mobile apps, which are:
- 83 percent full network access
- 69 percent view network connections
- 54 percent modify or delete USB storage data
- 24 percent precise location through GPS and network-based
These permissions required by mobile apps before installing them cause users to rethink their decision and seek an alternative app, which seeks less access to their phone and private data. According to the same study conducted by Pew Research:
- 60 percent people preferred not to install an app which requires too much access to their private data; and
- 43 percent uninstalled an app after reviewing the kind of phone resources it accesses.
Apart from these concerns, there is one more issue which mobile app owners should keep in mind: the Federal Trade Commission (FTC) maintains a close monitoring of mobile and web apps and has already imposed sanctions in highly prominent cases involving companies like Google, Sony BMG Music Entertainment and Facebook.
Related Article: Why You Need End-to-End Encryption for Your Mobile App
The Federal Trade Commission Joins in the Mobile App Privacy Scrutinizing
During the last two years, the FTC has been actively monitoring web and mobile apps and creating regulations for app developers and owners. This move is not unexpected since mobile apps have reached a level of maturity which makes them worthy of notice by federal authorities.
Business apps allow employees and collaborators to access sensitive company data on the intranet and on VPNs. Financial apps allow users to access their bank accounts and perform transactions. And mobile apps launched by companies allow customers to purchase products and services directly from their mobile phone.
Thus, there is no wonder that the FTC started setting rules regarding mobile apps when it comes to privacy and data protection. For this reason, your organization needs to assess whether its app is liable to violate the most critical FTC privacy regulations. This is the rundown:
1. Children’s Online Privacy Protection
Game apps which involve in-app purchases must be designed with certain levels of user validation to ensure that a child does not inadvertently make a purchase. Interactions with children through the app must not be aimed at gaining personal data or accessing phone feature without an adult’s approval.
2. Location Tracking
Among its most recent activities, the Federal Trade Commission has issued guidance concerning the collection of location data. Thus, for Apple phones, when a mobile app is not in use, the iOS prevents it from accessing the user’s location, unless the user clearly specifies that he allows this kind of tracking.
However, on other mobile operating systems, there is no built-in feature preventing the location tracking when the app is not in use. In this case, the mobile app should include a screen where the user can opt in or out for location tracking, clearly stating that if they choose to disclose their location, the app will have access to this information at all times, even when the user does not interact with the app.
3. Data Leaking Vulnerabilities
To date, there are more hacking attempts made on mobile apps and servers containing mobile users’ cloud-stored files and personal data than on computers. Any kind of data leaks represent a major liability for a mobile app owner, and when it comes to users’ personal data this may also mean federal prosecution.
For this reason, all organizations should take a preventive approach to the security of their mobile apps, by implementing the three-M approach: monitor, manage and mitigate risks. You should always have a team of specialists involved in developing and implementing the best practices for mobile app security testing and take a zero tolerance stance on any potential vulnerability.