If you develop apps, you might not be thinking much about privacy beyond keeping your awesome new app ideas safe from app idea thieves. While that’s a smart move, it’s unfortunately not enough when it comes to privacy and your app.
Here are 4 reasons you need to pay attention to privacy issues if you’re an app developer.
1. A Privacy Policy is legally required by law
If the app you’re developing is designed to collect any sort of personal information from the people who use it, you’re legally required to have a Privacy Policy for your app.
Personal information means any information from an individual that can be used to identify that individual.
It can be as basic as a first and last name, email address, financial information or a mailing address.
It also includes things like IP addresses, information collected through cookies, and sensitive permission requests such as a request to access a camera, microphone, contacts, calendar, geolocation information and other things on a user’s mobile device.
Doing something as simple as asking for an email address to create a user account with your app will likely trigger the need for a Privacy Policy.
The laws that require a Privacy Policy in these circumstances reach far and wide, as hopefully will your app distribution. This means you need to pay attention to them.
For example, in the US, both the Federal Trade Commission (FTC) and the state of California require a Privacy Policy when personal information is collected. The EU, Australia, Canada, the UK and other countries also have their own requirements.
However, one thing stays very universal wherever you are: You need a Privacy Policy if you collect or use personal information from people who use your app.
2. App stores require a Privacy Policy
After you create the perfect app, it’s time to distribute it through one of the main app stores. You need to pay attention to privacy here because the three main app stores definitely are.
Apple App Store
Apple’s App Store Review Guidelines is a summarized version of Apple’s Developer Program License Agreement and other agreements that you and other developers have to read and agree to before publishing apps with Apple.
These Guidelines say that if you collect user or usage data, you need to have a Privacy Policy.
The iOS Developer Program License Agreement also requires you to put a link to your Privacy Policy on your app’s page in the app store.
Your Privacy Policy will need to let your app users know:
- What types of personal information you collect,
- How and why you use it, and
- If you share it with any third parties
Google Play Store
If you’re a developer for Android apps, privacy is going to be just as important here as with Apple.
The Google Play Developer Distribution Agreement says that if you distribute your app on Google Play and your app collects personal information, you need to provide a privacy notice to users.
The best way to provide a privacy notice is with a Privacy Policy.
Additionally, if your app handles personal or sensitive information, you must include a Privacy Policy in both the Play Developer Console and within the app itself.
Your Privacy Policy will need to let your app users know:
- What personal information you collect,
- How your app collects, uses and shares this information, and
- With what types of parties you share it with
Windows Phone Store
Windows keeps things simple in its Phone Store Policies.
If your app accesses, collects or transmits personal information, you need a Privacy Policy on the description page of your app and within your app.
Your Privacy Policy will need to let your app users know:
- What information you’re accessing, collecting and transmitting,
- How you store, use, secure and disclose that information, and
- Any choices users have for controlling this
If you use geolocation data, you must also get consent for this and allow users to be able to enable and disable this at will.
If your app doesn’t deal with personal information, you don’t need a Privacy Policy.
3. Third party requirements
If you use a third party for analytics or other app services, you’re probably going to need a Privacy Policy as per their Terms and Conditions of using their service.
Google Mobile App Analytics requires you to have one and let users know that you’re using Analytics which uses cookies to collect data.
Google’s Behavioral Policies addresses personalized advertising services such as AdMob and lets developers know that they may need to update their Privacy Policies to reflect the use of personalized advertising.
If you use Google’s Firebase to develop your apps, you’ll need a Privacy Policy.
Firebase has a number of services including integrated Google Analytics, crash reporting, cloud messaging, app indexing and more.
Google Analytics for Firebase has a Terms of Service agreement that requires developers to have, abide by and post an appropriate Privacy Policy that gives notice that cookies are used, that Analytics is used, and how it collects and processes data. It’s very similar to the Google Mobile App Analytics clause on privacy.
Other Firebase features are covered by the Google APIs Terms of Service which has a section on User Privacy and API Clients.
This section states that developers “will provide and adhere to a privacy policy for your API Client that clearly and accurately describes to users of your API Client what user information you collect and how you use and share such information (including for advertising) with Google and third parties.”
Note that Google’s APIs Terms of Service applies to other Google services that developers use.
If you use Mixpanel for analytics, the Mixpanel Terms of Use agreement requires that you “provide appropriate notices” to your users about information collection and use, such as a Privacy Policy.
Localytics also requires a Privacy Policy in its Terms of Service.
Remember that even if your third party service doesn’t explicitly require a Privacy Policy, you legally still need one if the third party service collects and uses any personal information.
4. Users expect it
Even if you aren’t required to have a Privacy Policy for your app, people are so used to seeing them these days that it’s a smart move to have one available.
It’s ok if the only thing your Privacy Policy says is that you don’t collect or use any personal information at all. The end.
People will appreciate seeing your Policy link and reading that disclosure rather than wondering if you’re just collecting a lot of their information and not letting them know.
Take a look at what Ecquire did with it’s “World’s Greatest Privacy Policy.”
First, they let users know that they don’t collect any personal information.
Then, they address third parties. Here’s where they mention that they use a third party analytics service and explain how that works and how users can opt out if they want to.
They also mention information that a browser extension (also third party) will collect if allowed.
If you develop apps, you should:
- Have a great Privacy Policy,
- Link it to your app’s listing page in app stores, and
- Make it accessible from within your app
This will keep you compliant with laws around the world, requirements of app stores and third party services, and make your users really, really happy.
