There’s More to User Privacy Than Asking Permission

App developers – There’s more to protecting user privacy than merely asking permission from users to access data (like contact lists). You also need to ensure that the data you’re accessing and storing is secure. That is, the data needs to be hashed when it’s being sent to your servers. Matt Gemmell discusses this in a blog post from this past Sunday. Path got itself into this mess partly because it was sending and storing the data in plaintext. It’s the third-part app developer’s responsibility to hash user, not the platform’s responsibility (check out the Ars Technica quote from My Recipe Book and Simplegram app developer David Smith: “Hashing the user data would prevent much of this, but that could only really be done by third-party developers… if Apple did it then there wouldn’t be nearly as much utility provided to developers that the current address book APIs provide”).

We suggest making it clear to your users that you’re securing their information in this way – most lay people aren’t familiar with the term “hash” and its function. Don’t make your users guess about how you’re protecting their privacy and securing their data. Explain it in way that they can understand and include this information as a part of your privacy policy or somewhere else intuitive within the app.

No comments yet.

Post Comment

Privacy Policy
Do / Tools
Rate and Review Applications