App Quality Alliance’s Privacy Guidelines

The App Quality Alliance (AQuA) has updated their mobile application development Best Practice Guidelines to incorporate consumer privacy-focused recommendations. The update is designed to help mobile developers address topics such as “users’ rights, location data, and information security and accountability.”

Working directly with the GSM association (GSMA), the guidelines take on a privacy-by-design approach: “The Best Practices are what you can use when you’re designing your application, and trying to work out how you should some of these aspects so you can avoid any errors in the early design stage.”

Comments { 0 }

California AG & UC Hastings’s Privacy Project Present “Future of Privacy + Innovation” Workshop

The California Attorney General and UC Hasting’s Privacy and Technology Project is holding a workshop, “Future of Privacy + Innovation” for app developers in California. Participants will hear from thought leaders at the intersection of technology, entrepreneurship, and policy, on the future of privacy and innovation. The Workshop will cover the evolving privacy space for application developers as we strive to balance consumer privacy and innovation, and find new ways to innovate on privacy. 

The workshop will be held on Wednesday, April 10th.

Click here for more details!


Comments { 0 }

BlackBerry’s New Privacy Notice System

BlackBerry has rolled out a new privacy notification service that issues notices to app developers and consumers anytime it finds a BlackBerry World app that “does more than consumers might think.” As stated on their website, “Privacy notices are for applications that do not appear to have malicious objectives or aim to mislead customers, but rather don’t clearly or adequately inform users about how the app is accessing and possibly managing customers’ data. These notices provide information about an application’s behavior in order for customers to make an informed decision about whether to continue using the app. In addition, privacy notices will provide information on how to remove the application, if a customer determines that’s the best course of action for them.”

We have reached out to the folks at BlackBerry regarding the details of this service and are excited to learn more. Stay tuned!





Comments { 0 }

Mobile Advertising, Tracking and Consumer Control

Last year, the Wall Street Journal published a story as part of the “What They Know” series that focused on the use of device identifiers by mobile analytic companies and ad networks. The companies were using this identifier on the iOS and Android platforms in order to recognize unique users, enabling site analytics reporting, ad reporting and behavioral advertising. On the web, companies rely on cookies for this type of user tracking. Although in-app browsers can still leverage cookies,  developers typically transmit device identifiers to analytics companies or ad networks in place of cookies. The story resulted a good deal of controversy, since consumers were surprised to learn that companies were using device identifiers as an alternative to cookies.

What’s the difference? The problem was that unlike cookies, which can be deleted, the device identifiers did not come with any user privacy settings. On Android, resetting the device identifier was possible, is but requires wiping clear the entire operating system.  On Apple’s iOS platform, this identifier could not be deleted or cleared at all.

Apple responded when it released iOS6, introducing a new advertising identifier as a replacement for the device identifier.  It also provided a setting for users to “Limit Ad Tracking.”  And now, with the release of iOS 6.1 update this week, Apple has provided consumers with the ability to reset and clear the advertising identifier.

This move comes just in time because pressure on the use of permanent identifiers for ad related tracking has continued to mount.  The recent guide for app developers released by California Attorney General recommends against the use of “persistent globally unique identifiers.” Now that Apple’s advertising identifier can be cleared and reset, this concern has been alleviated.

Companies that are using the Android ID should be sure that they hash or encrypt it so as to not store or log the Android identifier itself.  And on either platform, companies should ensure that they are properly disclosing the use of identifiers in their privacy policies and should advise users about how to decline targeting practices using device settings or with opt-out options.

For further tips about getting mobile privacy policies right, see our previous post on the topic.


Comments { 0 }

A Teen’s Perspective on Privacy

16 year old Nisa Dilva provides a teen’s perspective and look at her use of mobile apps in Rebecca Herold’s Privacy GuidanceIn honor of Data Privacy Day, the Privacy Professor provides a free download of her quarterly publication. 

Comments { 0 }

‘Green Button Connect My Data’ PowerTools App

On Data Privacy Day,  San Diego Gas & Electric(SDG&E) and Candi Controls announced that the PowerTools app is available for customers to download on their mobile phone or tablet to check recent energy use, set and manage energy saving goals, and track weather patterns related to energy use. The app utilizes the Green Button Connect My Data and is the first app in the nation to receive certification through the TRUSTed Smart Grid Privacy Program, a self-regulatory program that certifies that companies use responsible privacy practices as they collect and share consumer smart grid data.

“Privacy of customer data is important to SDG&E, and we are committed to protecting our customers’ data as well as equipping customers so that they can make smart choices about how they share and use their energy data,” said SDG&E Vice President, Customer Services, and Chief Customer Privacy Officer Caroline Winn. “The PowerTools app is a user-friendly tool for customers to analyze their energy use. We are pleased that it has received the Privacy Smart Powered by TRUSTe Seal, which offers an added level of assurance for customers interested in authorizing trusted sources to use their energy data.”

For more information, click here!

Comments { 0 }

FPF To Co-Host App Developers Privacy Summit Series in D.C. on Nov. 29th

We’re hosting an event with the Application Developers Alliance in D.C. on Thursday, November 29th and we would love to see you there! It’s free to register, but space is limited.  Here are the details – please feel free to share this information with anyone who might be interested:

Free Happy Hour + Application Developer Privacy Conversation – Thursday, November 29 at Living Social

WHAT:  Happy Hour and Open Discussion – How are privacy policies going to impact developers’ work? What can you do influence the debate? No charge, but you must register to reserve a spot – REGISTER NOW

WHO: Leading the discussion – Tim Sparapani, Sr. Advisor for Policy and Law, Application Developers Alliance; Colin O’Malley, Chief Strategy Officer, Evidon; Jeff Brueggeman, Vice President-Public Policy and Deputy Chief Privacy Officer, AT&T; Michael Mayernick, Co-Founder, Spinnakr;  Jules Polonetsky, Co-chair and Director, Future of Privacy Forum; FTC representative (tbc)

WHEN:  Thursday, November 29 – 6:30-9:30pm

WHERE:  Living Social, Dupont Room — 918 F Street, NW  Washington, DC 20004

WHY:  Developers are in the crosshairs of a nationwide explosion of lawmaking. Legislators and regulators are making decisions about software privacy that will make your work more difficult, and this is your opportunity to make your voice heard. Anyone who writes software — no matter the language or platform — must understand the issues and take the lead in the discussion to ensure privacy protections are effective but do not impede growth in the business of creating software.

That’s why we’ve brought the privacy conversation to developers in cities across the U.S. The series includes conversations guided by discussion leaders to help developers better understand the changing privacy landscape and give them a voice in the dialogue. This isn’t a heavy event, it’s a conversation led by and for developers which is why we’re also providing a fully stocked happy hour. Because we know even the biggest challenges can be solved over a few beers (just not too many). REGISTER NOW.

HOSTED BY: SpinnakrFortifyHin.geFuture of Privacy ForumMoDev, and Living Social. Nationwide App Developers Privacy Summit series sponsored by AT&TTRUSTe and Evidon.

Comments { 0 }

California AG: Post Privacy Policy….Or Else!

The California Attorney General has warned 100 mobile app developers to comply with California law to post privacy policies or face fines up to $2,500 per download. “Protecting the privacy of online consumers is a serious law enforcement matter,” said AG Kamala D. Harris. “We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California’s privacy laws.”

Last June, an FPF study found that 61% of the top apps in Apple’s App Store, Google’s Play Store and Kindle Fire Appstore had privacy policies. FPF Director Jules Polonetsky said: “Although many app developers don’t have attorneys, there are many free tools available to help developers post a basic privacy policy. In addition to the threat of fines, developers should realize that not having a policy will impact their business. Facebook already requires that app developers have privacy policies and increasingly,  mobile ad networks are asking apps to provide policies.”

FPF provides app developer privacy tools at





Comments { 0 }

Mobile App Ecosystem Webinar Presentation Materials Available

Yesterday, the Future of Privacy Forum and World Privacy Forum presented a Mobile App Ecosystem webinar briefing.  This briefing was intended to help stakeholders in the NTIA Multistakeholder process understand the way that apps access consumer data and how that data is used for both functional and commercial purposes.

Click here for the presentation materials.

If you are interested in learning more about your mobile opt-out options,  is a resource for consumers to learn more about how they can express their behavioral mobile ad preferences.

Please note that in our presentation, we indicated that the iOS 6′s new “Limit Ad Tracking” feature was default on based on reports we received from developers. However, we have now confirmed that this feature will be default-off and updated the slides to reflect this.

Comments { 0 }

Congress Continues to Focus on Mobile Privacy

To better understand the app marketplace, the Subcommittee on Commerce, Manufacturing and Trade held a hearing entitled, “Where the Jobs Are: There’s an App For That.” Members and witnesses discussed how to maintain the economic growth and success that this market sector currently enjoys while also mitigating the unintended consequences of regulation. Witnesses talked about how job creation in this sector added value to the economy. However, privacy concerns that the app ecosystem faces were also a big part of the discussion. Rep. Bill Cassidy (R – Louis.) highlighted privacy issues, such as who owns the data end-users provide and how should the committee handle the overwhelming nature of terms of service agreements and privacy policies. Witnesses Morgan Reed of Association of Competitive Technology and Rey Ramsey of TechNet responded that when it comes to privacy, transparency is key. Indeed, Ramsey emphasized that consumers need to understand the “digital footprint” that they leave behind.

This hearing coincided with the announcement of Rep. Ed Markey’s (D – Mass.) Mobile Device Privacy Act, requiring companies to provide notice of its monitoring capabilities and obtain express consent from end-users. This bill intends to “provide greater transparency into the transmission of consumers’ personal information and empower consumers to say not to such transmission.” The proposal seems to stem from the Carrier IQ episode of last year when the mobile software company was in the hot seat for monitoring mobile devices. Though Markey is often a lone champion on privacy issues, other members of the subcommittee, including chairman Mary Bono Mack (R – Calif.), spoke positively about the proposal.

Whether or not the bill advances, this does show continued pressure on the tech industry to establish rules of the road for apps that are privacy friendly. We think our joint best practices with CDT are a good start. In addition, the NTIA’s Privacy Multistakeholder Process provides a great opportunity for continued progress if all the stakeholders can start working on solid proposals: we hope that our briefing today is useful in advancing the conversation.

Comments { 0 }
Privacy Policy
Do / Tools
Rate and Review Applications