The mobile application market is flourishing, expected to reach $58 million worldwide by 2014. This euphoric projection has app developers looking for the next Angry Birds. Yet, too often the privacy ramifications are not considered during application development or by the consumers who use them. With new useful and entertaining applications being released daily by large software developers and also by garage developers, the atmosphere is ripe for improper data location, sharing, and retention. So, how private are smartphone apps?
Businesses need to weigh the associated risks for:
- Legalities of collecting data
- Data protection
- Syncing privacy practices with corporate policy
Application users that enter data into their Smartphones can make the conscious choice to not enter their private information. Surreptitiously collecting data or possibly collecting data from minors raises concerns. Is it permissible to collect personal information from minors under age 13? How can applications validate a user’s age?
Applications collecting Personally Identifiable Information (PII) may have a legal requirement to protect that information. For example, applications that allow repeat purchases via cell phone may retain the credit card to streamline subsequent purchases. Although this creates a perceived value to both the consumer (ease of use) and the developer (complete the sale quickly), certain data sets are protected by state and federal law. Additional security controls must be implemented to safeguard the data with which they have been entrusted.
The nascent mobile app market will continue to grow to meet consumer demand, thus favorable double digit growth is expected to continue unabated. To capture consumer favor it is important to meet expectations, including privacy protections. Responsible application developers need to balance this reality when deciding what to collect, its retention, the safeguarding of the data they are entrusted, and downstream manifestations of the data. This business model is driven not just by ethics, but also by various regulatory requirements.