Mobile App Privacy Policy: Do You Have One

What’s wrong with collecting personal information? In short – nothing. Commerce has always been about a mutually beneficial exchange; providing products and services in return for cash or an equivalent value exchange. 

New business models such as free-2-play or ad-funded content have accelerated the growth of the data-fuelled app economy. However the data collected is a consumer’s personal identity, their behavior, their contact details and perhaps the friends they share content with. So the challenge is to make sure that the exchange, like any other commercial activity, is transparent, fair to both parties and importantly, based on informed consent.

Too often consumers are left in the dark about the way companies are making use of their data. They probably wouldn’t mind if it was explained to them – they’re receiving an app for free or at a reduced rate in return for limited access to information.  The problem is that this is often not made clear. 

MEF the global community for mobile content and commerce, examined the top 100 free apps across Apple App Store and Google Play, looking at when and how a privacy policy was made available, the language used and its length.  Amongst other findings the research found that more than a quarter of the top 100 free apps still don’t have a privacy policy and, of those that do, only a third offer access to the policy within the app.

Consumers’ lack of understanding of how their data is used is a business critical issue. If there is no transparency in data collection, when they find out, consumers consequently feel cheated and perhaps delete the application. This has a direct impact on a developer’s monetization strategy and broader implications for the sustainability of the new app economy.

Businesses realized a long time ago that the information they collected from people visiting websites was valuable to advertisers. Few, though, made it clear that this information was being bought and sold. This led to a public outcry which resulted in ‘Do not Track’ legislation in the United States and the ‘Cookies’ Directive in Europe.

Legislators are now turning their attention to the mobile app market. This means that if the app community doesn’t protect users’ privacy, then governments will. This could lead to strident new rules that may or may not have the desired effect and will impose an extra layer of red tape on developers.

MEF’s Global Privacy Report in 2013 showed that only a third of consumers are comfortable sharing personal data with an app. The majority of consumers consider it important to know when an app is gathering (70%) and sharing (71%) their personal information. This demonstrates that consumers demand transparency when apps are sharing their data, and that the app community needs to do a better job of explaining to consumers why it’s in their interests to do so.

When looking at the privacy policies of the top 100 apps, 69 percent were written in long form (more than 750 words) and the average policy length was found to be 3,068 words, taking 12 minutes to read (an average ability adult reader can read 250 words per minute). The longest privacy policy was 8,124 words which would take 32 minutes to read. Only 8% were written in less than 750 words yet consumers spend an average of two minutes using any given app.   

In summary, for the large majority of apps, there is still a major disconnect between how privacy information is presented to the consumer and the expectation on them to read long and wordy privacy policies that on the whole are hard to understand.

Of course, it is unrealistic to rethink design and development workflow just to ensure that privacy is elevated to a central concern; even more so that developers can allocate time and resource to become instant experts in government policy. Developers want to spend time creating the best apps, and what’s wrong with that? It shouldn’t be a problem.

In 2012 MEF launched its Privacy in Mobile Apps Initiative with the formation of a dedicated cross-sector working group made up of senior privacy experts from member companies with the goal to build consumer trust in mobile apps by helping developers apply best practice in the collection and sharing of personal information.  

The international group includes privacy experts from Dentons, Evidon, InMobi, Kaspersky Labs, Mozilla, TRUSTe, and Vodafone to ensure its work delivers support to the whole app ecosystem.

As part of this initiative, the international Working Group launched AppPrivacy.net – a free online tool to help developers build consumer trust. The centre-piece of the site is a free tool that provides a simple, short form 

privacy policy that can be embedded into any mobile app. There are also up to date resources to find out more about the issues and regulation around privacy in mobile apps.

The tool is specifically designed to make it easy to incorporate best practice privacy right into the heart of the development process. It is also built with consumers in mind; generating a short-form, easy-to-understand privacy policy that explains how their data is being used.

AppPrivacy works by asking developers a few simple questions about how their specific app collects and uses data. It then generates a dedicated privacy policy for that app as HTML code in a downloadable zip file. It is fully customizable so the policy can incorporate the look and feel of the app.  Developers then choose where they want the privacy to appear within the app and decide whether it is to be hosted locally or remotely on a server. The whole process should take no more than fifteen minutes.

The result is peace of mind. 

The developer is secure in the knowledge that they are observing the privacy of their users and the consumer can be confident they know exactly what personal information the app is using.