BOSTON -- Software developers everywhere ought to brush up on their legalese, because mobile computing privacy legislation is set to undergo a serious overhaul on Capitol Hill: The Application Privacy, Protection and Security (APPS) Act was introduced earlier this month.
Paying attention to what goes on in Washington, D.C., could be the difference between sitting in a courtroom and developing a successful app, attorney Adam Grant told a roomful of developers at this week's Android Developer Conference (AnDevCon) in Boston. He said he is reasonably confident that some version of the APPS Act will pass -- and soon.
"The law is completely fluid," Grant told his audience at the Westin Boston Waterfront Hotel. "With the amount of press that privacy notices are getting and the way that online privacy is being addressed legally today, it's likely that there is going to be a federal law that specifically addresses mobile apps within the next year."
In the world of apps, a privacy notice is a statement that discloses how the app gathers, uses and manages consumer data. Not surprisingly, these notices are central to the proposed app security legislation. If passed, the APPS Act would make privacy disclosures mandatory, requiring app developers to maintain privacy policies, obtain consent from consumers before collecting data, and securely maintain the data they collect.
While these might sound like commonsense rules, many developers simply don't follow them. A recent Wall Street Journal study found that out of 101 selected mobile apps, nearly half failed to have a privacy notice.
"You need to tell people what you're taking, what you're using it for, who you're sharing it with and where you're storing it," said Grant, a partner with Encino, Calif.-based law firm Alpert, Barr & Grant. "I encourage developers to grab that info -- but you've got to do it legally."
The benefits of apps collecting user data are no secret. Users' personal information can help developers design a better user experience. More controversially, developers can also sell user information for large sums to advertisers, phone carriers, social networks, analytics companies or even other apps.
"It's a goldmine for marketing people," Grant explained. "If you're just providing information on your app or website, then you're wasting an opportunity." He encouraged developers to ask themselves this question when it comes to their apps: Are you giving more than you get?
Tackling mobile and cloud privacy requirements
While the APPS Act doesn't yet address cloud application privacy, Grant advised cloud app developers to pay close attention. He predicted that as the bill moves further along in Congress, its language may expand to include cloud apps.
"This is just another example of technology moving much faster than the law," he said. "Cloud developers should use what is going on in the mobile app privacy space as a guideline for what [laws] will be extended to cloud-based technology, likely in the next two years."
He had the following tips for developers looking to avoid run-ins with privacy law:
- Be reasonably specific without being entirely specific. Developers don't have to disclose absolutely everything to app users. "You don't have to say, 'Your personal information is going to advertisers who may solicit you online,'" he said, "but you do have to tell users that their data is being shared."
With the fate of the APPS Act still at the discretion of Congress, it remains to be seen how it will change mobile and cloud app development.
But either way, as one developer in the audience put it, "It's only a matter of time before people start to realize how their information is being collected by apps."
Follow us on Twitter at @SearchCloudApps.