Mobile privacy concerns spawn the App Trust Project

Initiative enlists developers to help create best practices, notifications around how data is collected, used.

Morgan Reed started out his recent keynote at the MoDevTablet conference in Arlington, Va., by explaining that, as the executive director for the Association of Competitive Technology, "I work for you." That didn't mean, however, he was going to be anything but blunt about how developers should be thinking about the way they collect and manage customer information.

"Privacy is not a checkmark," he told the crowd of smartphone and tablet developers who attended the three-day event. "It's something that has to be very up front and clear about everything you do in your business."

Addressing users' concerns about mobile privacy
Reed used MoDevTablet to officially announce The App Trust Project, an initiative the ACT hopes will address growing concerns about the degree of openness or "transparency" developers demonstrate about how consumer data is used. A simple sign-up form on the organization's website says the ACT is looking for not only developers but user interface designers and those with policy and legal expertise.

ACTivate Talks - Morgan Reed on Mobile Privacy from Association for Competitive Tech on Vimeo.

"Our goal is to design transparency and notification systems that are meaningful to your customers, not just to lawyers," the call for participation says. "We have been working for months with a group of developer on simplified privacy notifications, and we're continuing to identify new ideas and new areas to tackle."

In an interview with FierceDeveloper following the MoDevTablet conference, Reed said The Apps Trust Project evolved from work the ACT has done with groups such as Parents with Apps and Moms With Apps, who want to make sure children are safe using certain games and programs on their smartphones. It became clear in conversations with those organizations, he said, that the issue was not so much giving over information but needing to know they could trust a developer with it. Customers in the enterprise space would often have the same concerns, he added, in part because developers too often seem shrouded in mystery online.

"If you go to the App store, you can often find an amazing application with all kinds of great features, but when you click on the (developer's) Web site, there's nothing," he said. "You try tracking down the developer and it's like Where's Waldo?"

What to expect from the App Trust Project
The App Trust Project's notifications may include the kind of icons that have been rolled out from and others, for the benefit of parents that show what's behind an app or that indicates the developer has a solid privacy policy, Reed said. "It's not about having a 50-page legal document, it's about creating a user experience," he said. "It's about how you tell your customers what you're doing. Is it buried on 13 pages? Where do you store your information? Can you easily explain, 'Here's what I do with your key business intelligence data.'"

The App Trust Project's notifications may include the kind of icons that have been rolled out from PrivacyChoice (shown above).org

"The biggest challenge for a developer is how to deal with third-party data collection. It's inevitable that nearly all apps, via SDKs and other tools, allow third-parties to collect data as the app is used," he said. "If you have advertising, you embed the code and the ad network can collect the data. You don't know who else they're bringing to the party." In response, PrivacyChoice has created at tool that can shows users which companies are getting data, and what their privacy policies are.

Reed speaks at MoDevTablet.
Source: GoMoDev

The App Trust Project comes not long after the Commerce Department's National Telecommunications and Information Administration convened the second of several proposed meetings with ACT, the Application Developers Alliance and other stakeholders to try to develop a code of conduct around privacy and mobile apps. The latest research from the Pew Internet and American Life Project meanwhile, showed most users either avoiding or uninstalling apps over privacy concerns. In California, meanwhile, the Attorney General's office has set up an agreement with platform players such as Apple, Google and Microsoft to create a place on every app store where developers will be required to link their privacy policy or other relevant information.

According to PrivacyChoice Founder Jim Brock, the platform providers are among the most pivotal stakeholders. "It's great to see the attention on these issues, although I don't know how many developers would actually be aware of it," he said, referring to the NIST meetings. "They won't be aware of it until the app store tells them they have to do something. Privacy disclosure for apps is not that complicated. It just takes time to do. What Apple could do in the app store tomorrow is 10 times more valuable than what a stakeholder group could do in the next five years."

On the other hand, Reed said a grassroots, bottom-up method is likely to be more effective in the long term than forcing developers into taking privacy seriously.

"We've learned that finger-wagging at our community was not just ineffective but a little bit disingenuous," he said. "We realized that we were really not authentic, both ourselves as developers and our community."

Things may also change for the better as developers come to see consumer trust as a step towards monetization. People won't pay if they're wary about what happens to their personal details. "There is an immense appetite to move beyond 99 cent or freemium apps. The developer community is looking to build businesses, rather than coming at it from a hobbyist perspective," said Reed. "The elements that are going to overcome apathy (around privacy) by necessity will be overcome by economic reward."