Mobile Apps – Support for Good Privacy and Security

As organizations embrace the mobile app environment, it is important to get to know the work being done to address challenges such as designing for small screens and development with mobile security in mind.

In 2012, the Office of the Privacy Commissioner of Canada and the Information Privacy Commissioners of Alberta and B.C. released a guidance document called Seizing Opportunity: Good Privacy Practices for Developing Mobile Apps. This document, and the useful checklist included, draws attention to key privacy principles when designing and developing mobile apps.

App developers should keep in mind that that there are so many useful privacy and security resources available from other countries as well. Since most apps are available broadly across jurisdictions, where as long as one has an Internet connection such that they can download and install an app they may be interested in, it is actually a good idea to search out, and benefit from, guidance from other countries.

For example, the Office of the Australian Information Commissioner published a practice guide for mobile app developers in September 2014, which is also of assistance to advertising networks and mobile platform providers.

Meanwhile the European Union Agency for Network and Information Security (ENISA) updated their Smartphone Secure Development Guidelines in December 2016. This is an extremely useful and comprehensive piece for app developers around the world, as it provides 152 design based recommendations and data security tips for the wireless space mobile users operate in. Organizations who engage app developers to build apps for them should ask their service provider to thoroughly review the ENISA data security checkpoints.

Security firms engaged to test apps for vulnerabilities and to identify security risks that need to be addressed should be aware of the OWASP Mobile Application Security Verification Standard (MASVS). The standard can be used by mobile software architects and developers seeking to develop secure mobile apps, as well as security testers to ensure that their testing methodology is complete.

Events such as the ‘Design Jam’ held in Berlin, Germany last month are dedicated to people-centric design, bringing together cross-industry experts from the fields of service design, user experience, behavioural science, and product development, together with policymakers and regulators to collaborate in person.  Their focus was on giving people better visibility and control over their data. User interfaces that are engaging and intuitive, while being privacy friendly (i.e. privacy built into default settings and transparency with respect to  information collection and handling practices) seem to be driven by consumer expectations and demands.

Developers need to continue the dialog and learn from each other to model a user-centric approach to privacy and security when deploying new mobile apps or releasing updates to existing apps. For assistance with privacy and security best practices in the app environment, contact PRIVATECH.

0