Hayden Creque is W3is General Counsel and Chief Compliance Officer. Hayden oversees W3i's privacy program and he counsels W3i on corporate governance, intellectual property, internet law, and employment law issues.
Recently there have been concerns in the popular press over the acquisition and use of personal data by mobile apps. The companies behind apps like Pandora and Pumpkin Maker have even received subpoenas over their collection of user data, a worrisome precedent.
The cornerstone of the complaint is that smartphone apps are illegally obtaining and/or transmitting information about their users without proper disclosures.
Whether thats true or not is a case for the courts in individual cases; there are two further problems at play here however.
First, the public is mostly unclear about what unique device identifiers (UDIDs) are and how they are used. Second, developers seem to have an apparent aversion to disclosing what theyve been up to. Luckily both can be fixed.
Acronym bonanza; UDID and PIILets get one thing out of the way, right away. The UDID (in terms of iOS), doesnt tell us much by itself. It is simply a way to identify a unique device. Its like a serial number.
When an app ties the UDID to geolocation data, you can approximate the location of the device but, at the bottom line, the UDID is not tied to a person. There is no way for an app to know that UDID # XXXXXX belongs to Hayden Creque and Hayden Creque is right now in Minnesota - unless we tell it that.
Are you still not convinced? When you upgrade to the iPhone 5 and you hand down your current phone to your mother, the number goes with the phone, not the sim card.
So whats the big deal? The problems arise when developers tie UDID to personally identifiable information (PII).
For example, if an app asks for your taxpayer ID, it can now track your UDID, tied to your taxpayer ID which provides real name and tax records. If it has your name, it can associate that with data acquired from other sources, which you might not want it to, or erroneously continue to associate your profile with that device when its youve passed it on.
Already you can see that there can be issues if developers are going further than just using the UDID. When they do, it is even more important for developers to specifically disclose what they are doing with any personal information that they are obtaining, how they are complying with privacy laws, and whether theyre covered themselves legally with EULAs and the like.
Establishing best practiceEvery emerging marketplace incurs a learning curve and it takes time for best practices to be established. The Mobile Marketing Association (disclosure: I serve on the MAAs Privacy and Advocacy Committee) is discussing this very issue as it looks to set industry best practices around the use of UDID and PII. Until there are more generally-agreed industry guidelines, developers should be extremely cautious in their usage of this data.
Our position at W3i is to include prominent disclosures in our mobile apps.
A recent app of ours was the target of erroneous privacy claims, ironically stemming from our willingness to disclose the standard activities many app developers opt not to. While the extent of identification that can be drawn by the collection of UDIDs is miniscule in comparison to data collected online, it is our company policy to disclose and provide users clear choice, consent and control.
We believe that our fellow developers have a moral, legal and practical imperative to disclose how theyre using their information. The legal aspect is especially important; Apples developer agreement (section 3.3.9) spells out clearly the requirements for use of private or device data; it states that an app cannot collect user or device data without user consent.
We believe Apples policy is sound, and wed applaud stronger enforcement of this clause. In the meantime, app developers can also take the high road by educating users on whats happening with their personal data.
If we dont start behaving responsibly and self-regulate, then either Apple will make us do it or governments will do it for us. Its far better that we make a start ourselves.
W3i has more than ten years of marketing mobile and desktop apps and specialises in network marketing, using its bespoke InstallIQ installation manager.
For more information, visit W3i's website.
Feature
PocketGamer.biz regularly posts content from a variety of guest writers across the games industry. These encompass a wide range of topics and people from different backgrounds and diversities, sharing their opinion on the hottest trending topics, undiscovered gems and what the future of the business holds.
Related Articles
Comment & Opinion
Sep 30th, 2020
Post-COVID, a global approach is helping China’s mobile publishers achieve sustainable growth
Top Stories
News
1 hour, 5 minutes ago
Supercell’s Squad Busters soft launches today with over 100,000 Google Play downloads
News
2 hours, 35 minutes ago
Honkai: Star Rail earned more than double Genshin Impact’s revenue in March
Feature
1 hour, 35 minutes ago
King’s Trevor Burrows on the power of art: "We could see our numbers literally dropping"
Feature
Apr 22nd, 2024
Tjodolf Sommestad talks AI, tips for indie devs, and a day in the life of King's president
Feature
Apr 22nd, 2024
Behind the scenes: How to achieve a 30% revenue increase three years after launch
Events
App Promotion Summit London | Europe | Apr 25th |
Esports Future Summit | Middle East | Apr 27th |
Dubai GameExpo Summit 2024 | Middle East | May 1st |
The MENA Games Industry Awards 2024 | Middle East | May 2nd |
GameDev Atlantic 2024 | May 4th | |
Mobidictum Meetup Berlin May 2024 | Europe | May 7th |
Mobidictum Meetup Tallinn May 2024 | Europe | May 21st |
Israel Mobile Summit 2024 | Middle East | Jun 6th |