{"id":2102,"date":"2010-06-21T14:04:00","date_gmt":"2010-06-21T20:04:00","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=resource&p=2102"},"modified":"2025-01-03T13:05:40","modified_gmt":"2025-01-03T19:05:40","slug":"can-an-app-do-that","status":"publish","type":"resource","link":"https:\/\/trustarc.com\/resource\/can-an-app-do-that\/","title":{"rendered":"An Apt Question: Can an App Do That?"},"content":{"rendered":"\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t\tArticles<\/strong>\n\t\t\t\t\t\t\t\t\t\t

An Apt Question: Can an App Do That?<\/h1>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t<\/div>\n\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Developers have a responsibility for consumer privacy in the application space. Whether it\u2019s an app on a social network, mobile platform, desktop device, or browser.<\/p>\n

An application is software with limits \u2013 limits on the app\u2019s function or its environment.<\/p>\n

So the question regarding data privacy is, what can an app do? Or, rather, can an app do that?<\/p>\n

The middle ground between open app development platforms and closed app development platforms<\/h2>\n

Application platforms need to find a middle ground between \u201cclosed\u201d and \u201copen\u201d to avoid stifling innovation.<\/p>\n

We\u2019ve seen an explosion in application development in the last two years \u2013 most prominently on the iPhone and Facebook app platforms.<\/p>\n

The iPhone\u2019s App Store<\/a> now has over 200,000 mobile apps, and Facebook has over 700,000 apps<\/a> users can install.<\/p>\n

In both cases, the vast majority of these apps are developed by third parties.<\/p>\n

Fierce competition has produced incredible innovations in functionality.<\/p>\n

Tim Sparapani, Facebook\u2019s Director of Privacy Policy, recounted how he had watched a World Cup game live broadcast using an application on his phone, all while waiting in an airport security line.<\/p>\n

Consumers can reap great benefits from app platforms that foster data interconnectivity and openness.<\/p>\n

For example, Microsoft\u2019s personal health information platform, HealthVault, has the benefit of allowing third parties to access user information (provided control exists at the platform and user level).<\/p>\n

As an example, Scriban pointed out that HealthVault users who grant the TrialX App access to their demographic information and bits of their personal health information can receive alerts about clinical trials in their area that might need them.<\/p>\n

Third-party application privacy enforcement and quality control issues<\/h2>\n

Privacy enforcement and quality control on third-party apps is a necessary, but difficult task, complicated by the following issues:<\/p>\n

Data accountability and ownership are now fluid<\/h3>\n

Where in the past, app data typically resided on the user\u2019s device hard drive, it now often resides in the cloud. Think Microsoft Office vs. Google Docs.<\/p>\n

In the cloud information can be shared, copied (and breached) far more easily and the task of tracking and controlling the flow and access of data is increasingly difficult as these connections proliferate.<\/p>\n

Privacy vetting at the code level alone is an insufficient check<\/h3>\n

Ian Glazer, Senior Analyst of Identity and Privacy Strategies, Burton Group, noted that there\u2019s often no difference on a coding level between virtuous code and a scam.<\/p>\n

Like technology, code itself isn\u2019t good or bad. It\u2019s how people use it for good or bad that matters.<\/p>\n

With today\u2019s rapid pace of innovation apps are a constantly shifting target<\/h3>\n

Apps get revised frequently. Code is rewritten and pushed to the users through downloadable updates, which users will usually accept without question.<\/p>\n

The scope and functionality of an app can be radically changed by adding a few lines of code.<\/p>\n

That said, privacy oversight and enforcement are needed in an app environment.<\/p>\n

Current strategies for oversight and enforcement on major app platforms seem to be a combination of basic standards and vetting processes for initial app approval and using customer complaints or red flags as a feedback mechanism for identifying bad apps.<\/p>\n

Proliferating complexity in data use and collection practices ahead<\/h2>\n

Privacy choices are only as good as they are useable, and establishing privacy expectations can go a long way toward heading off future privacy concerns.<\/p>\n

Panelists noted that the existence of choice often overshadows the usability of choice when it comes to privacy, with panelist Ian Glazer remarking that \u201cchoices can be a lot of pretty rope to hang yourself with.\u201d<\/strong><\/em><\/p>\n

Creating useable choices<\/a> is no easy task as we face proliferating complexity in data use and collection practices.<\/p>\n

Moreover, apps that mix and mingle in private and public spaces can create consumer confusion, resulting in unintended information sharing that can upset users.<\/p>\n

Platforms openly public from the get-go (like Twitter) have an advantage when they expand services and functionality using their data because users expect that their data will be repurposed and reprocessed in this open system.<\/p>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t

\n\t\t\t\t
\n\t\t\t\t\tFollow us<\/strong>\n\t\t\t\t\t
\n\t\t\t\t\t\t\"\"<\/a>\n\t\t\t\t\t\t\"\"<\/a>\n\t\t\t\t\t\t\"\"<\/a>\n\t\t\t\t\t\tLink Copied!<\/span>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\tKey Topics<\/strong>\n\t\t\t\t\t\t