Privacy Best Practices for Developers
Modern mobile platforms host a wide range of personal and sensitive information about the user that can reveal that user’s identity, social interactions, locations visited, and even habits. An application developer that does not manage this sensitive data carefully can seriously harm a user’s privacy as well as potentially run afoul of various data protection laws.
Below, we list a number of recommendations that any privacy-aware application developer should follow:
- Read Google’s privacy and security requirements for Android apps and
their best practices for collection and handling
of unique identifiers in Android apps. For instance, Google recommends that developers:
- Avoid using persistent identifiers linked to hardware. This means that hardware identifiers like the IMEI, WiFi MAC address, or device serial number should not be sent to third parties, such as advertisers. Similarly, other persistent identifiers, such as the Google Services Framework ID or Android ID should also not be used for tracking or advertising purposes.
- Only use the Advertising ID for user profiling and ads use-cases. This identifier is created entirely for this purpose, to balance user privacy with developers' analytics and advertising needs. By transmitting the Advertising ID for other purposes or by transmitting it alongside other persistent identifiers, any privacy protections are eliminated.
- Be aware of and comply with all applicable privacy, data security, and data protection laws for any regulatory jurisdiction where your apps will be offered. For instance, if your app is used by users in Europe, it needs to comply with relevant EU data protection laws; if your app is used by users in California, it needs to comply with the California Online Privacy Protection Act (CalOPPA).
- Minimize the collection of personal and sensitive data from your users by following the principles of Privacy by Design. For instance, if your app does not need certain data to function, collecting this data poses a liability, in that you will now need to be responsible for keeping and transmitting this data securely.
- Carefully review the data collection policies of third-party advertising and analytics services. Verify that they do not collect personal data beyond what’s needed (e.g., no personally identifiable information or location information is collected) and that they properly obtain user consent before doing so.
- Handle personal data securely. Use modern cryptography such as HTTPS (TLS). Personal and sensitive data uploaded without encryption can be intercepted and manipulated by in-path observers (i.e., any computer between your users and your servers). This can compromise users' privacy and information integrity, especially in countries with mass surveillance or when users access the networks through untrusted public networks. We recommend application developers use state-of-the-art encryption like HTTPS (TLS) for any privacy-sensitive transaction and avoid using third-party libraries that do not support encryption.
- Limit the use of the “Advertising ID” to advertising-related purposes, never combining it with other persistent identifiers or private user data.
- Honor the “Limit Ad Tracking” option by not collecting any persistent identifiers when selected.
Developers who produce apps meant for children (or where there is a reasonable likelihood of having child users) must comply with additional legal requirements governing the collection of personal data. In the US regulatory environment, the Children’s Online Privacy Protection Act (COPPA) places restrictions on how data from children may be gathered and used by online services.
Google offers additional guidelines about COPPA compliance in Family Apps. Namely:
- Apps targeting minors are encouraged to participate in Google Play’s "Designed for Families" program. This program places a number of requirements that must be met, including legal ones.
- Developers should familiarize themselves with COPPA's requirements, and any other applicable state and regional laws.
- Under COPPA, apps that need to identify or authenticate their users, or rely on collecting personally identifiable information (including pictures, audio, and geolocation data, as well as any other form of unique identifier) for their operation, should only do so after obtaining verifiable parental consent.
- Where applicable, minimize the number of third-party libraries and services, as those may not be COPPA-compliant. Take the time to understand the data collection mechanisms and options of any third-party services that may be included in the final app.