In response to growing demands for additional privacy among app users, mobile commerce company MEF has today announced the launch of AppPrivacy. Developed for MEF by AgencyMobile, the online privacy tool will give developers of any size, in any country, access to creating short-form and consumer friendly privacy policies.
In response to the recent NSA controversy surrounding consumer privacy, the American Civil Liberties Union has challenged the legality of the NSA’s surveillance of phone calling records. The ACLU requested a preliminary injunction that would halt the program indefinitely, until further investigation could be completed.
Mobile commerce company MEF has released new research into how developers inform app users about the use of their personal data. The study analyzed the top 100 free mobile apps on both iOS and Google Play as of Q2 2013, and found that there are plenty of areas for improvement for developers to present privacy information in a “consumer-friendly” way.
Editor’s note: Today’s guest post comes from James Lamberti, vice president and general manager of AdTruth (he was formally of mobile ad network InMobi and ComScore), a technology that enables audience identification through anonymous device recognition. In this post, Lamberti discusses why Apple and Mozilla making the decision to block and reject cookie tracking is a good thing.
You can bet that privacy advocates across the digital industry were celebrating recently. In response to Mozilla’s intent to block all third-party cookies by default and Apple’s decision to reject apps that use cookie-tracking, digital advertisers are wondering what this disruptive news means and how they should respond.
If anything, these changes should be applauded. While this news may come as a surprise to marketers and digital advertisers, it should be seen as an opportunity for the industry to address a problem that’s been an issue for years. The audience-identification options are limited; but this is a critical function that marketers depend on every day.
With cookies quickly falling by the wayside, the industry needs an alternative that is universal in nature, functions across all devices, on all operating systems and across every use case including desktop, mobile and apps. Apple’s push toward identifier for advertising (IFA) is a step in the right direction but is limited to iOS devices and doesn’t support all use cases.
Second, a universal alternative needs be based on the concept of privacy by design. This means privacy has been factored in from the beginning, not added as an afterthought. It also means providing the flexibility to recognize and respect privacy protection mechanisms, such as online behavioral advertising (OBA) and Do Not Track.
While keeping privacy in mind, a solution must also be effective. Performance and longevity are of great value to marketers and must reach an acceptable rate for a solution to even be considered. The key is for advertisers to understand and recognize their audiences well enough to provide relevant content: no more and no less.
And finally, with the number of mobile users and devices in world, we need a solution that has the ability to scale. Digital marketing is delivered and measured in billions of impressions and fractions of seconds. If this speed and scale can’t be supported the approach isn’t going to be adopted.
The news from Apple and Mozilla has caused many in the ecosystem to wonder how they will continue to reach customers in a time of diminishing options. They shouldn’t worry. As the ‘deterministic’ cookie approach continues to fade out, there is an opportunity for a more ‘probabilistic’ approach – one that meets the criteria outlined above – to be adopted. Don’t fret; it’s time to thank Apple and Mozilla for helping reframe the audience identification conversation.
Mobile app location analytics provider Placed today announced Placed Affiliate, a new way for app developers to monetize their app by providing location data to Placed for market research purposes.
“It’s a new monetization channel for app developers,” says David Shim, founder and CEO of Placed. “No one is doing this today.”
Essentially, mobile app developers get paid by Placed for allowing the company to gather location data from its users who opted-in on Placed collecting such data for its own market research. On top of Placed Affiliate, the Seattle-headquartered company currently offers a free service providing location-based data for mobile app developers called Placed Analytics. Placed also offers a product dubbed Placed Panels, which is a free stand-alone mobile app and survey tool for iOS and Android — called the Panel App in the app stores — that allows businesses to track and measure location-based data from opted-in users, who are rewarded with gift cards or entries into a prize drawing for completing surveys from businesses.
After a mobile app developer signs up for the Placed Affiliate service, they are provided with the Affiliate SDK for integration into their app. Placed wants to make sure it covers all its bases when it comes to a user’s privacy. If a mobile app developer wants to use Placed Affiliate, they must first make sure a user enables location permissions, and second, when a user opens the app, a prompt will inform the user that the app works with Placed for market research on location data. A user can simply select “yes” or “no” if he or she wants or doesn’t want to send location data to Placed. Shim emphasizes that Placed is collecting only location data and nothing else.
“We’re going above and beyond what the legislation has been talking about,” he says.
App developers receive money if Placed can gather location data from users in a 7 day or 30 day period. Shim adds that Placed Affiliate provides incremental monetization. If an app already has monetization hooks through ads, in-app purchases, subscriptions or other means, he recommends app developers keep those and add Placed Affiliate on top of those monetization strategies.
Placed, which already launched a pilot for Placed Affiliate last month, is now allowing any mobile app developer to sign up for the service here.
Back in March 2012, Placed received $3.4 million in Series A funding from the Madrona Venture Group.
1. The FTC thinks you should
Here’s what the FTC thinks developers should do:
- Provide just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information (to the extent the platforms haven’t already provided such disclosures and obtained such consent)
As a user, you surely have met the pop-up notification that asks permission for push notifications. That’s an example of “just-in-time disclosure” provided by the platform itself. The FTC knows that few people read privacy policies, and wants you to notify your users about important privacy disclosures in the moment it occurs. For example, if your app wants to access the user’s address book to find other friends already playing the game, a pop-up is the best way to tell them in details what information are being collected and why.
- Improve coordination and communication with ad networks and other third parties, such as analytics companies, that provide services for apps so the app developers can provide accurate disclosures to consumers
This is referring to external libraries, SDK and other third-party code that app developers often integrate in the app to facilitate advertising or analytics. The FTC is trying to tell you: it’s ok, but do it responsibly. Check public repositories for bugs, apply some due diligence on the reputation of the companies behind the code you are embedding. In short: use some common sense here, as you’re ultimately responsible for major loss of data from your app, even if due to third-party code.
- Consider participating in self-regulatory programs, trade associations and industry organizations, which can provide guidance on how to make uniform, short-form privacy disclosures
3. You users will trust you more if you do, and your platform, too
A recent survey found that 57 percent of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons. Instagram is said to have lost something like six million users after the their controversial Terms of Service change: people are starting to care about the legal implications of the apps they use. You can get away from the FTC, but there are crowdsourced policing tools in place now (TOS;DR, PrivacyChoice, etc.) and it only takes one vocal user to spread a bad rumor. There’s also a positive side: good early behavior can help establish a level of trust with your user base that has positive effects on retention, and may even give you a competitive advantage.
Looking at what the competition is doing can also help you figure out what kind of disclosures go in a policy. The important thing, particularly with mobile apps, is to make sure the policy stays true at every update. Every time add or fix something, think if it had an impact on your privacy statements, and edit them if necessary. Added a new analytics script? It should go in there. If you adopt a “privacy by design” approach from the beginning, this process will become automatic and naturally integrated in product development, keeping your legal risks low.
The Federal Trade Commission today released a new report, which outlines recommendations for mobile platforms and mobile app developers across the country to better inform its users what personal data is being collected and how the data is being used. The report comes less than a month after the California Attorney General’s office released its own privacy guidelines for mobile app developers in the state.
FTC Chairman Jon Leibowitz, who yesterday announced his resignation, said in a statement, “the mobile world is expanding and innovating at breathtaking speed, allowing consumers to do things that would have been hard to imagine only a few years ago. These best practices will help to safeguard consumer privacy and build trust in the mobile marketplace, ensuring that the market can continue to thrive.”
The FTC, the federal agency that oversees business practices, stated that mobile devices “facilitate unprecedented amounts of data collection” because users, for the most part, have their mobile device on and with them at most times. In an effort to improve mobile privacy disclosures, the FTC recommended platforms and developers provide privacy data disclosures to consumers before allowing an app to access sensitive content like geolocation and for other personal data such as photos, contacts or calendar entries.
The FTC also recommended that platforms consider implementing a version of Do Not Track (DNT), the privacy mechanism that allows users to prevent tracking by ad networks or other third parties. Multiple desktop web browsers already support DNT including Firefox, Internet Explorer, Chrome and Safari. Mozilla’s Firefox mobile browser has the DNT mechanism and Apple’s Safari has a “limited ad tracking” slider for iOS, but despite Mozilla’s and Apple’s DNT support on mobile, the privacy mechanism is not as standard on mobile as it is on desktops.
At the end of 2012, the FTC strengthened its more than a decade-old child online privacy laws, in particular, the Children’s Online Privacy Protection Act (COPPA). The new laws require child-directed websites and online services to obtain parental consent before collecting children’s personal information like geolocation data or photos before sending the data off to third-party companies. Although, the updated rules explicitly exempt app “platforms” such as the Apple App Store and Google Play from complying with COPPA since the app stores only offer “public access” to kids’ apps, as opposed to targeting kids directly and exclusively.
Along with other new privacy controls, Facebook today announced changes to the apps permissions process, which separates read and write permissions into different dialogs. The new flow gives users more control, but adds an extra step that could have an effect on acceptance rate and change the type of access users grant apps.
Today’s changes do not affect how users install games on Facebook.com, but will apply to mobile apps and other sites using Facebook login. Now that apps will request read and write permissions separately, users have the option to log into an application and receive a personalized experience using their name, friend list and other aspects of their profile, but they can reject the app’s request to publish activity on their behalf.
Previously, users accepted these permissions in one step, which led some users to unknowingly authorize an app to post to their wall. When users better understand what an app can do, they are less likely to be taken by surprise and end up marking an app as spam. They will also be more likely to add more apps in the future. Without feeling like they have control over what they share, users might be hesitant to add any third-party apps. That said, the two-step process could also lead to lower install rates or lead fewer people to allow apps to share their activity.
In some cases, the app auth process may involve three steps. That’s because Facebook also distinguishes “manage” permissions from read and write. If an app wants to manage a user’s ads, events, notifications or other products, it will have to request this in a third dialog.
Some aspects developers will appreciate are how the new dialogs are smaller and more lightweight, which is less likely to turn off users, and how some permissions have been combined. For example, apps used to have to request separate permissions for “publish_stream,” “publish_actions” and “publish_checkins.” Now an app can simply ask if it can publish to Facebook or not. “Basic info” has also been renamed to “public profile and friend list” to be more descriptive and transparent to users.
Facebook says all mobile and non-game web apps will be converted to the new auth flow automatically. No changes are required to a developer’s code.
Here’s a look at how the read and write permissions dialogs appear on different platforms:
Images from Facebook.
This article originally appeared on our sister site, Inside Facebook.
A hacker group named AntiSec has released 1,000,001 iPhone Unique Device Identifiers (UDIDs) it claims it stole from an FBI tracking project that contains more than 12 million of the numbers — some of which are said to be linked to personal information including full name, cell number, address and zipcode.
UDIDs are 40-digit long, unique alphanumeric codes that are assigned to every iOS device. They are used to track users as they move from app to app, to target advertising and measure campaign conversions. Unlike other advertising tracking mechanisms, they can’t be cleared, blocked, removed or opted out of, and are easy to link to personal information such as a user’s contact book.
Security concerns like these that have pushed Apple to move away from UDIDs, although the movement to replace them has lost much of its momentum due to a lack of suitable replacements. For its part, AntiSec had the following to say about UDID tracking:
“We think it’s the right moment to release this knowing that Apple is looking for alternatives for those UDID currently and since a while blocked axx [sic] to it, but well, in this case it’s too late for those concerned owners on the list. we always thought it was a really bad idea. that hardware coded IDs for devices concept should be erradicated [sic] from any device on the market in the future.”
According to the group’s anonymous statement on Pastebin.com, the data was released in order to draw attention to the FBI’s project. Although most of the user info has been removed, AntiSec left enough for users to determine if their devices were among those being tracked. For those users who do not wish to download the entire list of UDIDs in order to see if their device is among those being tracked, The Next Web has created a custom search tool related to the breach.
Mobile app location analytics provider Placed is now measuring up to 20 million pieces of user-generated location data a day through its free service, Placed Analytics.
Backed with $3.4 million in Series A funding from the Madrona Venture Group, the Seattle-based company is looking to break into the analytics market by providing developers location-based information that can tell them where, and how their mobile app are being used. Since launching its free open beta in June, Placed has already signed up several hundred developers, and their apps are now sending anywhere from 17 to 20 million locations back to the company every single day.
CEO and founder David Shim describes Placed as similar to the services provided by Flurry or Google Analytics, but for the outside world. While other mobile analytics services can show a developer what city a user is in, Placed can developers know what specific neighborhood a user is in and what kind of businesses they’re close to. Placed can even differentiate between three levels of movement: stationary, walking and in transit.
Although the information might seem excessive at first, it opens up many new possibilities to optimize an app for how it is actually used, explains Shim. “A developer can see what situations his app is used, so he can know not to rely on precise controls if the application is mostly used while walking,” says Shim. Developers can also track their location analytics month-over-month to determine trends and emerging usage patterns.
The service works by using GPS data and Placed’s own 300 million location meta-place database. For businesses that are located next to one another, Placed references time-based information to determine which business a user is more likely to be interacting with. For example, Shim says, if there is a McDonald’s and toy store located side-by-side, Placed can determine which business a user is more likely to be visiting based on how popular those locations are during the day. Placed also has home and work models to tell if users are actually out and about, or if they just happen to live or work in densely populated urban areas.
Of course, all this detail also raises concerns around privacy, something Shim tells us the Placed team has put a considerable amount of thought into. First, the service only tracks location when an app using Placed has received location permission from a user. Second, Placed doesn’t provide what Shim calls “individual level data” to developers — that means the most a developer can learn from Placed is that a user is in an area that measures 150 by 150 meters. “It’s all about aggregation,” says Shim. “You can’t see a random device ID and this is the places that they went to. That’s specifically for privacy reasons. That’s also why we’re not going into the ad targeting business.”
What Shim means by ad targeting business is GeoFence advertising — ads that are pushed to consumers when they enter a pre-defined area or pass near a specific business. The eventual monetization goal for Placed isn’t to serve location-based advertising, but to help developers understand the broader location landscape around their apps, something that will make location-based advertising more effective in the long term.
“If an application doesn’t have enough inventory of people actually going by 7-11, then you can sell [GeoFenced 7-11 ads] for a high CPM but they will have a very low value at the end of the day,” Shim explains. “The other obvious thing from an advertising perspective is you can start to understand what inventory is available. Imagine going to McDonald’s and saying ‘people who use my app are four times more likely to be nearby a McDonald’s then any other app out there, so you should really advertise.’ Alternatively you can say the same to Burger King, so they can get in front of those people before they step into a McDonalds.”
Social Media Jobs
of the Day
Column Five Media
New York, NY
Penny Lane Pictures
New York, NY
The Huffington Post
New York, NY
Popular Right Now
- The Sims FreePlay celebrates Christmas and New Year's Eve on mobile
- Halfbrick brings S.A.M. mech and Sleigh of Awesome to Jetpack Joyride
- Rockstar Games announces Grand Theft Auto: San Andreas for mobile
- Zynga rebrands Running with Friends to Stampede Run, introduces single player mode
- Modern Combat 5 to be first game optimized for MediaTek’s new octa-core chip