Preliminary Report from the 10-City Application Developers Alliance Privacy Summit Series

App Privacy: What App Developers Are Really Doing to Protect Consumers

The app ecosystem is large and growing, with more users and more apps added every day. Two-thirds of the U.S. online population has at least one smart mobile device, and 74 percent of those device owners have downloaded an app. In the next six months, about one-third of app users plan to use apps more than they do now, and one-third of non-users plan to start using apps.

Already, the app economy has created 519,000 jobs across the U.S., and this is just the beginning.

The Privacy Challenge

The ubiquity of mobile apps and some “bad app” outliers have prompted policy makers on the state and federal levels to ask:

 

What is being done to ensure consumers know and are comfortable with what data is being collected and how it is being used?

Regulators and lawmakers are wrestling with whether to enact policies that will protect consumers’ data and privacy.  Unfortunately, they’ve often left out a critical participant during those conversations – app developers. 

To find out what app developers think about privacy, what they are already doing to protect consumers and what they want the government to do – or not do – to help, we hosted events in 10 cities across the country and asked them.

The Answer

From Boston to San Diego and from Austin to New York, the message from developers was clear: app developers are focused on protecting consumer data, and they understand that their businesses are built by earning and maintaining the trust of their users.

App developers nationwide reiterated that policy makers should understand certain realities about the app ecosystem and should not inhibit developers’ ability to innovate:

1) Apps rely on consumer information to provide a beneficial, enjoyable, and informative app experience, so consumer trust is essential to app developers.

2) Most apps are not being built by young, inexperienced developers. App developers are professionals.

3)Privacy is not a policy issue. It’s an engineering challenge.

4) Public policy should support innovative solutions to address the challenge.

5) Bad public policy – including a patchwork of regulations and requirements – will stifle innovation in one of the nation’s most productive and growing industries.

MYTH: App developers don’t care about privacy. They don’t even think about privacy.

Apps rely on consumer data to provide users with a personalized experience. For example, music apps need to know what songs and bands you like to build you a playlist. And maybe the app combines that information with a zip code or age to suggest a concert nearby. Trading personal information for free content is not new to consumers and is not a violation of privacy or trust.  In fact, this use of personal data customizes services in a manner that consumers desire.

Not only are app developers the best positioned to understand the complex challenges surrounding consumer privacy, they are also the stakeholders with the greatest motivation to care about consumer privacy. Consumer trust is vital to the success of any app.

MYTH: Apps are built by young, unprofessional developers.

If regulators, policymakers, and consumer advocates think that developers don’t care about consumer privacy, it may be due in part to the common stereotype of a young guy building the “next big thing” app between classes or after his day-job. That stereotype is simply untrue. The developers we met at each stop along the Privacy Summit Series and the results of a recent survey conducted by GigaOM on behalf of the Alliance clearly illustrate a level of experience and professionalism that belies the stereotype.

Who are app developers?

The truth is the average app developer is a well-educated professional in his or her mid-thirties.  App developers tend to work for small firms, and most are full-time employees.

Here’s what we know:

 

designer can possibly do something with these stats to make them more interesting:

 

Nearly 60 percent of app developers are over 30.

 

More than 70 percent have a college degree, and nearly half of those have completed some graduate work.

 

Most app developers are full-time employees, with app development accounting for all, or a portion, of their jobs.

 

App developers are professionals, with more than half building apps for more than 2 years.

 

Nearly 30 percent said they have been building apps for more than 4 years, making them pioneers in the field.

 

The average income of a professional (non hobbyist) is $75,000 a year.

 

Two-thirds of respondents work in small firms, defined as those with three or fewer individuals.

 

The web-based survey of developers was conducted by GigaOM in partnership with the Application Developers Alliance over the course of the summer and received 352 responses. For more information visit AppAlliance.org/Research

MYTH: The mobile app industry needs to be regulated and policed by Congress and federal agencies.

App developers are highly motivated to protect consumer privacy as a matter of business success. The entire industry is leaning in to the challenges that arise from using consumer data; e.g., app developers are full participants in discussions designed to create a voluntary code of conduct. They are professionals, educated and committed to creating products that consumers will enjoy, use, and trust.

Once policymakers and regulators take the time to talk with developers, they will discover:

Privacy is not a policy issue. It’s an engineering challenge.

Our biggest discovery from direct discussions with app developers across the nation was that developers view legislation and regulation as an impediment to truly advancing consumer privacy. What is needed, in their opinion, is to view privacy as an engineering challenge and not a policy or legal issue.  Handling data in a careful, secure fashion is an engineering challenge with an engineering solution. Just as engineers have made phones more powerful and extended their battery life without increasing their weight, privacy engineers are creating new and better solutions to consumer privacy challenges.

App developers repeatedly said that privacy challenges stemming from user confusion over apps’ data practices are not issues that can be regulated. Achieving transparency about data collection and usage can be resolved with good design.  Letting consumers know what is being collected and how it is being used is good user interface (UI). Developers know that when you have a great user experience, everybody benefits.

Recommendations

Developers are problem solvers. Their business is to identify problems and create effective and elegant solutions. To overcome the challenge of privacy, they suggest the following:

Spur Competition for Privacy Innovation – App developers are already implementing innovative privacy solutions to distinguish their apps from those of competitors. [JW1] The fastest way to accelerate the pace of innovation and advance consumer privacy within this industry is to introduce additional incentives for success. These incentives – whether financial, legal or reputational – can and should be advocated by policy makers but determined by the market, as is all innovation.

Stop Treating Privacy as a Legal or Policy Issue. It’s an Engineering Challenge – App developers told us that policy makers have been thinking about the issue of privacy the wrong way. Privacy is an engineering issue that only better engineering can resolve. No number of regulations or laws can actually improve the way apps treat consumers or their data. Laws, regulations and enforcements only can sanction failures – they do not enable developers to think outside of the box and innovate. 

All Data Is Sensitive. Don’t Make Special Rules for Different Categories of Data -- Although app developers recognize that some personally identifiable information is more sensitive (e.g., health, children’s personally identifiable information, financial), app developers told us that all personally identifiable information is sensitive. They explained that when combined with other readily available information, virtually all personally identifiable information can be re-identified back to individuals. Laws or regulations that are category-specific are outdated, do not advance consumer privacy and may even create engineering and design hassles that unnecessarily increase costs.

Special category solutions may create a sense of security, but data science shows that technologically these categories do not lead to special protections. App developers proposed providing across-the-board solutions. 

If You Offer Guidance, Offer Simple, Easily Implemented Solutions – If regulators are going to provide guidance, app developers want the solutions to be technology neutral and to preserve flexibility for implementation.

Congress and FTC Can Fund User Interface Research – Congress and the Federal Trade Commission (FTC) should support research about how best to communicate complicated information in the unique environment of a mobile device, on a small screen and in clear, plain language. Dictating what the screens say, what the font should be, what disclaimers should say, etc., loses the forest for the trees.

App developers are too busy building great apps to identify scientifically how best to communicate with consumers. Congress and the FTC can perform a valuable service by funding and/or undertaking the policy research necessary to help developers learn to better communicate information about data collection, usage, and storage and consumers’ options on mobile screens.

Conclusion

App developers were very clear on one point: No one benefits when an app violates consumer trust. Consumers need to know and be comfortable with what data is being collected and how it is being used, and developers, more than anyone, are committed to ensuring their customers’ privacy in order to survive and grow in this highly competitive marketplace.

How should policy makers and regulators respond to app developers’ message?

First and foremost, listen. Invite developers to the table and include their technology, engineering, and user-experience expertise during discussions about regulations or guidance for app privacy.

Think about how to spur innovation. Regulations designed to sanction bad actors won’t contribute to better privacy solutions. Providing incentives that reward progress and supporting research to encourage our best thinkers and builders to develop solutions – that’s a winning strategy.

And finally, resist the urge to act quickly to regulate this fast-changing industry – have faith in the talent and minds of the individuals and companies that are searching for and delivering better and better privacy solutions every day.

We thank the National Sponsors of our Privacy Summit Series:

Application Developers Alliance

1025 F Street, NW  Suite 720

Washington, DC  20004

Contact: info@appdevelopersalliance.org

Online: www.appdevelopersalliance.org

About The Application Developers Alliance

The Application Developers Alliance is an industry association dedicated to meeting the unique needs of application developers as creators, innovators, and entrepreneurs. Alliance members include more than 15,000 individual application developers and dozens of companies, investors, and stakeholders in the apps ecosystem.