As an everyday app user, I love the convenience of managing routine tasks through shopping apps, calendar apps, banking apps, and more. While 2020 drags on, employers, government services and retailers have embarked on or accelerated digital transformation — putting mobile apps to the forefront.
However, mobile app convenience can sit at the opposite end of the spectrum of privacy and security. Privacy is defined as, “the state of being free from public attention.” In the app realm, privacy is commonly associated with location data or an app user’s personal identifying information (PII) such as email, password, or credit card number. Security is defined as, “the state of being free from danger or threat,” and in apps is compromised by issues such as unencrypted data and improper authentication.
Often privacy and security are considered one and the same, and they are in fact intertwined. Privacy is about protecting your information and data, and security protects that information from getting into the wrong hands. In other words: you can have security without privacy, but cannot have privacy without security.
Who owns and protects digital information has become hotly debated, and in turn, public awareness of privacy and security issues has put more control into the hands of individual app users. Here we cover how regulators and app publishers address privacy and security, and what mobile app users can do on their own to keep themselves safe from insecure apps.
In recent years, very public and embarrassing data breaches have become increasingly frequent. These news stories have captured the attention of casual mobile app users and increased concern of privacy and security issues.
Regulators pay special attention to privacy issues and industry-specific U.S. laws that safeguard financial and health information. More generalized data privacy laws are currently a work in progress, though common privacy regulations exist. In addition, the incentive to create private and secure apps is growing. Per my colleague Jenifer Bauer’s 2019 blog:
Apple and Google [in 2018] began requiring mobile app developers to provide clearly written privacy policies for each app as part of the store approval process. The policies must specify what data is collected, if it is shared with third parties, and how users may request deletion of data. Mobile apps often collect personally identifiable data and other information, such as geolocation data and usage habits.
Apple announced in November 2020 that it will also require apps to provide essential privacy information. This empowers mobile app users with more control of their information and the knowledge of what data is being collected and how it is shared.
But how can these apps assure privacy? With robust and thoughtful security. App publishers hold responsibility for app security and test security in various stages of the software development lifecycle (SDLC). The most efficient and effective method of respecting users’ privacy is developing apps with a privacy-by-design mindset. This e-book offers tips for getting started.
We know regulators are moving towards comprehensive laws for data and privacy, and app stores and app publishers have taken important steps to assure security. But how can everyday mobile app users diligently protect themselves from potentially invasive or risky apps? Just as you secure your phone from strangers by using a passcode or biometric ID, adjustments can secure your data from cyberattackers. We as consumers should take the following steps to manage the threat of unsafe mobile apps:
App settings can quickly be adjusted to limit excessive permissions and secure your data from cyberattackers.
Mobile app users can be confident that regulations are improving to assure privacy. And, app stores provide certain capabilities and rules for app developers, while app publishers are following their lead to assure security throughout an app’s SDLC. These protections are driven by users, and we must maintain vigilance to ensure a world safe from mobile apps.
Consistently adhering to the guidelines above will help to maintain momentum on this cultural shift. As an everyday app user, I care deeply about the security and privacy of my mobile apps. It’s important to me to understand if and when my personal information is collected and shared. Admittedly, much of this data has short-term value. But if we stop paying attention, and if policies do not keep pace with the market, we risk losing control of our data and privacy.