(MRWD) Privacy, Security and Intellectual Property Issues Lesson

Privacy, Security and Intellectual Property Issues

App developers need to be aware of privacy, security and intellectual property issues before designing or creating an app. 

Intellectual Property Issues

It is illegal to impersonate other entities or infringe on intellectual property rights of others such as trademarks, copyrights, patents, trade secrets, and other proprietary rights.  If you are using copyright material, you must provide evidence of rights to use the content.  

Common violations when creating Apps:

• Using someone else's material or idea that has been copyrighted
• Providing streaming apps that allow users to download copyrighted content without authorization
• Using a word, symbol, or combination that identifies the source of good or service that has been Trademarked

Security Issues

There are more than a thousand new mobile apps hitting the market each day. Since most apps provide or store customer data such as contact information, photos, and locations, they can be vulnerable to breaches and hackers.

The FTC expects app developers to maintain reasonable data security practices.  Every app is different and has different security needs. Apps that collect little or no data will raise fewer security considerations than those that collect and use personal data.

Choose each of the steps below to learn more.

    

 1. Make someone responsible for security

    

      

If you are using data, someone has to be responsible for considering security at each stage. If you are the sole developer, that is you.

 

    

2. Review the data you intend to collect and maintain.

    

       

Only collect and maintain data if it is necessary to accomplish the purpose of the app. Avoid keeping data longer than you need to and have a plan to get rid of the data.

    

    

3. Understand the mobile platform.

    

        

Each mobile operating system has different security features and permission handling.

    

    

4. Don't rely on the platform to protect your users.

    

       

Mobile platforms provide helpful security features but you need to understand their limitations.

 

    

5. Generate usernames and passwords securely.

    

       

Require strong passwords to provide a higher level of authentication.

 

    

6. Encrypt data that is transmitted.

    

       

Consider https or another industry-standard method. Keep up with the latest security features.

    

    

7. Be careful when using libraries and other third-party code.

    

       

Research to see if the library or SDK have known security vulnerabilities.

 

    

8. Protect data you store on a user's device.

    

       

Protect or obscure the data by using encryption.

    

    

9. Protect your servers.

    

       

If you rely on a commercial cloud provider, understand the responsibility for securing and updating software on the server.

 

    

10. Don't store passwords on your server.

    

        

Use iterated cryptographic has function to has users' passwords. 

 

    

11. Stay aware and communicate with your users.

    

        

Have a plan for shipping security updates if needed.

    

    

12.  If you are dealing with financial data, health data, or kids data....

    

        

Make sure you understand applicable standards and regulations.

    

 

Privacy Issues

Most apps store personal information such as name, birthdate, age and email addresses.  Others store private information such as credit card numbers, photos and other sensitive information. Breaches in privacy are a real concern.  

Apps should have terms of use and privacy statements that include what type of information is collected, how it is used and whether it is shared with third parties.  

Specific laws govern the use of certain types of information and ages of the user.  

The FTC provides tips for dealing with data.

1. Make someone responsible for security
2. Only collect data if it is necessary and get rid of it if you do not need it
3. Understand the mobile platform
4. Don't rely on the platform to protect your users
5. Generate usernames and passwords securely
6. Encrypt data that is transmitted by using HTTPS
7. If you use libraries and other third-party code, research to see if the library or SDK have known security vulnerabilities
8. Protect data you store on a user's device through encryption
9. Protect your servers
10. Don't store passwords on your server in plaintext
11. Have a plan for shipping security updates if needed
12. If you are dealing with financial data, health data, or kids' data, make sure you understand applicable standards and regulations

[CC BY 4.0] UNLESS OTHERWISE NOTED | IMAGES: LICENSED AND USED ACCORDING TO TERMS OF SUBSCRIPTION