Tuesday, September 18, 2012

8 Steps to Promote Secure Mobile Apps

FTC Issues Guide on Getting It Right from the Start

Developing secure mobile applications is just one part of the process in creating new programs. Communicating how applications are secured - whether informing end users in your enterprise or marketing to consumers - is crucial in building IT security awareness among stakeholders.

The Federal Trade Commission has just published a guide to help mobile application developers observe truth-in-advertising and basic privacy principles when marketing new mobile apps. The FTC's new publication, Marketing Your Mobile App: Get It Right from the Start, notes that there are eight general guidelines that all app developers should consider.

The FTIC guidelines are:

Tell the truth about what the app can do.

False or misleading claims, as well as the omission of certain important information, can irritate users and land the application developer in legal hot water.

Disclose key information clearly and conspicuously.

Most people react negatively if they think a company tries to pull a fast one by hiding important information. Users are more likely to continue to do business with an organization that gives them the straight story up front.

Build privacy considerations in from the start.

Limit the information collected, securely store data and safely dispose of information no longer needed. For any collection or sharing of information that's not apparent, get users' express agreement. That way, customers aren't unwittingly disclosing information they didn't mean to share.

Offer choices that are easy to find and easy to use.

Make it easy for people to find the tools that are offered and design them so they're simple to use. Follow through by honoring the choices users have made. 

Honor privacy promises.

Chances are assurances are made to users about the security standards and how personally identifiable information is used. App developers must live up to those promises.

Protect children's privacy.

Mobile application developers have additional requirements under the federal Children's Online Privacy Protection Act if the application is designed for minors or if the application collects personal information about children.

Collect sensitive information only with consent.

Even when not dealing with children's information, it's important to get users' approval before collecting any sensitive data from them, such as medical, financial or precise geolocation information.

Keep user data secure.

The law requires application developers marketing their programs to take reasonable steps to keep sensitive data secure. One way to make that task easier: Don't collect information in the first place if there's no specific need for it.

People rely on mobile technology for a lot of stuff and they need to know what the developer has done to lock down apps, to protect against the types of attacks we're seeing.

No comments: