The Federal Trade Commission (FTC) released guidelines to assist mobile app developers to comply with truth-in-advertising and basic privacy principles when marketing new mobile apps. The agency stressed that laws that apply to established businesses also apply to start-ups and app developers that are marketing and releasing new apps for consumers. The guidelines apply to information users give to the developer and any information the software collects.
Some general guidelines that app developers should consider:
- Advertising. The FTC stated that advertising comprises nearly anything a company tells a prospective buyer or user about what a product can do, whether on a website, in an app store or within the app itself. False or misleading claims, as well as the omission of certain important information, can turn off users and attract the scrutiny of regulators: "If you make objective claims about your app, you need solid proof to back them up before you start selling. […] If you say your app provides benefits related to health, safety, or performance, you may need competent and reliable scientific evidence."
- Clear and Conspicuous Disclosures. Disclosures should be "clear and conspicuous": "Generally, the law doesn’t dictate a specific font or type size, but the FTC has taken action against companies that have buried important terms and conditions in long licensing agreements, in dense blocks of legal mumbo jumbo, or behind vague hyperlinks." The guidelines also advise giving users tools that offer choices in how to use an app – like privacy settings, opt-outs, or other ways for users to control how their personal information is collected and shared. Developers should take readability into account since such disclosures are often displayed on a small smartphone screen.
- Privacy by Design. Under the FTC's “privacy by design” strategy, the agency suggests incorporating privacy protections into company practices, limiting the information collected, securely storing data, and safely disposing of deleted data. The agency also commented on the extent of data collection: "For any collection or sharing of information that’s not apparent, get users’ express agreement." As for transparency, the guidelines advise app developers to "explain what information your app collects from users or their devices and what you do with their data."
- Privacy Promises. The FTC urges app developers to ensure compliance with privacy policies, including assurances to users about security standards or data shared with advertisers, and to get users' affirmative permission for material changes going forward. Moreover, if an app is designed for children under 13 or if a developer knows that it is collecting personal information from kids, it may have additional requirements under the Children’s Online Privacy Protection Act (COPPA).
- Data Security. The FTC stressed the importance of data protection: "Under the law, you still have to take reasonable steps to keep sensitive data secure. […] The wisest policy is to (1) collect only the data you need; (2) secure the data you keep by taking reasonable precautions against well-known security risks; (3) limit access to a need-to-know basis; and (4) safely dispose of data you no longer need.
Final Note: Similar to the FTC, the Office of the Privacy Commissioner of Canada released a mobile app guidance that is targeted to app developers and focuses on the design and development of apps and the need to keep privacy in mind during the development process.