We have experienced an increase in clients launching their own mobile applications for such reasons as supplementing a web-based software offering, operating a customer rewards program, providing a product catalog and account management tools, and many other purposes.  This blog entry will identify some of the key issues that we analyze during the development and launch of a mobile application, particularly, issues relating to picking and contracting with an application developer, functional considerations, and considerations when collecting user or application usage information.

When choosing an application developer, one should review the developer’s application development agreement.  If the developer does not have a development agreement, we advise our clients to insist on having one.  The development agreement is invaluable in ensuring that the desired rights to the application are secured with our client upon completion of the development and providing protections to our client should the completed application not function correctly.

A key consideration in the development agreement is the ownership of the finished application.  By default, the developer will own all copyright in any original code written for the developed application.  In addition, many of the code components of an application are either open-source (available to the public) components or are generic components which the developer has pre-written.    As such, the developer typically cannot and will not assign ownership of the entire source code of the mobile application.  Moreover, open-source code components often have their own license obligations, some of which can remove any exclusive rights in the developed software.  As such, we suggest obtaining a list of the open-source components prior to completion of the development to review the license requirements of the incorporated open-source components.

If a mobile application includes a proprietary method or functionality (such as mobile software offering), then we suggest that our clients obtain all right and interest into the custom code developed for this purpose.  If the mobile application utilizes existing components, but incorporates logos or proprietary information, then a perpetual license may be all that is needed.  In any case, we suggest obtaining and retaining a perpetual license in all of the open-source and pre-written components.  It may also be desirable to obtain the rights to transfer, modify and create derivative works of the code so that the code of the developed application may be updated or modified in the future, the application may be transferred to a subsequent purchaser, and/or the hosting service provider may be changed.

The development agreement should also separate the development into two or more distinct progress milestones so that our clients can manage the schedule and review the work of the developer along the way.  It follows that payments should be tied to completion of these milestones.  It is also preferable to retain a portion of the development fee which will be paid upon final acceptance of the mobile application.

Once the development process has been initiated, another consideration from a business standpoint is (1) how to govern the user’s access and use of the application, (2) who will be using the application, and (3) what types of information will be collected concerning the user’s use of the application.  We suggest a click-through terms of use to set the basic parameters and terms of the user’s use of the mobile application.  The terms of use allow our clients to (a) manage its potential liability to users and (b) seek recourse should a user use the application in an unauthorized manner or otherwise causing harm to the owner or a third party.  If the application is a hosted software program, another option is to include a click-through license agreement.  Click-through agreement strategies typically require the user to affirmatively acknowledge acceptance of the terms prior to initially accessing and using the application.

In addition to the terms of use, we also recommend including a privacy policy which is tailored to the types of mobile and software technology being used to collect information related to a user’s use of the mobile application.  Often, this information must be obtained from the developer.  If the mobile application will not be collecting, storing, or transmitting any user or application usage information, then the privacy policy may be as simple as a disclaimer.  However, in today’s information age, this situation is increasingly rare.  Consideration of the persons using the application and the types of information collected through the application is becoming increasingly important as the residency and age of the intended users may trigger the application of certain privacy laws and the need for a more detailed privacy policy.  Some jurisdictions require a privacy policy when an operator collects information, such as the type and function of cookies or log files implemented by the application. Most importantly, the privacy policy must accurately identify the actual practices of the application and its owner as to (1) what information is collected, (2) how the information is collected, and (3) how the information is used.   Otherwise, there is a risk that the Federal Trade Commission may institute an action for unfair and deceptive trade practices and/or a class action lawsuit.

If there will be any international users of the mobile application, then we suggest taking safeguards to comply with the applicable privacy laws.  In particular, if the mobile application user is used by residents of Canada, Mexico, or Europe, this type of usage triggers some very strict data security law compliance requirements.  The requirements include providing certain notices and responsiveness to the users of the mobile application.  Financial punishment for failing to comply with these foreign data protection laws for persons conducting business in these jurisdictions have the potential to be substantial.  For example, Mexican law provides for fines up to around $1.5 million for violations of its privacy law, and Spain recently levied fines of $1.5 million against Google because its privacy policy did not comply with the Spanish data protection laws.

Navigating the development and launch of a mobile application is dependent upon the exact purpose and functionalities incorporated in the mobile application.