Adobe AIR SDK Privacy Guide

The information contained in this guide is provided "as is" and is intended only for general informational and educational purposes. It is not offered as and does not constitute legal advice or legal opinions.

Mobile privacy is a critical issue that every app developer must address. Your users expect that their private information will be collected and treated appropriately by your app. Also, there are an increasing number of jurisdictions that now have legal requirements regarding mobile privacy practices.

This guide on mobile app privacy should be considered a “primer” addressing some the most significant issues. It outlines some broadly accepted best practices and provides references to other more detailed guides and references.

Privacy Policy. Your app should include a privacy policy that addresses topics such as what kind of information your app collects from or about your users, how that information is used, with whom it is shared, and how users can make privacy-related choices within the app. To aid understanding, you should use plain language and avoid technical jargon. You should make your privacy policy available for users to review prior to download, such as in the app description in the app marketplace. In addition, you should make your privacy policy available within the app itself. The limited size of mobile device displays creates challenges for displaying privacy policies to users. Consider developing a “short form” of the policy that includes the most important information, and then provide a link to the “long form” policy for those interested in more details. Several groups are attempting to develop icon-based standards for communicating privacy practices, which you may want to consider once these standards mature.

Collection of sensitive information. An app’s collection of sensitive personal information raises important privacy concerns. Examples of sensitive personal information include financial information, health information, and information from or about children. It also includes information gathered from certain sensors and databases typically found on mobile devices and tablets, such as geolocation information, contacts/phonebook, microphone/camera, and stored pictures/videos (see below for more information on privacy best practices for these features). Generally, you should obtain a user’s express permission before collecting sensitive information and, if possible, provide a control mechanism that allows a user to easily change permissions. App operating systems can help in some instances by presenting just-in-time dialog boxes that ask for the user’s permission before collection. In these cases, be sure to take advantage of any opportunity to customize the dialog box text to clarify how the app uses and, if applicable, shares such information.

Avoiding user surprise. If your app collects or uses information in a way that may be surprising to users in light of the primary purpose of your app (for example, a music player that accesses stored pictures), you should take similar steps as with the collection of sensitive personal information. That is, you should strongly consider the use of just-in-time dialog boxes to inform the user about the collection or use of that information and, if appropriate, provide a corresponding privacy control.

Third party data collection or sharing. If your app collects information that is provided to another company -- such as a social networking platform or an ad network (for example, if your app displays advertising) – you should inform your users of that collection and sharing. At a minimum, your privacy policy should describe the information collection and sharing and, if appropriate, offer your users the ability to control or opt-out of such collection or sharing.

Collection limitation and security. Your users entrust your app with their information and they expect that you will take appropriate security precautions to protect it. One of the best ways to avoid security compromises of personal information is not to collect the information in the first place unless your app has a specific and legitimate business reason for the collection. For information that does need to be collected, ensure that you provide appropriate security controls to protect that information, whether it is stored on the device or on your backend servers. You should also develop an appropriate data retention policy that is implemented within the app and on your backend servers. Adobe will collect aggregate data (such as the app id, the OS version and the AIR version) for analytical purposes regarding the number of AIR apps distributed and used. None of this data will identify the user or the user’s device.

Following are some additional helpful mobile privacy guides for developers :

• California Attorney General, “Privacy on the Go: Recommendations for the Mobile Ecosystem”
• Center for Democracy & Technology, Future of Privacy Forum, ”Best Practices for Mobile App Developers”
• Federal Trade Commission, “Mobile Privacy Disclosures: Building Trust Through Transparency”
• Future of Privacy Forum, “Application Privacy” Website 

Geolocation. Collection and use of geolocation data raises important privacy issues. Your app’s privacy policy should discuss how the app uses geolocation data, whether it is shared with any other parties, and the level of precision of the data (for example, coarse, fine, ZIP code level, etc.). Geolocation data is generally considered sensitive because it can reveal a person’s whereabouts and, if stored, the history of his or her travels. Therefore, in addition to your app’s privacy policy, you should strongly consider providing a just-in-time notice prior to your app accessing geolocation data (if the device operating system doesn’t do so already). That notice should provide the same information noted above, as well as obtaining the user’s permission (e.g., by presenting choices for “Ok” and “No Thanks”).

Camera. Collection and use of images from a device’s camera raises important privacy issues. Your app’s privacy policy should discuss how the app uses the camera and whether the images recorded are shared with any other parties. In addition, if the app’s use of the camera is not apparent in the user interface, you should provide a just-in-time notice prior to your app accessing the camera (if the device operating system doesn’t do so already). That notice should provide the same information noted above, as well as obtaining the user’s permission (e.g., by presenting choices for “Ok” and “No Thanks”).

Capture. Collection and use of images, video, or audio from the device’s camera or microphone raises important privacy issues. Your app’s privacy policy should discuss how the app uses such sensors and whether the data recorded is shared with any other parties. In addition, if the app’s use of the camera or microphone is not apparent in the user interface, you should provide a just-in-time notice prior to your app accessing the camera or microphone (if the device operating system doesn’t do so already). That notice should provide the same information noted above, as well as obtaining the user’s permission (e.g., by presenting choices for “Ok” and “No Thanks”). Note that some app marketplaces may require your app to provide just-in-time notice and obtain permission from the user prior to accessing the camera or microphone.

Contact data. Collection and use of contact data raises important privacy issues. Your app’s privacy policy should discuss how the app uses contact data and whether it is shared with any other parties. Contact information is considered sensitive because it reveals the people with whom a person communicates. Therefore, in addition to your app’s privacy policy, you should strongly consider providing a just-in-time notice prior to your app accessing or using contact data (if the device operating system doesn’t do so already). That notice should provide the same information noted above, as well as obtaining the user’s permission (e.g., by presenting choices for “Ok” and “No Thanks”). Note that some app marketplaces may require your app to provide just-in-time notice and obtain permission from the user prior to accessing contact data. A clear and easy to understand user experience surrounding the use of contact data will help avoid user confusion and perceived misuse of contact data.