What do I Need to Know about Creating a Mobile App?
Truthful Advertising
Tell the truth about what your app can do. Once you start distributing your app, you become an advertiser. Under the law, an ad isn’t just a multimillion dollar TV campaign. It’s pretty much anything a company tells a prospective buyer or user – expressly or by implication – about what a product can do. Whether it’s what you say on a website, in an app store, or within the app itself, you have to tell the truth. False or misleading claims, as well as the omission of certain important information, can tick off users and land you in legal hot water. One rule of thumb: Look at your product and your advertising from the perspective of average users, not just software engineers or app experts. If you make objective claims about your app, you need solid proof to back them up before you start selling. The law calls that “competent and reliable evidence.” If you say your app provides benefits related to health, safety, or performance, you may need competent and reliable scientific evidence. For example, the FTC recently took action against developers who said their apps could treat acne, but who didn’t have scientific evidence to back up their claims. Visit the BCP Business Center for more on keeping your claims compliant.
Disclose key information clearly and conspicuously. If you need to disclose information to make what you say accurate, your disclosures have to be “clear and conspicuous.” What does that mean? That they’re big enough and clear enough that users actually notice them and understand what they say. Generally, the law doesn’t dictate a specific font or type size, but the FTC has taken action against companies that have buried important terms and conditions in long licensing agreements, in dense blocks of legal mumbo jumbo, or behind vague hyperlinks. Clear and conspicuous disclosures make good business sense. Most people react negatively if they think a company is trying to pull a fast one by hiding important information. Users are more likely to continue to do business with a company that gives them the straight story up front.
Privacy
Build privacy considerations in from the start. The FTC calls this “privacy by design.” What does it mean? Incorporating privacy protections into your practices, limiting the information you collect, securely storing what you hold on to, and safely disposing of what you no longer need. Apply these principles in selecting the default settings for your app and make the default settings consistent with what people would expect based on the kind of app you’re selling. For any collection or sharing of information that’s not apparent, get users’ express agreement. That way your customers aren’t unwittingly disclosing information they didn’t mean to share.
Be transparent about your data practices.
Even if you need to collect or share data so your app can operate, be clear to users about your practices. Explain what information your app collects from users or their devices and what you do with their data. For example, if you share information with another company, tell your users and give them information about that company’s data practices.
Offer choices that are easy to find and easy to use.
Give your users tools that offer choices in how to use your app – like privacy settings, opt-outs, or other ways for users to control how their personal information is collected and shared. It’s good business to apply the “clear and conspicuous” standard to these choice mechanisms, too. Make it easy for people to find the tools you offer, design them so they’re simple to use, and follow through by honoring the choices users have made.
Honor your privacy promises.
“But we don’t make any promises.” Think again and reread your privacy policy or what you say about your privacy settings. Chances are you make assurances to users about the security standards you apply or what you do with their personal information. At minimum, app developers — like all other marketers — have to live up to those promises. The FTC has taken action against dozens of companies that claimed to safeguard the privacy or security of users’ information, but didn’t live up to their promises in the day-to-day operation of their business. The FTC also has taken action against businesses that made broad statements about their privacy practices, but then failed to disclose the extent to which they collected or shared information with others – like advertisers or other app developers. What if you decide down the road to change your privacy practices? You’ll need to get users’ affirmative permission for material changes. Just editing the language in your privacy policy isn’t enough in those circumstances. And while you’re taking another look at your privacy promises, read them with users in mind. Is the language clear? Is it easy to read on a small screen? Are you using design elements — color, fonts, and the like — to call attention to important information?
Protect kids’ privacy.
If your app is designed for children or if you know that you are collecting personal information from kids, you may have additional requirements under the Children’s Online Privacy Protection Act (COPPA) and the FTC’s COPPA Rule. Specifically, under COPPA, any operator whose app is directed to kids under age 13 or who has actual knowledge that a user is under 13 must clearly explain its information practices and get parental consent before collecting personal information from children. App operators also must keep personal information collected from children confidential and secure. Visit the FTC's COPPA site for compliance advice.
Collect sensitive information only with consent.
Even when you’re not dealing with kids’ information, it’s important to get users’ affirmative OK before you collect any sensitive data from them, like medical, financial, or precise geolocation information. It’s a mistake to assume they won’t mind.
Keep user data secure.
At minimum, you have to live up to the privacy promises you make. But what if you don’t say anything specific about what you do with users’ information? Under the law, you still have to take reasonable steps to keep sensitive data secure. One way to make that task easier: If you don’t have a specific need for the information, don’t collect it in the first place. The wisest policy is to:
1. collect only the data you need;
2. secure the data you keep by taking reasonable precautions against well-known security risks;
3. limit access to a need-to-know basis; and
4. safely dispose of data you no longer need.
These principles apply both to information you ask users to give you and to any information your software collects. If you work with contractors, make sure they abide by the same high standards.
For more information, see here: http://business.ftc.gov/documents/bus81-marketing-your-mobile-app
These materials were obtained directly from the Federal Government public websites and are posted here for your review and reference only. No Claim to Original U.S. Government Works. This may not be the most recent version. The U.S. Government may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.