Mozilla has always been a friend of the Internet. The non-profit puts the user first and they made that even more clear when the corporation came out against CISPA last week. Now, it’s no secret that Mozilla is developing an app store called the Mozilla Marketplace and Mozilla wants developers to make sure they aren’t keeping any secrets either.
Late last week, Mozilla updated their privacy policy guidelines for app developers that want to submit apps to the yet to be released Mozilla Marketplace. Just as they are against CISPA and its privacy-infringing content, they are against any app developers hoping to do the same.
The first part of the privacy policy deals with data collection. There have been apps on both iOS and Android recently that were found to be collecting data without the user’s permission. The most famous may have been when Path was found to be collecting users’ contact lists without their knowledge, but other big names like Twitter have been caught doing the same thing.
As part of Mozilla’s statement on user data, they say that app developers must design their app or add-on so that “what you actually do with user data is what users think you are doing with it.” Another is that developers must give users much of the control over their data whenever they possible. One suggestion is “giving [the user] the choice to opt-in to or opt-out of data collection.” As a final tip, they tell app developers to limit data collection to only what they need.
On a related note, they encourage app developers to design apps with the user’s privacy in mind from data collection and storage to its use. When your app raises concerns in regards to privacy, they also want developers to respond to user questions.
A big one that I’m sure many people can get behind is “Avoid secret updates.” It’s the shortest privacy guideline on the list, but also the most powerful. Almost every app on my Android gets regular updates, but a few of them never tell me what is being updated. Stability is not an update, tell me exactly what you’re updating.
Of course, we can’t talk about privacy and sharing of data without talking about social networks. Apps need to have social network integration for the people who love sharing every moment of their lives, but not everybody is comfortable with that level of sharing. That’s why app developers need to make the use of social features transparent for those who fall into the latter. Developers should also give users the choice to shut off social sharing entirely.
The last two are the no-brainers that everybody follows, but Mozilla is just covering their bases. Developers should always obtain consent when asking for location data as well as put links to their privacy policy in the app itself.
Mozilla’s privacy policy is just the first line of defense, but they go even further. If an app collects user data, it must have a privacy policy listed on the app page for it to even show up in the Marketplace. Mozilla also asks four questions of every app submission that must be answered truthfully:
Does your app communicate with you or anyone else in any way without express user consent? (Y/N)
Are all your app’s online communications encrypted? (Y/N)
Does your app use behavioral or location based advertising?(Y/N)
To use the core features of your app, do users need to log in or connect to an account or identity aside from a user’s Persona account? (Y/N)
Mozilla’s privacy policy for app developers is pretty fantastic, and other app distributors like Apple and Google should take notice. While the actual privacy policy will vary from app to app and feature long lines of scrolling text to cover all of their bases, developers would be wise to implement these simple guidelines into their own privacy policies.
Think of a world where our government, or any government for that matter, applied these same privacy guidelines to its citizens. We could have better cyber protection and a comprehensive digital bill of rights. While the U.S. keeps on talking about implementing a “Do Not Track” button, it will probably do little to actually protect your privacy online.
Do you like Mozilla’s privacy policy? Is there anything they can do to bolster it? Let us know in the comments.