Nearly a half million U.S. jobs have been created by demand for mobile applications, according to a recent study from TechNet. This figure – representing America’s ‘App Economy’ – is up from zero in 2007 – just five short years ago. Clearly, surging mobile application development is contributing substantially to economic growth, as well as encouraging new technology innovation that brings benefits for both businesses and consumers.
But – as with many new, unchartered and rapidly growing markets – there are good practices and there are not so good practices. Recently we’ve heard about a few of the latter – mobile applications that have come under fire for uploading users’ entire address books into their databases – specifically Path and then again with Hipster.
The practice of taking users’ address book data – automatically, without permission and without any notice – goes against everything our industry needs to do if we are to grow and succeed as a market. Further, as a creator of several mobile applications – that combined serve nearly 1.5 billion impressions per month – I find this practice not only unethical but also entirely unnecessary.
As mobile application developers, users trust us with personal and private information – including address books – on their smartphones and tablets. Since long-term success relies on users trusting our applications, it is imperative that we – as mobile software developers – do not breach that trust.
The app market is exploding. With new developers entering the fray daily, the appropriate protocol in regards to accessing a user’s address book in an application may be unclear to some just joining the game.
Below are three simple rules of thumb to follow:
#1. First and foremost, the user must know that the application is accessing their address book.
Applications must make it clear in the user interface that the application is accessing the address book.
If it is not clearly indicated in the UI that the application is, in fact, using the address book, the application must ask the user for permission before it accesses the data. By being transparent about what is going on, you give your users a choice.
An example would be to show an alert view to the user like the screenshot below.
#2 The use of the address book must provide value to the end user.
Applications should never access or store the user’s address book if they do not provide any value to the user.
That said, many applications can and do provide tremendous value by having access to this data – for example, enabling the ability to easily and seamlessly direct users to possible connections (i.e. helping users locate other friends that they have not yet added).
#3. Address book data should be protected before leaving the user’s device.
In the event the application needs to send address book data to a server, the data should be encrypted before it is transmitted and hashed (using md5, for example) before it is stored. Only storing hashes – and never raw numbers, anywhere – is a more than sufficient process when using the address book data to help users find friends.
The fallout from Path and Hipster clearly shows that users feel violated – and rightly so – when their private information is used without permission.
Most of us would agree that the address book can be used in mobile applications and bring value to the user. But developers need to be sure that their application is transparent about how and why that data is being used, showing respect for users’ trust and privacy.
Just as common standards are followed in the handling of credit card data, so, too, must software developers adhere to set standards before accessing any personal data from users’ mobile devices.
I’d welcome any comments to this post, and if you have any specific questions, I’ll do my best to respond.