User Data security

User Privacy is a priority while developing a mobile phone App. This is, in fact an important parameter that determines the popularity of an App and thereby its market and eventually the success of its development. An app that respect privacy of its users while maintaining sensitive data and documents is sure to find a place among the favorites. On the other hand, an app, however massive or useful it might be will soon be deleted if it does maintain desirable user privacy. The following excerpts are from Apple’s Guidelines for maintaining user privacy in i-os application.

Protection of User Data

User data must be secured and protected. User data must be encrypted using on disk encryption to store them locally. Data should be always stored in encrypted format. While sending user data over the network, using HTTPs is a good practice. Many developers hold on to designing apps that request unnecessary or more data than required to accomplish a given task. This practice is unproductive as data can be vulnerable. This also creates an unnecessary dissension for the user. Minimum amount of data should be requested from users. Also, options should be provided to users to control and access data. Adequate setting should be provided to disable access to sensitive information. If the app supports audio and recording facilities, recording should be put into user control. System alert must be provided while recording and user must be given complete authority to control it.

Maintaining Transparency

While seeking data from the user, it it essential to provide information why the data is needed. This transparent behavior of an App makes it convenient for users. If the user does not grant access to particular information, proper reason of failure of execution should be provided.

Following Government Guidelines

As user data can be accessed only with his or her consent, legal implications are imposed by Governments in many countries in using user information. Therefore, while developing an app, information security guidelines from government and industry sources must be followed.