The Information Commissioner's Office (ICO) has warned developers that protecting app data is of paramount importance.


f you mentioned the word `app' six years ago to anyone in the IT industry, they would have perhaps blankly shrugged their shoulders or starting discussing the merits of Adjusted Peak Performance on 64-bit microprocessors. Today, however, the word is synonymous with `software applications' and is familiar to almost anyone using a smartphone, tablet or Windows 8 computer.

And now the ICO has issued a warning that app developers need to abide by the Data Protection Act (DPA) rules.

Simon Rice, the ICO's Group Manager for Technology, today warned that app developers should ensure they do not misuse customers' data, noting that almost half of all apps users have opted not to download an app owing to privacy concerns.

Writing in his ‘Appy Christmas' guidance blog, he says that over 328 million apps were downloaded on Christmas Day alone and adds that the ICO expects this figure to increase dramatically, with new tablets and smartphones being so high on many people's Christmas lists.

Industry observers actually see this as a positive observation, as it means that app users are starting get savvy about their personal data, or as Rice puts it: "while people are happy to part with their money for the latest mobile game or social networking app, they aren't so keen to part with their personal data."

Citing a YouGov survey, commissioned by the data regulator earlier this month, the ICO's Group Manager says that 62 percent of people who have downloaded an app are concerned about the way apps use personal information, with 49 percent of app users having chosen not to download an app because of privacy concerns.

"This means that app developers are potentially losing over half of their market or risk pushing away nearly two-thirds of their hard won app users, typically because they're either not being clear how personal information is being used, or because personal information is being used in a manner they disagree with," Brice explained.

Reaction to the `guidance' from the ICO has been mixed. Garry Partington, founder and CEO of Apadmi, the Manchester-based mobile app developer, said that app developers potentially face lost sales and customer backlash - if they are not transparent about what data they collect through their apps and how this will be used.

"It does make sense for some apps to have access to certain elements of data, but in a lot of cases there is absolutely no need for apps to collect masses of private user information,” he said to SCMagazineUK.com.

“Companies doing this are really damaging the reputation of credible developers who want to cultivate meaningful experiences for their customers," he continued, adding that you only have to look at recent stories like the Brightest Flashlight app to see how harmful this kind of behaviour is.

In that saga, one of Android's most highly rated apps - Brightest Flashlight Free - was earlier this month found to have been sharing user location and ID data without their consent. The firm behind the app, Goldenshores Technologies, ended up settling with the US equivalent of Ofcom, the FTC, and had to delete all user data it had collated.

Apadmi's Partington said that, unfortunately, the data protection issue isn't a problem that is just limited to apps.

"As more connected devices come into the market, the opportunity to collect personal data is increasing - smart TVs have also been in the spotlight for possibly sending data on viewing habits and from the devices connected to the TV. So this is a massive issue that needs to be addressed,” he explained.

“As an app developer, we advise our customers to only access the information that they need, and make it very clear to the end user what information is being collected and how this will be used," he noted.

Over at security vendor Axway, John Thielens, the firm's CSO, said that the ICO's analysis shows once again that security is the main factor putting the brakes on technology advancement and adoption.

"Transparency is the be all and end all for consumers when it comes to their personal information. They need to know exactly where their data is, who is accessing it and what they are doing with it - or the app industry risks being derailed," he said, adding that apps are not just for consumers.

"We're seeing a big rise in demand for apps for the enterprise. The bring-your-own-device (BYOD) movement, combined with the dominance of smartphones and tablets, means employees, partners and customers alike want to access information anytime, anywhere. In this scenario, the security burden is heavily weighted on the business," he noted.

“With their necks on the line, businesses need to take on granular data governance throughout an organisation. Application Programming Interfaces (APIs) form the foundation of any app development, and it is API management that puts businesses back in the driving seat when it comes to controlling the flow of data beyond the enterprise edge.”