California Attorney General Issues Privacy Guidelines for Mobile App Developers

The 22-page report recommends using small icons or pop-ups to inform consumers how the developer will use the information, among other things.

by / January 10, 2013

California Attorney General Kamala Harris today issued consumer privacy guidelines for mobile application developers.

The 22-page report, called Privacy on the Go: Recommendations for the Mobile Ecosystem, has suggestions for app developers to show consumers the required privacy policy; for example, the report recommends using small icons or pop-ups to inform consumers how the developer will use the information.

Attorney General Kamala D. Harris. Photo courtesy of the California Office of the Attorney General.

“Today, 85 percent of American adults own a cell phone and over half of them use their phones to access the Internet. The mobile app marketplace is also booming with more than 1,600 new mobile apps being introduced every day. These apps allow us to do everything from streaming movies to hailing a cab to viewing our own X-ray and ultrasound images,” said Harris in the report. “Along with the many wonderful capabilities these apps offer, we remain mindful that the mobile environment also poses uncharted privacy challenges.”

The report was criticized by representatives of Internet and media associations for not adequately getting input for the report from companies and consumers.

“We are disappointed that the California Attorney General would finalize a recommendation on such an important issue based on such limited engagement with the companies that will be expected to put them into practice,” said Mike Zaneis, Senior Vice President for Public Policy at the Interactive Advertising Bureau, in a statement.

The office engaged a “broad spectrum” of stakeholders to arrive at the recommendations, according to the report.

Last year after creating the Privacy Enforcement and Protection Unit within the state Department of Justice, Harris forged an agreement with Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft and Research in Motion to display app privacy policies that users could easily review before downloading apps.

In October, the Attorney General began to formally notify application developers and companies that have been accused violating California privacy law. The office then filed a privacy lawsuit against Delta Airlines in December for allegedly violating California’s privacy laws by failing to conspicuously post a privacy policy related to the airline’s mobile app that collects user data, including GPS data, Delta SkyMiles account number and flight information, passport number, and credit card number and expiration date.

From the Attorney General’s report, recommendations include:

For App Developers

  • Start with a data checklist to review the personally identifiable data your app cold collect and use it to make decisions on your privacy practices.
  • Avoid or limit collecting personally identifiable data not needed for you app’s basic functionality.
  • Develop a privacy policy that is clear, accurate, and conspicuously accessible to users and potential users.
  • Use enhanced measures – “special notices” or the combination of a short privacy statement and privacy controls – to draw users’ attention to data practices that may be unexpected and to enable them to make meaningful choices.

For App Platform Providers

  • Make app privacy policies accessible from the app platform so that they may be reviewed before a user downloads an app.
  • Use the platform to education users on mobile privacy.

For Mobile Ad Networks

  • Avoid using out-of-app ads that are delivered by modifying browser settings or placing icons on the mobile desktop.
  • Have a privacy policy and provide it to the app developers who will enable the delivery of targeted ads through your network.
  • Move away from the use of interchangeable device-specific or temporary device identifiers.

For Operating System Developers

  • Develop global privacy settings that allow users to control the data and device features accessible to apps.

For Mobile Carriers

  • Leverage your ongoing relationship with mobile customers to educate them on mobile privacy and particularly on children’s privacy.

This story was originally published on

Main image courtesy of

Amy Stewart Staff Writer,

Amy Stewart is a staff writer with, a publication dedicated to the public-sector technology industry in California.