author Marlee Hirson, Wednesday December 2, 2015

User privacy will often be the first hesitation a student, or anyone for that matter, has prior to downloading a mobile app. Almost all generic mobile safety apps will require the user to input information such as their name, personal phone number, email address, mailing address, etc. AppArmor, however, does not.

Nevertheless, we’ve gotten many questions from users of our custom mobile safety apps about why permissions are required and what data is collected. So we thought we’d go into more detail about the topic of app permissions.

The Bare Minimum

All apps require some basic level of identification but it doesn’t need to be “personal”. That is, no personally identifiable information (name, email, phone number, etc) is taken without consent. In the case of AppArmor, it’s not taken at all.

The generic device ID is the only thing that is collected, so that the app download can be associated with the user’s GooglePlay/AppStore/Blackberry World account. In order to receive push notifications, the user has to agree to their operating system’s permissions, not ours. Generally speaking, any prompts around permissions are set by the Operating Systems.

Location Tracking Permissions

Location tracking is a feature that is available to all of our partner institutions. It’s a powerful way to ensure a users’ safety remotely using geo-location technology. The nature of the feature though requires information from the user.

However, the app is only tracking the user when it’s activated by the user. In other words, the app is only tracking a user when the user purposely triggers it. During all other situations, we are not monitoring users. Further, the default setting is to not collect any truly personal data; we can identify the user’s location, but not who they are. Institutions have the choice of collecting that data or not.

Personal Media Privacy

Many of our custom safety apps have a “report suspicious activity” or “report a tip” feature which allows users to take a picture of suspicious activity and send the photo to campus security or police. A common concern from users is that the app has access to their personal photo library on their phone. While it’s worded that way, this is not truly the case. 

The app will only access the storage capability of the device for the purposes of attaching the photo to a message to send to emergency services; otherwise there is no access to storage. Generally speaking, the app isn’t able to do anything unless the user is explicitly trying to use a feature which requires a permission-based service.

User Consent Trumps All

To that end, our mobile safety apps have no access to any data without user consent. As well, no user information is stored, so you can rest assured that the privacy of your school’s users remains secure. It is up to the users if they wish to share their location with campus police or security, receive push notifications, and send photos of suspicious behaviour to campus security or more. The user is the ruler.

What feedback have you gotten from your users about permissions? What have you done to educate your user base? If you have any questions about the privacy conditions of your mobile safety app, feel free to contact us.