Developers and business owners know that privacy and security are important to users, but sometimes fail to remember just how important. The latest press around WhatsApp, the mobile messaging tool, serves as a good reminder. Authorities are saying that WhatsApp violates international privacy laws because it requires all users to give up their contact lists. According to Zack Whittaker of CBS News:
“The Office of the Privacy Commissioner of Canada and the Dutch Data Protection Authority announced on Monday their findings for what they called a ‘collaborative investigation into the handling of personal information’ by the California-based company.
WhatsApp — available on Apple’s iPhone, Android devices and BlackBerry smartphones — provides a free service to rival text messaging, and sends more than 1 billion messages to users around the world every day.
In a statement, the agencies concluded that the application violated privacy laws in both the Netherlands and Canada because users had to provide access to all of their phone book contacts, including users and non-users of the application.
‘The investigation revealed that users of WhatsApp — apart from iPhone users who have iOS 6 software — do not have a choice to use the app without granting access to their entire address book. The address book contains phone numbers of both users and non-users,’ Jacob Johnstamm, chairman of the Dutch Data Protection Authority, said in a statement.”
Both users and nonusers should have control over their personal data on the application they use. Anyone accessing the app should get a permission request that allows the user to decide what they wish to share with the application. Even permission requests themselves can be harmful to an app. Don’t use permission requests unless what you’re requesting truly enhances the app’s functionality. Security testing can also help mitigate these privacy concerns. By testing and patching your app for security vulnerabilities, you can show your users that you take their privacy seriously.
The moral of the story is – users don’t like to give up their private information – and apps that wrongly collect or require user information are sure to hurt their business and brand image.
For more resources on security testing, click here.