So einfach geht modernes Roaming fuer Notes und Nomad.pdf
Getting users to trust your Mobile Apps and Mobile Web sites
1. Janet A. Jaiswal, Mobile Product Management
Joanne Furtsch, Privacy Policy Architect
TRUSTe
October 28, 2010
Bringing Confidence to Mobile
TRUSTe Mobile Privacy Certification
2. Speakers
Janet A. Jaiswal, Director of Enterprise BU at TRUSTe
As the General Manager of the Enterprise Business Unit at TRUSTe,
Janet has responsibility for the Mobile Privacy Certification program.
She possesses more than a decade of experience building products in
the eCommerce and Internet space that specifically increase the trust
and safety of its users.
Her industry knowledge was formed from previous positions held at
eBay, Scient and PayPal where she was responsible for protecting
more than 110 million users worldwide. In addition to her numerous
publications, Janet blogs regularly on privacy and its rapidly growing
impact in the area of mobility.
Follow Janet at @JJaiswal_Mobile
Joanne Furtsch, Policy & Product Architect at TRUSTe
Joanne is a proven expert in online privacy practices, COPPA and
European Union Safe Harbor compliance. She has helped build
standards for many of TRUSTe’ certification programs. Joanne has also
served on the Advisory Committee to develop the Recommended
Practices on California Information-Sharing Disclosures and Privacy
Policy Statements for the California Office of Privacy Protection. She is
CIPP and CIPP/C certified.
3. • Mobile Industry Background
• Key risks w/ mobile expansion
• TRUSTe’ mobile certification program for privacy
• Mobile Resources
• Questions & Answers
• Copy of this presentation will be made available
• Special offer for webinar attendees only at the end
Agenda
4. The smartphone market has entered a new phase
1
6
5
4
3
2
6 Trends Shaping the App Market in 2010
Increased absolute market growth
Companies are getting there
Smartphone shipments remain key market driver
Omnipresence of Android
Apple’s competitors increased market share
Slow down of price decline
Source: research2guidance global developer survey
5. The mobile apps vs. mobile web battle continues
80% of companies were planning or had already
deployed a mobile website.
8% of respondents were interested in applications.
-Adobe’s “Scene7 Rich Mobile Commerce Survey” Jul. ‘10
Apple’s iTunes Store
has approx. 300,000
apps
Google’s Android
marketplace has
approx. 100,000 apps
2009 (full year) 2010 (1H)
App Market Revenue $1.7 B US $2.2 B US
No. of Apps Downloaded 3.1 B 3.9 B
Source: Research2guidance
6. Mobile usage and mobile commerce is
experiencing tremendous growth
7. On any given day, 57.8 million Americans
consumers access the web via mobile devices.
82% of adults are cell phone users & 35% of US
adults with cell phones have apps.
-The Pew Internet Project Survey (Feb’10)
8. 15% of consumers have made purchases with a
mobile device.
-AT&T’s Sterling Commerce & Demandware, Inc
9. US mobile commerce sales will be $2.4 Billion in
2010 (100% growth YOY) and $119 Billion by 2015
(total ecommerce in the US in 2010 is $132 Billion)
-ABI Research
19. 66% of US consumers are not comfortable with
using their mobile device for financial transactions.
– KMPG (2009)
20. 55% of Smartphone users fear loss of privacy
through mobile apps w/ geo-location services.
-Webroot (Jul. ‘10)
21. 52% of mobile users are “very or extremely
concerned” about loss of privacy from using
location-aware mobile apps.
-Poynter Online (Jul. ’10)
22. 71% of consumers look for trust seals before doing
business online.
-Yankee Group (Feb’09)
23. Mobile privacy issues
• Exploding mobile
application use
• High consumer privacy
concerns
• Unique privacy issues:
– Use of geo-location technology
– High potential for intrusive
marketing (think geo-location +
advertising)
– Increasing “Social” experience
– Sensitive data is highly “mobile”
– Extends internet privacy concerns
on advertising and analytics
• Form factor constraints
typical presentation of
privacy policy and choices
8%
44%
69%
73%
0% 50% 100%
I have no data privacy/security
concern
Receiving unsolicited
promotional material
The potential for credit card
information to be intercepted by
an unauthorized party
The threat of unauthorized
parties accessing PII
When using a mobile device, which of the
following concerns do you have about data
privacy/security?
Source: KPMG Mobile Banking Survey 2009.
Scope: Global, 4190 mobile device users
24. Recent privacy breaches
1 Study by Eric Smith, Asst. Director of Info. Security & Networking at Bucknell University in Lewisburg, PA, Oct 1, 2010
2 TaintDroid study by researchers from Duke University, Penn State University, and Intel Labs on September 30, 2010
iPhone Apps Sending Out Devices' Serial
Numbers, Log-In ID 1
A study of 57 of the most popular iPhone apps found
that 68% transmitted the devices' unique serial
numbers to remote servers owned by either the
developer or an advertiser. Furthermore, many
applications -- including Amazon, Facebook and
Twitter -- also collected users' log-in data.
25. Recent privacy breaches
1 Study by Eric Smith, Asst. Director of Info. Security & Networking at Bucknell University in Lewisburg, PA, Oct 1, 2010
2 TaintDroid study by researchers from Duke University, Penn State University, and Intel Labs on September 30, 2010
Some Android apps were caught covertly sending
GPS data to advertisers 2
• A study tested 30 popular free Android applications and
found that half were sending private information to
advertising servers, including the user's location and
phone number.
• In some cases, the apps were relaying GPS
coordinates to remote advertising network servers as
frequently as every 30 seconds, even when not
displaying advertisements.
26. Another privacy breach: Facebook & 3rd party apps
What happened?
October 18th, The Wall Street Journal found that many of the most popular
applications, or "apps," on Facebook have been transmitting identifying
information—providing access to people's names and, in some cases, their
friends' names—to dozens of advertising and Internet tracking companies”
Who was involved?
• The Journal examined the 10 most popular apps on Facebook include
Zynga’s FarmVille, Texas HoldEm Poker and FrontierVille.
• Three of the top 10 apps also have been transmitting personal information
about a user's friends to outside companies.
• In all, 12 companies were involved in the most recent shut down
• 10s of millions of users were affected
What was the result?
•LOLapps Media Inc. was shut down suddenly and unexpectedly by
Facebook as the Journal found them to be transmitting user IDs.
•Facebook made several other apps unavailable.
27. Example of a privacy issue: Use of geo-location
• Many mobile devices sold today are capable of
pinpointing users within 30 feet of their actual
location. Location-aware apps can:
– Bring discounts and promotions directly to users
at the point of purchase
– Provide valuable, real-time data about customer
preferences.
– Help Marketers to target offers and advertisements through increased
relevance, accuracy, and timeliness.
• Company benefits: This data, in aggregate, is used to provide
data on key market trends, or integrated into a customer profile to
provide a more personalized experience.
• Consumer benefits: Gains access to information that can be
instantly relevant to a purchasing decision including location-
specific discounts and services
28. Example best practices
Provide users with transparency and remain accountable
– Use clear messaging re: use of location data
– Secure this data through encryption etc.
– Ensure adequate consumer redress mechanisms for those who want to remove
their location data
Provide users with choice (i.e. ask users permission to use their
location information before you collect it)
– Meaningful choice is when consumers understand the implications of sharing
their data.
Have a privacy trust mark– Users will reward companies who
make strong commitments to their privacy
– Users recognize established trust marks (like TRUSTe) means a company has
undergone rigorous vetting by an independent 3rd party
Trust
# of downloads
# of registrations
# and purchase amount
30. • Extension of TRUSTe’s Privacy Certification
for Mobile Web and Mobile Applications
– Offers consumers the same privacy
commitment as web site certification
– Express consent required for the collection
and use of geo-location data
• Features unique and accessible Layered
Short Privacy Notice
– Calls out most significant privacy concerns
for enhanced consumer transparency and
access
TRUSTe Mobile Certification for Privacy
31. • All key platforms are supported
• Certification Deliverables:
– Mobile App and/or Mobile Web Certification
– Short Notice with Layered Privacy Policy
– Unified policy for mobile and PC web site
– Dispute Resolution / Consumer Feedback system
– Small Device-Optimized
• TRUSTe seal
• Validation page
• Dispute Resolution
– Listing in TRUSTe Mobile Certification Directory
TRUSTe Mobile Certification for Privacy
32. Mobile Certification Benefits
• Business value proposition
– Address consumer privacy concerns
– Convey privacy commitment
– Enjoy download and registration lift
– More easily deliver privacy information
and choices on space constrained
device
– Part of comprehensive and unified
privacy program
START PAGE W/ APP
CERTIFICATION SEAL EXAMPLE
33. Key Element: New Layered Short Privacy Notice
• User Benefits
– Improves transparency
– Icons for increased
understanding and
access
– Empowers consumers
to make informed
decisions
• Expected Results
– Increased Trust
– Higher Downloads
– Greater Consumer
Engagement
– Improved Compliance
Link to Interactive Example: www.truste.com/mobile
LAYERED PRIVACY POLICY
DETAILED PRIVACY POLICY
PAGE: Location Services
DETAILED PRIVACY
POLICY PAGE: Tracking & Ads
34. Form-Factor Optimized Dispute Resolution
CERTIFICATION
VALIDATION PAGE
DISPUTE RESOLUTION PAGE
FOR CONSUMERS TO
PROVIDE FEEDBACK
39. Key Takeaways
• More and more users are becoming mobile: Demand for a mobile
presence will become more and more critical to business success
• Given the crowded app marketplace, the high cost and resources
investment involved, do not risk user distrust & associated backlash.
Instead:
– Convey privacy commitment which will increase user engagement, registration
and download rates
– Differentiate your app based on user trust
– Avoid getting into trouble re: user privacy
• Mobile privacy certification is especially critical if a mobile app or web
utilizes any of the following:
• Geo-location
• Advertising especially if combined with geo location or behavior
• Social media technologies (i.e. sign in with your Facebook account ID)
• Collection of Personally Identifiable Information (PII)
40. Why TRUSTe’s Mobile Privacy Certification Program?
Privacy Expertise
Only Mobile privacy
certification provider
100% privacy-focused
since 1997
Comprehensive privacy
services
• Mobile
• Advertising
• Downloadable software
• eMail
• Lead Generation Forms
• Service platforms
• Web site
Most Recognized
Privacy Trustmark
Leading Customers:
>40% of the Top 50 most
trafficked websites;
13 of Fortune 100
Brand Awareness:
More than 1 in 3
consumers report having
seen the TRUSTe seal
Results:
Average of 5 – 20+% uplift
for customers
Customer Service
Dedicated Client
Services Manager
(CSM) for each account
CIPP-certified CSMs
(Certified Info. Privacy
Professional)
Online Account Access
Ongoing advice on all
things privacy
Privacy library access
41. Special Offer for Today’s Webinar Attendees
• 10% discount for anyone that
signs up for a Mobile App or
Mobile Web certification by
November 30th
• Must mention code: 1028JJ
42. • Interactive short notice demo & mobile program information:
www.Truste.com/Mobile
• White Papers: Mobile Privacy and Location & Privacy
• Blogs series on mobile and privacy (http://www.truste.com/blog/?cat=114)
1. Overview of the mobile space & privacy
2. Privacy implications on the use of location technology
3. Mobile app vs. mobile web
4. Incorporating privacy into good design
5. Mobile commerce plan that addresses consumer privacy concerns
6. Using advertising successfully requires paying attention to privacy issues
7. Using social networking technologies successfully on mobile while navigating
privacy issues (coming soon!)
• Chetan Sharma, GigaOm Pro Analyst: Blog on Privacy as a
Competitive Advantage in Mobile
Mobile Privacy Resources
43. Questions and Answers
Don’t forget to fill out the survey
Janet A. Jaiswal
Director & Mobile Product Manager
jjaiswal@truste.com
Twitter: JJaiswal_Mobile
Access Resources at
www.truste.com/mobile
Survey at the end of the webinar include a drawing for an itunes giftcard
According to Ralf Jahns of Resarch2Guidance
1. Increased market growth: The pace at which the market is growing has accelerated again. Combined download numbers as well as revenue of all major application stores reached 2009 levels in only five months. App revenue for 2010, which will almost triple in relation to 2009 figures, is set to reach almost $US5bn.
2. Deceleration of price decline: During the first two years until the end of 2009 the average price of an application dropped from US$20 to almost US$4. The first half of 2010 saw this erosion almost halted. At the same time this trend is accompanied by major price movements within app stores which demonstrate price increases of as much as +30%, and similarly declines as steep as -30%. This might indicate greater market transparency and simpler arbitrage processes.
3. Apple’s competitors increased their market share: Not surprisingly the sheer volume of new competitors had an impact on the market dominance of Apple in the applications business. In 2010 developers and smartphone users started to focus on platforms alternative to Apple, who lost almost 10% of market share in the first half of 2010.
4. Omnipresence of Android: At the end of 2009 only six devices used the Andoid operating system. During the first six months of 2010, however, smartphone device manufacturers released a new Android device every 2-3 days. In 2010 the number of smartphone models using an Android system overtook the number with other OS platforms like Windows and Symbian for the first time since the launch of the Apple App Store in 2008.
5. Smartphone shipments remain the main market driver: The shipment of smartphones has already reached almost 30% in some industrialized countries. Furthermore the number of smartphones shipped in the first HY 2010 was already 70% of that reached throughout 2009. All of these smartphones provide easy access to application stores, and this in turn drives application download numbers.
6. Companies are getting in on the act: By the end of 2009 less than 10% of global companies had a presence in one or more app stores. The latest analysis shows that over the last few months the activity levels of major brands has increased. In addition to branding, companies are also increasingly using applications to link to their core products or to build transaction business.
The app market is growing
so is the # of mobile websites including revenue from mobile web
Great debate: Mobile App or Mobile Web? “With mobile usage exploding, it may not matter but you have to be in at least one.”
Now its about 45% of us adults with smart phones (those that have apps)
Number of devices forecast to be shipped with GPS in Q4 2011:318 million or 80% of all shipments by Wireless Week
Most consumers’ mobile security & privacy concerns are related to providing PII & the financial transaction itself.
Examples: sign up for a newsletter, complete a form, make a purchase etc.
· Growing use of GPS / geo-location based services; Location makes features on mobile devices & advertising more relevant
· Advertising - - primary way to support free or low cost mobile apps which are the majority of apps available; some use behavioral advertising
· Social networking technologies enhance mobile users’ experience (upload your Facebook address book)
. Your rich bank of personal data goes everywhere you go
. User tracking / mobile analytics and its tie to the mobile device which is a unique identifier of a person
· Marketing to children under the age of 13 (same as PC web site)
· Concerns are partially due to newness mobile technology but many are new
Does a game developer really need to know where you live?
--------------------------
October 1st. Apple makes the Unique Device ID (UDID) available to all app developers; The intended role of the UDID as a unique token to remotely store local application preferences is a convenient tool for programmers (example: store the scores & last level completed for a player so when they return, they can pick up from where they left off)
However, the potential for the abuse of privacy is remarkably high. For example, some of these developers do NOT encrypt this information during transmission
Users have very little control over who has access to their UDID. Our position is that we want to protect our clients and ensure that such type of data is collected, strored and transmitted as safely as possible. Any tie of UDID to profile data from Facebook, for example is a ticking time bomb. We help make sure that if this is done, it in line with industry best practices and compliance with privacy rules and regulations.
------------------
Another study whose results published on 9/30/10 found:
Google too has from time to time disabled applications in response to knowledge about privacy invasions
--------------------------------------
While there was no assertion or admission of wrong doing, these findings raise concern about the extent to which mobile platforms can insulate users from unwanted invasions of privacy.
Bottom line, most companies don’t want to be in the news for this reason which is why its in company’s best interest to seek out an expert when it comes to these matters rather than going it alone and hoping for the best.
Does a game developer really need to know where you live?
--------------------------
October 1st. Apple makes the Unique Device ID (UDID) available to all app developers; The intended role of the UDID as a unique token to remotely store local application preferences is a convenient tool for programmers (example: store the scores & last level completed for a player so when they return, they can pick up from where they left off)
However, the potential for the abuse of privacy is remarkably high. For example, some of these developers do NOT encrypt this information during transmission
Users have very little control over who has access to their UDID. Our position is that we want to protect our clients and ensure that such type of data is collected, strored and transmitted as safely as possible. Any tie of UDID to profile data from Facebook, for example is a ticking time bomb. We help make sure that if this is done, it in line with industry best practices and compliance with privacy rules and regulations.
------------------
Another study whose results published on 9/30/10 found:
Google too has from time to time disabled applications in response to knowledge about privacy invasions
--------------------------------------
While there was no assertion or admission of wrong doing, these findings raise concern about the extent to which mobile platforms can insulate users from unwanted invasions of privacy.
Bottom line, most companies don’t want to be in the news for this reason which is why its in company’s best interest to seek out an expert when it comes to these matters rather than going it alone and hoping for the best.
DO YOU WANT THIS TO HAPPEN TO YOUR COMPANY?
The issue was with an app or a browser in which the referrer URLs were including Facebook IDs inadvertently
BTW-anyone can use an ID number to look up a person's name, using a standard Web browser, even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with "everyone," including age, residence, occupation and photos.
-------------------------------------
This past spring, the Journal found that Facebook was transmitting the ID numbers to advertising companies, under some circumstances, when a user clicked on an ad. Facebook subsequently discontinued the practice.
In summary
TRUSTe mark can be placed on web site and mobile application stores to drive increased downloads
Many TRUSTe clients have mobile apps & mobile web and are extending the TRUSTe trust mark
TRUSTe pages are optimized device regardless Smartphone, Feature (low resolution) phone, a Notebook or a Personal Computer
Best practice: Provide access to privacy policy usually through About, More or Settings page
Privacy-sensitive app; best practice is to provide info about info gathering and sharing upfront (home page)
Companies that are interested should sign up before 11/30/10 to get the special rate