Apps, Privacy and Your Data: BlackBerry Releases Privacy Guidance for Third-Party App Developers

Apps

Mike Brown

As technology continues to advance, vendors’ protection measures must also evolve so that customers remain protected from the security and privacy challenges created by innovation. At BlackBerry®, we implement layers of protection into every device and service to help ensure customers receive a unique level of security and privacy that they can depend upon every day. With malicious and privacy-infringing third-party apps increasing every year, BlackBerry is proactively developing and evaluating additional measures and techniques to provide comprehensive protection for customers and their data.

To discourage privacy-infringing apps, BlackBerry is releasing new privacy guidance for BlackBerry® World™ app developers that helps clarify what BlackBerry considers personal information and provides general guidance on how it should be protected.

If these new principles are applied, third-party app developers will not only help protect customers’ personally identifiable information (PII), but also enable their apps to remain listed in BlackBerry World. Given that the legal definition of PII can vary widely between legal jurisdictions, app developers bear final responsibility for meeting the contractual and statutory responsibilities to their app customers.

In general, anyone collecting, using or disclosing PII is expected to gain consent to do so from the person they are collecting information about, but privacy and data protection legislation may make an exception to this rule depending on the region, information or scenario involved.

While the samples of PII in the privacy guidance are not an exhaustive list or legal advice, when handling customers’ PII, BlackBerry recommends app developers use best practices, including:

  • Use the Principle of Least Permissions – Limiting Collection
  • Consider the Impact of Third-Party Code
  • Get Consents and Implement a Privacy Policy
  • Be Accountable
  • Be Transparent
  • Secure Your Customers’ Data
  • Empower Your Customers to Control Their Information

Providing additional guidance for third-party app developer adds another important layer to our comprehensive approach for addressing privacy implications and security concerns. Together, BlackBerry and app developers are helping to ensure sensitive customer data remains secure while providing the popular integrated experience that today’s innovative apps deliver customers.

Last February, as part of our anti-malware and privacy strategy, BlackBerry began providing two new types of customer notices that keep users both informed and protected from privacy and malware issues involving third-party apps in BlackBerry World. While we have not had an app that warrants a malware notice to date, we have released four privacy notices. Each notice performs three primary functions.

First, it informs customers that the privacy-infringing app(s) have been removed from BlackBerry World. Second, it provides customers information about how the app(s) collect and/or use their personal data, enabling customers to make an informed decision on whether or not to remove the app(s). Finally, it indicates that BlackBerry reached out to the app developer to work with them on fixing their app’s privacy-infringing issues in order to allow a fixed version of the app back into BlackBerry World.

Since PII data can contain specifics related to customers’ account details, unique device information, geolocations data and user-generated content, customers deserve to know what is collected, how it is used and stored, who can access it and with whom it may be shared. Our internal engineering efforts and privacy notices play an integral role in protecting that data and securing customers’ identities.

Read the full text of BlackBerry’s privacy guidance for third-party app developers by clicking here.

Please share your thoughts by leaving a comment below or joining the conversation on @BlackBerry4Biz

About Michael Brown

Mike leads the Security Product Management, Security Research and Assessment, and the Technical Security Response teams at BlackBerry. Mike focuses on understanding market needs for security, and understanding technical threats to the BlackBerry platform both for products in market and in development.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus