ABSTRACT: Mobile apps have changed people's lives. Thanks to them, new ways of doing business have been created, meeting the love of your life, learning a new language, or editing photos in an almost professional way. The mobile app market is colossal, with a total volume of 194 billion downloads in 2018 and a combined user spend on the app store in the same period that exceeded $ 101 billion. Apps give users the possibility of learning or receiving information, so guaranteeing access to quality applications is directly linked to the right to freely communicate and receive truthful information enshrined in most constitutions. On the other hand, the automated collection of personal data through applications demands special attention from developers who must comply with increasingly strict data protection regulations, ensuring more transparency in the treatment and greater control of users over their data.
KEYWORDS: Data Protection, App Development, Privacy Policies, Terms and Conditions, iOS, Android.
Index
1. What is a mobile app?
2. Tools for developing apps
3. Access to permissions and background executions
4. Proceedings related to IP and Trademarks
5. Legal protection of apps
6. Pre-development agreements
7. Policy compliance in app stores
8. Privacy Policies
9. Application of Legal Design
10. Terms and Conditions
11. Other complementary policies
12. Google's dominant position
13. Regulation
14. References
"Pacta sunt servanda" is an old Latin expression that means that an agreement is a law between the parties.
If in Ancient Rome it was enough with the word to give rise to a contract, in our Contemporary Era it is enough to install and open an app to be subject to a contract.
In these modern times when we live through the screen of a mobile phone, the code is the law between the parties.
Something like "Apps Sunt Servanda".
Mobile applications govern most of the activities we carry out on a day-to-day basis: how we consume information, how we interact with our family members, and even what we can eat (which will depend on the locations registered in your zip code).
But what are these little icons that we have on the screen of our devices and they know more and more information about us?
What is a mobile app?
A mobile application or app is a computer program that runs within an operating system on a mobile device, whether on a phone, tablet, or smartwatch.
Apps are a series of codes that are written using various tools and interfaces and depending on the programming language used, they are structured differently.
For example, native iOS apps use the Swift programming language (replacing the old Objective-C) and are developed in the IDE (Integrated Development Environment) called Xcode. While most of the applications for Android are programmed in Java and Kotlin, the latter called to replace its predecessor, and are developed in Android Studio.
By the end of 2019, Android users had the choice of 2.90 million apps, making Google Play the app store with the largest number of apps available. Apple's App Store is the second-largest app store in the world with 1.8 million apps available for iOS.
Tools for developing apps
Developers have at their disposal several tools for creating apps: APIs, frameworks, IDE, SDK, and libraries.
APIs provide a set of functions and procedures that allow interacting with a specific platform. In turn, the SDKs and Frameworks incorporate all the necessary tools to program, develop, and test the applications. Frameworks offer a more complete development environment, while SDKs are more aimed at developing exclusive applications for an operating system.
Apart from tools for application development, some APIs and SDKs include functionalities that complement the apps with additional elements. They can incorporate different characteristics to the application, such as:
• Show ads (Admob, Chartboost, FAN, Appbrain, etc.);
• Send push notifications (Onesignal);
• Usage tracking and analysis (Firebase, Appsflyer, Flurry, MOAT);
• Geo-location (Google Maps, MapKit);
• Allow users to pay for products (Google Play In-App Billing, iOS In-App Purchase, Paypal SDK);
• Integration of social networks (Twitter, Facebook)
• Analyze any problems or errors (Crashlytics);
• Manage health and physical activity data (HealthKit, CareKit).
It is important to note that the SDKs and APIs collect personal data in an automated way.
Although this data is usually anonymous, it might include IP addresses, the country where the user is located, manufacturer of the device used, version of the OS, age, gender, or time of use of the application.
To use these tools, you will need to register an account with the kit developer that will allow you to manage the functions and manage the information. Access to app store platforms, SDKs, and other built-in plugins should be controlled, as these can collect information about users and could mean a significant data leak for developers.
The GDPR requires a proactive responsibility on the part of those responsible for the data management and this should translate into an increase in effective security measures and access control to the different databases and dashboards.
We cannot forget that we must specify in our privacy policy which SDKs are integrated into our app. These companies are third parties that intervene in the processing of personal data and must be indicated in order to comply with the principle of transparency in the data processing.
Image by Firmbee from Pixabay
Access to permissions and background executions
Developers must respect access to devise permissions and only require permissions that are necessary for the fulfillment of the functions of the application, insofar as these are required by the user.
It is not proportional to request permission to access the geo-location of the device if a necessary use is not foreseen for said access, which must be linked to a specific functionality previously accepted by the user.
For no reason is it justifiable to run in the background, for example, the camera or the microphone if the application is not in use or the user is not aware. We must limit disproportionate access to device permissions in applications running in the background.
Proceedings related to IP and Trademarks
Before investing any amount of money in the design, layout, or development of the app, we must be sure that our idea does not infringe the industrial or intellectual property rights of third parties.
This includes trade names, logos, trademarks, or other distinctive signs that could be linked to our idea and that could affect industrial property registrations.
Cases are common in which a developer publishes an app in one of the stores and is later withdrawn for using the same name as a registered trademark.
Not only the holders of industrial property registrations could request the withdrawal of an app for infringing acquired rights, but also those who plagiarize descriptions (short or complete), screenshots, promotional videos, or any other element in the store's file.
We should start our search for trade names and trademarks in the app stores where we want to publish. It is the first step to know if our name is already being used by another application.
Try to create an original name, icon, logos, and graphic designs for your app, which does not match a trade name or trademark already registered.
Image by Firmbee from Pixabay
To acquire greater protection and limit the use of your distinctive signs by third parties, you can choose to register the name, logo, or icon of your application as a trademark in the Spanish Patent and Trademark Office (OEPM).
Legal protection of apps
It is important to note that apps cannot be patented.
You cannot create a social network like Pinterest or a photo editor like Snapseed and prevent others from developing similar apps.
Apps are computer programs made up of lines of code written in the programming language used depending on the computer system and the development platform.
The legal protection of the code is configured with the generating event enshrined in the Law on Intellectual Property, which establishes that the intellectual property of work corresponds to the author by the sole fact of its creation.
As it is a text written by a programmer (what is known as source code or source code), it falls within the scope of copyright protection, and therefore, as it lacks registration, the right originates at the time of creating the code.
The same law establishes that computer programs are the object of intellectual property.
This protection extends to the programs of mobile devices since the mobility or not of the device where the program is executed does not delimit the scope of the protection.
In addition, it enjoys international protection that applies to citizens from the signatory countries of the Berne Convention.
Pre-development agreements.
In application development, several actors can intervene depending on who develops the app.
Unless it is a company dedicated to developing apps, it is normal to hire the services of an external programming company for the specific development of the project.
We are going to focus on the outsourced development of apps, carried out by designers, programmers and third parties hired to develop the design, layout, UX / UI, programming, and/or distribution of the application.
We do not advise you to present your idea to people with the capacity to develop it without first having legal protection in the form of a confidentiality agreement or NDA (for its acronym in English).
A confidentiality agreement would limit the ability of third parties involved in the development of the project to act and would prohibit the use of the information shared by the parties.
Nor is it necessary to sign a confidentiality agreement with all the people who participate in the previous processes.
If you hire the design of a logo, icon, or web page, you should tell the designer what the function of your app is or talk about your project so that he can capture the personality in the design. Furthermore, most investors are reluctant to sign a confidentiality agreement just to listen to a proposal, so it is not advisable to condition them on signing an NDA if you are seeking financing for your project.
If you are completely sure of carrying out your idea and want to present your project to unknown third parties for its execution, you should know some of the agreements that can be developed in the previous stages or during the development process:
• Confidentiality Agreement:
- Sign NDA with the layout designer (UX) and programmers
- It is not necessary for the front of family members or investors who want to know about your project.
• Software Development Agreement:
- It is important to ensure in the agreement that the programmer gives up, without the possibility of claiming, all the rights related to the creation of the code.
• Other agreements that are derived from the SDA (for its acronym in English):
- Upgrade Contract (to integrate new functions)
- Maintenance Contract (to correct post-launch errors)
- A confidentiality clause is usually included in SDAs.
- Layout Contract (Wireframe)
• Wireframes detail screen by screen, icon by icon, all the elements that make up the application, and how they are integrated into the user interface.
• UI Design Contract
- UI is the acronym for User Interface, which is the set of graphic elements that make up the application. These are the fonts, colors, designs, icons, and styles that make up the graphical user interface.
• Register elements such as the icon, logo, or name as a brand, thus limiting other developers from using these designs in their app.
Policy compliance in app stores
You already have an application developed, now it is necessary to publish it to make it available to users through the official application stores such as Google Play for Android and the App Store for iOS.
It is extremely important to know all the policies and guidelines for the developers of both stores.
If you violate one of the developer policies, you will receive a notification to resolve the issue.
When the infractions are repeated or serious (fraud, malicious apps, etc.) they will proceed to delete the developer's account and associated applications, without the possibility of appealing the decision.
Infractions can be varied and depending on the type, they could be amended.
Among the infractions that may lead to the removal of an app from the store is the use of graphic elements or trademarks owned by third parties; use of illegal download and review services; do not specify if the app is aimed at minors or if it shows intrusive or disproportionate ads.
Some of the serious infractions that do not give an opportunity to amend and produce the immediate withdrawal of the application and the closure of the developer's account are publishing fraudulent apps (malware); fraud or crimes committed through the store; or the publication of apps with prohibited content (sexual material, incitement to hatred, violence, harassment, sale of dangerous products).
Privacy Policies
This is one of the most important legal elements when developing an app.
The privacy policy is the document that specifies in detail the management of the personal data of the users by the developer.
A privacy policy should address the following points:
• Responsible or in charge of the treatment
• Personal data collected (special attention to underage data and sensitive data)
• Purpose of the data management
• Legitimation
• Conservation period
• Security measures
• Third parties involved in the treatment
• Possible international transfers
• User Data Privacy Rights
• Contact the person in charge
The privacy policy is an essential requirement that all apps that want to be published in the app stores must comply with. Before it was optional but now you have to provide a privacy policy hosted on a web domain before uploading the file to one of the stores.
To make it easier for the user to understand the treatment of their data, it is recommended that the privacy policy is available both within the application and on a website.
Legal Design
Privacy policies have always been cumbersome, heavy, and difficult documents for the general public to understand, where they often use elaborate legal words from legal slang.
Norton Mobile Traditional Privacy Policy
There is a new trend to re-design privacy policies applying what is known as Legal Design to facilitate the reading and understanding of the document by users, without losing legal rigor.
lockIO's Privacy Policy with Legal Design applied
What we look at by applying Legal Design is that the design of the document is light or visually pleasing for the user, so that they can understand the information that is being processed, who is responsible, the purpose, period of data retention, third parties involved. and all relevant data more easily.
Terms and Conditions
The Terms and Conditions (also called Terms of Use, of the Service or T&C) are another of the important legal elements in the development of apps.
The T&C are agreements between developers and users, which specify what are the general conditions to which the user will be bound when downloading and using the application.
Among the clauses and conditions that are usually included in the T&C's are:
• Description and use of the service
• Use restrictions
• User rights and obligations
• Developer obligations
• License on industrial property rights
• User-generated content
• Reservations
• Assignments of rights
• Prohibited uses by users
• Termination or suspension of the account
• Limitations and disclaimers of liability
• Severability clause
• Future changes in the T&C
• Applicable jurisdiction in case of disputes
• Contact
We should not confuse a T&C with a EULA. EULA stands for End-User License Agreement, which is a license for the use of computer programs.
When a user purchases software, this agreement limits, restricts, and conditions the use that the user must make of the program.
It is a set of conditions and limitations that developers agree on for users where the rules of use, distribution, modification, or transfer of the acquired computer program are established, being generally very restrictive in terms of the redistribution or modification of the source code.
It is important to remember that apps must ask users to accept their terms and policies after installation and before the user uses the app, allowing local hosting of the terms of use in the app.
Other complementary policies
Depending on the app that is developed, it is likely that we should complement the privacy policies and terms of use with other policies, guides, or guidelines: commercial policies, advertising, principles, publication standards platforms (on platforms with user-generated content), or guidelines related to audiovisual media.
Google's dominant position
It should be noted that both Google and Apple are the judge and part of the application distribution process.
On the one hand, these companies have the ability to regulate and establish compliance policies that developers who wish to publish applications in their stores must adapt to.
This freedom of decision allows both Google and Apple to determine the rules of their own game with complete freedom, being able to modify the percentage that they enter from the benefits generated by the apps (30% in both cases), limit the number of applications by the developer or modify the conditions of use of the platform unilaterally, without the developers (who are considered as "partners" in the Terms) can do anything about it.
On the other hand, both companies develop and distribute apps in the app stores that they regulate.
These companies have the ability to modify the conditions of sale of applications to users, being able to align their commercial interests with restrictive policies for developers.
In the case of Google, a company that has a clear dominant position in the mobile operating systems market, with a worldwide market share of almost 75% (or in other words, three out of four mobile phones have installed Android) this situation is even more sensitive.
The TFEU have stated their rejection against these kinds of conglomerates and protects users against abuses by companies in a dominant position.
Any action by a company in a dominant position that limits or adversely alters competition within the market could be anti-competitive.
Among some of the actions that threaten the free competition of the markets is the setting of discriminatory sales conditions.
In principle, a dominant company can raise prices above competitive levels, since it understands that it is safe from its rivals.
Google Play is a store that makes available and sells applications to users, therefore the setting of conditions that limit competition or condition users within the market could result in anti-competitive behavior on the part of the American giant.
I understand that it is important to know this independence and dominance that these companies, especially Google, enjoy within the application market if you want to dedicate yourself to the development of mobile apps.
Regulation
Sometimes apps get ahead of State regulations and create new business models that completely alter the socio-economic spectrum, forcing the creation of new regulations.
This is the case of applications such as Uber, Cabify, AirBnb or Glovo.
These disruptive models affect public policies and force States to adopt new measures to guarantee the legal order.
One of the most notorious cases: AirBnb. The Spanish Government promulgated a series of decrees and measures that oblige tourist apartment rental intermediaries to identify the transferors, assignees, the home and the amount for which they transferred, in order to avoid possible tax fraud.
Therefore, it is convenient to verify which regulations and laws could be linked to our application, to avoid possible fines or problems with the public administration once made available to users.
REFERENCES
1. Spanish Constitution, of December 29, 1978.
2. Consolidated Version of the Treaty on the Functioning of the European Union, published on October 26, 2012.
3. Organic Law 3/2018, of December 5, on Protection of Personal Data and Guarantee of Digital Rights.
4. Royal Legislative Decree 1/1996, of April 12, approving the revised text of the Intellectual Property Law.
5. Law 17/2001, of December 7, on Trademarks.
6. General Data Protection Regulation (EU) 2016/679 Of the European Parliament and of the Council, of April 27, 2016.
7. Berne Convention for the Protection of Literary and Artistic Works, as amended on September 28, 1979.
8. Decree 79/2014, of July 10, which regulates tourist apartments and houses for tourist use in the Community of Madrid.
9. Royal Decree-Law 7/2019, of March 1, on urgent measures regarding housing and rent.
10. Russo, F., Pieter Schinkel, M., Günster, A. and Carree, M. (2010) “European Commission Decisions on Competition: Economic Perspectives on Landmark Antitrust and Merger Cases”. UK. Cambridge Press. Page 113.
11. Google Play (2019) Developer Policy Center: Mandatory Compliance. Recovered at: https://play.google.com/intl/es/about/enforcement/enforcement-process/
12. Apple (2019) App Store Review Guidelines. Recovered at: https://developer.apple.com/app-store/review/guidelines/
13. Spanish Agency for Data Protection (2019) "The duty to inform and other measures of proactive responsibility in apps for mobile devices." AEPD. Retrieved from: https://www.aepd.es/sites/default/files/2019-11/nota-tecnica-apps-moviles.pdf
14. App Annie (2019) The State of Mobile 2019 Report. Recovered at: https://www.appannie.com/en/insights/market-data/the-state-of-mobile-2019/
15. Framework, SDK, library, API: what are the differences? (April 7, 2013). Retrieved from: https://www.4rsoluciones.com/blog/framework-sdk-biblioteca-api-cuales-son-las-diferencia-2/
16. Statista (December 28, 2019). Number of available apps worldwide 2009-2019. Recovered at: https://www.statista.com/outlook/318/100/apps/worldwide
17. Garrijo, M. (2017) "This is how the new regulation affects you if you have a flat on Airbnb." Business Insider. Retrieved from: https://www.businessinsider.es/asi-te-afecta-nueva-regulacion-si-tienes-piso-airbnb-182478
This article was originally written in Spanish by Ivar Cifré Molina, a lawyer who is specialized in New Technologies, E-Commerce, Data Protection, and Blockchain. He is the Founder of JURISPIXEL, a legal consultancy for technology startups and entrepreneurs located in Madrid, Spain. He writes articles on tech law for the Spanish legal magazine A Definitivas. Also, he is the creator and developer of a security app for Android called lockIO.
Follow on Twitter or Instagram @ivarcifre
Follow Us
🐦 Twitter: @kryptonodes
📷 Instagram: @kryptonodes
for more Memes, Promo Codes, Referrals, and Airdrops!
⬇️ GET FREE CRYPTO! ⬇️
• Save 10% every time you buy or sell crypto - Binance
• Up to $1,000 USD worth of crypto in 90 days GUARANTEED - StormX
• Earn Ethereum just for reading articles! - Publish0x
• Get $10 when you register and deposit $100 - Coinbase
• Receive €5 when you open an account - N26
• Earn $59 worth of $COMP - Coinbase
• Receive $5 worth of BTC as a Welcome Bonus - HoneyGain
• The easiest way to earn FREE CRYPTO - QuiCrypto
• Simplest way to mine Bitcoin from home - HoneyMiner
• Earn Cashbacks in Bitcoin when you shop online from major e-commerces - Lolli
⬇️ Other articles published in Publish0x ⬇️
• Best Crypto Memes of the Year! 😂
• Access to a Decentralized Economy thru Blockchain (Part 1/2)
• Access to a Decentralized Economy thru Blockchain (Part 2/2)
• How to earn $1,000 USD worth of crypto in 90 days GUARANTEED!? 🎁
• Coinbase listed Filecoin, a decentralized data storage token