Mobile Apps

The mobile app market has rapidly developed in the past two decades, with many potential legal issues. App developers must make the app comply with all the legal requirements of the country or region where it is made available. Moreover, besides compliance, developers should also know how to legally protect their interests. 

There are three main issues of particular importance in app development and will be discussed here: (1) Personal data privacy (2) Contractual relationship with the development company (3) IP right protection. 

Personal Data Privacy

The user’s privacy should be protected throughout data collection, usage, analysis, transmission, and personal identity identification. It requires developers not only to take great caution when collecting data but also to take the necessary steps to protect it afterward. 

In November 2014, the Office of the Privacy Commissioner for Personal Data (PCPD) first published Best Practice Guide for Mobile App Development (shorted as Best Practice Guide below), which gives comprehensive and practical guidance on personal data protection for app developers. 

  • Definition of personal data 

Personal Data (Privacy) Ordinance, section 2: “Personal data (個人資料) means any data—(a) relating directly or indirectly to a living individual; (b) from which it is practicable for the identity of the individual to be directly or indirectly ascertained, and (c) in a form in which access to or processing of the data is practicable;” 

Some common personal data include a unique device identifier, location, phone number, name, contact list, stored photos/videos/recordings, email address, calendar, and brose history. 

  • The Six Data Protection Principles (“DPPs”) listed in Best Practice Guide. 

1-    Purpose and Manner of Collection

Data should be collected lawfully. The purpose of collecting personal data must be within the app’s function and for generating necessary activity. Moreover, the data subjects must be informed of the purpose of collecting data and how it will be used. 

2-    Accuracy and Retention Duration

Data users need to ensure accuracy when using data and all the personal data collected will only be kept for a necessary period of time. 

3-    Use

Personal data can only be used in the way consented by the data subject. If there is further need to share personal data with other apps or other parties, prior consent from the data subject is needed.  

4-    Security 

It stands to reason that you need to regulate yourself to use data properly, but apart from that, you also need to actively prevent other parties from attacking, stealing, and misusing personal data when data is under your control. All reasonable steps should be taken by the data users to protect personal data. Measures such as encryption, access control based on “least-privileged rights” and “need-to-know” principles may be helpful in practice. 

5-    Transparency

The data subject needs to be clearly informed about the policies and practices in relation to the handling of their personal data. It is suggested that you provide a Privacy Policy Statement which includes the type of personal data and the collection purpose before the data subject starts using your app. 

6-    Access and correction

You should comply with data access and data correction requests in requirements under the Ordinance. 

  • Data protection in practice

When collecting personal data, less is better than more and general is better than specific. To reduce potential risk, you should only collect necessary data and keep the process transparent. Informing app users to authorize access to their personal data is a necessary step. App developers are strongly suggested to draft the Privacy Policy and Information Collection Statement in a clear and concise way. 

In view of the fact that consent from app users by signature or orally is inconvenient online, the common practice is to have a pop-up consent clause, which states “ I have read and accepted the Privacy Policy and Information Collection Statement”, where a tick can be put in the box to represent such consent. Or if the app requires the user to sign up, carefully put a reminder like “By signing up, you accept our Terms and Privacy Policy.” 

Regarding specific types of data which is necessary for app operation. It is better to think out a backup plan when users refuse to give such consent. For example, if users decline the app to access their location, an alternative may be provided to ask them to type in the approximate location instead.  

Contractual relationship with the development company.

To enable apps to be used on mobile phones, the product owner needs to sign a contract with the development company. Currently, App Store (IOS) and Google Play (Android) are the two biggest players in this field. However, the recent lawsuits brought by Epic Games against Apple and Google based on monopoly shed light on the application of third-party app platforms in IOS or Android. If it won the case, the current market will inevitably change. 

No matter which platform you are going to hit, it is important to bear these points in mind. 

  • Sign an NDA

Prior to discussing your business idea and workflow with the development company, or with any other parties, a Non-Disclosure Agreement (NDA) should be signed to protect your business idea from possible stealing or competition.  

  • Terms of the agreement

The development agreement should clearly identify both parties’ responsibility, rights to the technology, ownership of the product, the deliverables, costs, workflow, timeline, and terms of use of open-source software. 

  • Abide by the platform’s guidelines

Apart from local law requirements, Apple and Google also have their own regulations imposed on app developers. Carefully examine the App Store Legal Guidelines and Google Policy and Terms, make sure to comply with all the requirements before your app is submitted to the development company.   

 IP rights 

There are two aspects of IP rights for app developers to concern about. First, protect your own IP rights from being infringed. Second, keep away from infringing the IP rights of third parties. 

  • What can be protected under IP law?

IP rights include copyright, trademark, and patent. Copyright can be used to protect the source code, design, and content of your app. Trademark is concerned with the app name, logo, slogan, and brand name. Patent is less common than copyright and trademark in app development practice but is useful to protect something new or not obvious in your app. 

  • How to protect your idea from being stolen?

As previously mentioned, it is always good practice to sign a Non-Disclosure Agreement (NDA) before discussing your app development idea with others. Though an NDA cannot wholly ensure your business idea security, it is nonetheless a strong legal weapon against anyone who violates it. 

App Store Conditions

You will likely distribute your app through either Apple’s App Store, Google Play for Android Devices, or both. In addition to complying with local laws, the developer must also comply with the policies and guidelines of each publisher along with the Developer Agreement. Breach of App Store policies or the agreement may lead to removal of the app.

Google Playstore has a Developer Policy Centre as well as a Developer Distribution Agreement.

Apple App Store has Review Guidelines as well as the App Developer Agreement.

The Apple App store has a long and drawn out approval process, and small errors can lead to rejection. Apps in general also need to be more distinctive. There is a $99 USD developer fee per year, and 30% of app revenue is shared with Apple. For subscription products, the revenue share drops to 15% after 12 months.

In general, it is less tedious to submit an App to Google Playstore and to have it approved. It also only costs $25 USD to enroll as an app developer, and 30% of app revenue is shared with Google. For subscription products, the revenue share drops to 15% after 12 months.

search previous next tag category expand menu location phone mail time cart zoom edit close