Developers are Battling for User Privacy. All They Need Is Some Help

Enough with the blame game already

I’m getting tired of waking up to headlines of another major data security gap. The whole internet economy is getting tired of it. Big platforms, ISPs, regulators, politicians; everyone agrees that something’s broken and that we need to fix it. Where the discussion stalls is on the details, the responsibilities, and the distributed burden that we’ve all got to share - and of course on who’s at fault.

Too often the group that takes the blame are developers. This is likely because they lack the power or the unified voice to plead their own case and fight back. The irony, of course, is that developers are some of the few actually doing anything about this problem. So let me be clear from the start: all the developers I know share your focus on privacy and security, and they are keenly aware of how a few bad actors are destroying their image, their livelihood, and their profession.

This was the impetus that led to the founding of the Developers Trust Alliance, a developer-initiated project that helps users identify trusted developers and educates developers on how to build better privacy controls into their projects. It is no wonder then that developers are frustrated that while they focus on fixing the problems, the ecosystem around them focuses on circling the wagons and leaving them on the outside with the wolves.

Developers are directly responsible for everything we love about the digital economy. Before Facebook, or Google, or Amazon, developers were crafting software to empower us, entertain us, educate us, improve our businesses, and raise our quality of life. Developers - not ISPs or platforms - are the true source of innovation and entrepreneurship that makes the internet great. They are not faceless corporations or mad scientists, but your friends and neighbors and coworkers. Developers are like you and the average people that you meet on the street every day. They care about what you care about - except then they write software to make what we all care about a little bit better.

Developers have every incentive to behave as good citizens and safeguard user data. Incentives matter.  People won’t use apps and services they don’t trust, let alone pay for them. An app that doesn’t get used doesn’t make money. (We like to joke that the term for a developer that doesn’t make money is ‘grad student’).

To the extent that developers ask you to share data with them, it’s almost always to allow them to build something better and more valuable. Developers use shared data to innovate and delight, and to improve their ability to do those over and over again. Developers get rich by creating something users value, not by stealing your data for some nefarious purpose.

It is both unhelpful and unfair when developers get singled out as villains in any data security gap. While developers are free to ask users to share data with them directly, the recent issues have often arisen from platforms that accidentally made available user data they themselves held - via developer tools they themselves provided! While no user data was actually accessed, and developers respected the rules, developers were still mentioned as if they’re the problem. The result is that real people, real businesses, and real futures are being impacted because platforms were lax in how they built the tools they encouraged developers to use.

What our industry needs is a system-wide focus on solving the very real privacy problem. It’s not enough to talk about principles - though that is valuable. What we need now are both goals and action. There are plenty of simple things that can be done today to improve security and transparency. There’s no need to wait. What would help is for the biggest players to empower the developer community in this common fight, rather than needlessly shift the blame.


Bruce Headshot.png


Bruce Gustafson
President & CEO

Announcing the Developers Trust Alliance

The world of data is evolving; from how it's collected, used, managed, and stored to the user-developer relationship. There's a gap between what consumers think is happening with their data, or what they read in the news when there's a breach or hack, and what measures developers are actually taking to ensure security, transparency, and the responsible use of data.

We are proud to announce the launch of the Developers Trust Alliance, a special project of the Developers Alliance. Our mission is to offer developers a set of principles and best practices that promote user trust; and to educate consumers and those outside of the developer community about the different types of data and how data is used.

Commit to adopting the best practices and show it to the world. Are you a developer and want to commit to following the Developers Trust Alliance Best Practices on data? Once you make the commitment, we'll share an icon for your website or app and add you to the Trusted Developers list on our website.

Why should developers join the DTA? Because it’s what consumers are looking for. We surveyed 500 U.S.-based consumers over the summer to ask them about their confidence in developers when it comes to transparency and securing the data that they are asked to share.

  • 83% of users agree that developers should follow best practices on informing users what data they want them to share and how they are using it.

  • 89% of users say it is important to them that developers clearly tell you what data they want them to share and how they're using it. 53% say it is "extremely" important.

  • 79% of users say they more likely to visit a website or download an app if they are clearly told what data they are being asked to share with them and how it will be used.

We are proud to announce our first follower: MedlMobile. President Dave Swartz explains why he was honored to be the first company to sign on board in this blog post.

After a board meeting of the Developers Alliance back in early 2018, a few of us discussed the (then) coming GDPR requirements - and how they would impact developers here in the U.S. The sense was that eventually, the U.S. would follow in Europe’s footsteps - and because of the political uncertainty, those regulations could take a number of directions. 

In an effort to lead that direction to a place that we believe best works for developers, development and innovation - while also protecting our privacy and data as citizens - we undertook to get out ahead of government regulation by creating a grassroots program that the Developers Alliance could spearhead.

Interested in learning more? Check out the DTA Website here: www.developerstrustalliance.org.

Interested in adopting the best practices and becoming a trusted developer? Start the application process here: https://www.developerstrustalliance.org/get-involved/

Watch this space for more updates.

I miss Android already

Once upon a time, there were nothing but “walled gardens.” For those of you that don’t go back that far, the term refers to smartphone app stores before Google Play and Apple’s App Store were a thing. Back then the phones weren’t very smart, and the stores, phones, and apps were tied to a single mobile operator. You chose an operator, picked something from their dedicated, but limited, phone catalogue, and then lived inside a tiny ecosystem walled off from your friends and colleagues who occupied the garden next door (with different apps but similar frustrations). At least you could make a phone call or pay to send a text.

These pre-Android days weren’t great for developers either. Developers too were confined to walled gardens and small, fragmented markets.

Luckily, the tech marketplace is a highly dynamic and competitive space, and in the decade that followed, phones and mobile operating systems matured and the walls began to come down. We can probably thank the iPhone for this – and a closed smartphone ecosystem where the app store was tied to the device hardware and the operating system, not the operator. The phones were great, the apps terrific, and unless an operator offered the device, the subscribers didn’t come. Operators had no choice but to open the gate and let the iPhone (and eventually Android devices) in.

The end of the walled garden was a blessing for the developers writing the software and building all the great apps to come. Instead of writing and rewriting code to operate on dozens of incompatible devices and operating systems, they could focus on their core application. Instead of trying to create a user market from a mosaic of app, device, and operating system versions, they could rely on the influence of Apple and Google to tame the operator ecosystem, limit fragmentation, and provide access to billions of users while only coding for a few operating system variants. It’s been a golden age for software innovation and consumer choice.

Unfortunately, the golden era is likely to fade away when the European Commission announces its decision on the ongoing Android competition case. The fear is that the EC might decide, in an inappropriate analogy to their old Microsoft analysis, that Google must stop using the Android platform as a tool to promote its own applications. While there’s no such thing as a perfect market or perfect competition, the Android model is more about aggressive marketing than it is about competitive barriers. Consumers want a basic suite of apps preloaded on their devices. Device makers deliver the Google apps alongside as many others as they want. Google’s promotion of its own app portfolio creates little fear with developers, since we know from our own research that consumers consistently add and use multiple apps for core functions, right alongside those that come with their device. Developers weight the benefits of a stable and competitive ecosystem well above any marketing challenge of sharing screen space with Google (as they indicated by their write-in support for Android). In fact, it would be odd for the company that supports the ecosystem to somehow be disadvantaged because of it. There are few examples left of markets where partners don’t also happily compete with each other. So the question must be asked, does EC intervention actually improve things?

For developers, the likely result is the return of the fragmented marketplace. Applications will differ across not just Apple’s IOS and Android devices (one scenario is Google adopting Apple’s vertically integrated hardware/software model), but the likely proliferation of new hardware/software pairings from each of the world’s largest device makers. Developers will feel pressure to specialize by segment or market, since developing for every platform is costly and choosing one over another is risky. Not every platform, and not every developer, will survive. The era of the independent developer is likely fading as well, as competing platforms seek to lock-in the most popular apps and features. It’s ironic, but the future looks surprisingly like the past, with the gardens now belonging to the device makers and not the operators.

Developers are accustomed to a dynamic marketplace, and I have no doubt they will adapt. While the EU has been focusing attention on smartphones, the market has moved on to IoT, digital assistants, “skills” alongside apps, voice interfaces, and the growing complexity of AI and industrial automation – areas where regulators still have much to learn. It’s hard for a regulator to keep up with a competitive market. Like the personal computer market, eventually two or three device ecosystems will settle into place as the world moves on and the smartphone era is eclipsed by the next big thing. I only hope that we can learn from the process, and make the industry transitions easier, rather than harder, for this wave and the next, and the next.

 

This piece has been published:
In Italy by Le Formiche: Perché sento già la mancanza di Android
In Spain by el Economista: Android, ya te echo de menos


Bruce Headshot.png


Bruce Gustafson
President & CEO

Developer's Perspective: Making Sense of the European Commission's Ruling

Guest Post by Czech Developer Petr Nalevka

The European Commission substantially intervened in the operating system competition between Google and Apple to the detriment of Android. That is bad news for users, manufacturers, developers and for the freedom to conduct business as well.

Google was able to pull off a tour de force with Android. Even though unlike its competition, it completely opened its system, which benefited the whole market of mobile technology, it was able to maintain some control simultaneously. It allowed mobile phones manufacturers to implement their services as one package via all or nothing principle. 

However, the manufacturers still had a choice between Android with Google services and pure open-source Android. But, primarily thanks to the high quality of Google services, in the vast majority of cases they implemented the first option. The users meanwhile were able to get rid of Google services very easily and use services of competitors instead.

This system provided Google with more control of Android user experience on one hand and on the other hand, gave it the option to elegantly monetize Android via its services. Thanks to this it was able to invest in Android, to innovate it and at the same time manufacturers and users did not have to pay for it. Simply a win-win.

The European Commission has punished Google similarly to Microsoft and its Internet Explorer in the past. But the similarity ends there. As opposed to the Explorer, Google’s services count among the top on the market. As a mobile developer, I see a tremendous difference in quality between the Play Store and alternative app stores. The vast majority of technical issues that we have to deal with on a daily basis come from a number of different faulty adjustments of Android by manufacturers.

The whole alleged violation of the law is tailor-made for Google. What is a regular market practice for others - provider of operating system choosing preinstalled services - is in case of Google an issue worth of 5 billion fine.

The reasoning? The European Commission distinguishes between vertically integrated manufacturers, such as Apple or Blackberry, and Google, which only licenses its system, and maintains that thanks to a different approach they are not a competition to each other. Pretty much anyone who engages with mobile technology in any way knows that iOS by Apple and Android by Google are the main and serious competitors on the mobile platform's market.

According to the Commission, another reason for the double standard is Google’s dominant position in the market of search engines. More strict rules apply to a dominant company, even though Google achieved this mainly through the quality of its services. This can be clearly illustrated on the market share of search engines on desktop devices. Even though Microsoft still dominates the desktop market with its Windows and preinstalled Bing, Bing’s market share on desktop searches is minimal.

In the upcoming months it will depend on Google, whether it will be able to meet the Commission’s conditions and at the same time to endanger the Android ecosystem as little as possible. We can only hope it will be able to achieve this without a major fragmentation of Android. However, Google will have to find a different (probably less efficient) model and the difference in efficiency will be paid by everyone, including manufacturers, developers and, of course, users. 

The message the Commission sent to the market is clear. It is necessary to either completely open or completely closed operating systems, or the EU will put its foot down. So, at the expense of all, we are more likely to expect closed solutions in the future.

 

Are Users Control Freaks, or Are Developers Just Hard to Trust?

Control is really for when trust runs out. Developers need to drive their own change.

I read Facebook’s outside-expert blog series on privacy and sharing this morning, and I like the themes that emerged. That doesn’t mean the there aren’t some real warnings in those articles as well.

Here’s the take away for the TL;DR cohort out there: “Step up, or get what’s coming”.

Users are sick and tired of feeling used and if we don’t improve our collective privacy practices, government will do it for us (with a blunt object - think GDPR in the EU). Worse still, users are going to walk if your app doesn’t instill confidence.

The experts bring up several key themes that we absolutely agree with. For one, data portability is more complex than it looks. We’ve been highlighting that the bright line between “my data” and other people’s data is in fact wide and blurry, and that a better way of thinking about data is to describe shared rights and obligations between multiple people. Developers have rights in the data they derive from user interactions, as do the users themselves. The trick is to balance those rights and work collaboratively such that users are never surprised at how data is being used.

The other key observation is that small innovators are deeply impacted by the rules imposed on platforms. Limitations tied to APIs, mandatory data portability, and the potential for class-action lawsuits are all on the horizon if developers don’t act.

Developers need to be part of the privacy conversation. Developers need to regain user trust and make it a competitive advantage.

The Developers Alliance is active on both these fronts. We’ve spoken with members of congress, MEPS in the EU, and industry leaders on both sides of the Atlantic to ensure that the developer community isn’t forgotten as rules emerge. And we’re launching the Developers Trust Alliance; an initiative that promotes those developers that adopt a set of trust principles and best practices that will raise the bar for our whole community.

Our influence and effectiveness is only as strong as the energy of our membership. We welcome you to join these efforts.

 


Bruce Headshot.png


Bruce Gustafson
President & CEO