The Office of the Australian Information Commissioner (OAIC) is advising mobile application developers to take a ‘privacy by design’ approach through the release of its mobile application privacy guideline. It advocates that by taking this approach, app developers will be able to gain user trust and loyalty.


The high smartphone and tablet penetration rate in Australia and the increasing utilisation of Big Data by corporations means it is time for mobile app developers to take a serious approach to protecting user rights and privacy.

The mobile app privacy guideline recommends that mobile application developers:

  • Ensure the app’s privacy policy is easily accessible;
  • Use short form notices that are no longer than a single screen;
  • Inform users of what will happen to their information in real time, including whether their information is likely to be disclosed outside Australia;
  • Only collect information that is required for the application to function; and
  • Conduct a privacy impact assessment.

The OAIC advocates that by following this guideline, mobile app developers will gain user trust and loyalty. “I believe these guidelines should become best practice for mobile application developers,” commented Kareem Tawansi, CEO of software development provider, Solentive Software.

Some argue that the privacy features may detract from the user experience if users need to accept and decline permissions each time they use an app. Tawansi, on the other hand, disagreed, “I think users will respond well to these privacy features when they know that their privacy is being looked after, particularly users from an older generation who place more significance on their privacy,” he explained.

“However, privacy settings need to be configurable so that users have some level of control. Some users are more concerned with their privacy than others and would prefer to have the option to accept or decline permissions each time they use an application, others will be happy to just set their permissions at the beginning only. It is therefore important to give users a choice,” continued Tawansi.

When it comes to user privacy, whose responsibility is it? Is it the responsibility of the vendor that develops the mobile application, or is it the app owner’s responsibility to consider the privacy implications of the mobile application they want to develop? “If the idea is unique to the marketplace, the responsibility of protecting user privacy is probably with the idea creator at this early stage. As the industry matures and enough similar applications are available on the market, the consideration of user privacy should become best practice for the developer,” offered Tawansi.

“As mobile application development matures, users will begin to demand and expect certain standards. If an application does not meet best practice standards, then it will show through the decline in users who regularly use the application. It is therefore in the best interest of the mobile application developer and client to take a ‘privacy by design’ approach when developing any application,” advised Tawansi.

According to the OAIC, approximately two out of three Australians have stopped using a mobile application due to privacy concerns. Although the guidelines put forward by the OAIC are not enforceable, in time they will become best practice and ensure compliance with Australian privacy laws.