This article was originally written in Spanish and published on ADefinitivas
ABSTRACT: Mobile phone apps have changed people’s lives. Thanks to them, new ways of doing business, meeting the love of your life, learning a new language, or editing photos in an almost professional way have been created. The mobile apps market is colossal, with a total volume of 194 billion downloads during 2018 and combined user spending on app stores in the same period that exceeded $ 101 billion. Apps offer users the possibility of learning or receiving information, so guaranteeing access to quality applications is directly linked to the right to freely communicate and receive truthful information enshrined in the Spanish Constitution. On the other hand, the automated collection of personal data through applications demands special attention from developers who must comply with increasingly stringent data protection regulations, to ensure more transparency in the data management and greater control of users over their information.
KEYWORDS: GDPR, Apps Development, T&C, Privacy Policy, iOS, Android.
Index
1. What is a mobile application?
2. Tools for App Development
3. Access to Permissions and Background Processes
4. Proceedings related to IP Rights
5. Legal Protection of Mobile Apps
6. Pre-development Agreements
7. Compliance with App-Stores Policies
8. Privacy Policies
9. Legal Design
10. Terms and Conditions
11. Other Complementary Policies
12. Market Dominance
13. Regulation
14. References
_________________________________________________________________
“Pacta Sunt Servanda” is an old Latin expression that means that a contract is a law between the parties who subscribe to it.
If in Ancient Rome words were enough to create an agreement, in our Modern Era it is sufficient to install and open an app to be subject to a legal agreement.
In these modern times in which we mostly live throughout the screen of our mobile devices, code is the law between the parties… Something like “Apps Sunt Servanda”.
Mobile apps govern most of the activities we carry out on our daily basis: how we consume information, how we communicate with our friends and family, and even what we can eat (which will depend on the places registered in your postal code on your food-delivery app).
But what are these little icons that we have on the screen of our mobiles, control almost every aspect of our lives, and increasingly know more information about us?
What is a mobile application?
A mobile application or app is a computer program that executes within an operating system on a mobile device, whether it is a phone, tablet, or smartwatch.
Apps are a series of codes that are written using various tools and interfaces and, depending on the programming language used, are structured differently.
For example, native iOS apps use the Swift programming language (replacing the old Objective-C) and are developed in the IDE (Integrated Development Environment) called Xcode. While most Android applications are programmed in Java and Kotlin, the latter called to replace its predecessor, and are developed using Android Studio.
By the end of 2019, Android users had the possibility to choose between 2.90 million applications, making Google Play the application store with the largest number of apps available. Apple’s App Store is the second-largest app store in the world with 1.8 million apps available for iOS.
Tools for App Development
Developers have at their disposal a series of tools for creating apps: APIs, frameworks, IDE, SDK, and libraries.
APIs provide a set of functions and procedures that allow you to interact with a specific platform. In addition, SDKs and Frameworks incorporate all the necessary tools to program, develop, and test the applications.
Frameworks offer a more complete development environment, while SDKs are more aimed at developing exclusive applications for a specific OS.
Aside from apps development tools, some APIs and SDKs integrate functionalities into the program that complements the app with additional features.
They can integrate different features into the app, such as:
• Show ads (Admob, Chartboost, FAN, Appbrain);
• Send push notifications (Onesignal);
• Monitoring and analysis of app usage (Firebase, Appsflyer, Flurry);
• Geo-location (Google Maps, MapKit);
• Pay for products (Google Play In-App Billing, iOS In-App Purchase, Paypal SDK);
• Integrate Social Media linking(Twitter, Facebook)
• Analyze crashes or errors (Crashlytics);
• Manage health and physical activity data (HealthKit, CareKit).
Although these data are anonymous, they can include IP addresses, countries where the user is located, manufacturer of the device they are using, version of the operating system, age, gender, or time of use of the application; which in conjunction could be used to identify you.
It’s important to point out that SDKs and APIs collect personal data automatically.
To use these tools, you must register an account with the developer of the kit that will allow you to administer the features and manage the information.
Access to application store platforms, SDKs, and other built-in plugins must be controlled, as these can collect information about users and could mean a significant data leak for developers.
The General Data Protection Regulation (GDPR) requires a proactive attitude and responsibility from those responsible for the data management and this must translate into an increase in effective security measures and restrict access to the different databases.
We cannot forget that we must specify in our privacy policy which SDKs are integrated into our app. These companies are third parties involved in the processing of personal data and must be indicated in order to comply with the principle of transparency in the data processing.
Access to Permissions and Background Processes
Developers must respect access to the device permissions and only require access that is necessary to fulfill the functions of the application, to the extent that these are required by the user.
It is not proportional to request permission to access the geo-location of the device if a necessary use for such access is not foreseen, which must be linked to specific functionality and previously accepted by the user.
Under no circumstances is it justifiable to execute in the background, for example, the camera if the application is not in use or if the user is not aware of it.
We must limit access to the device permissions in apps running in the background.
Proceedings related to IP Rights
Before investing any amount of money in the UX/UI design, layout, or programming of the app, we must be sure that our idea does not infringe on any intellectual or industrial property rights of third-parties.
This includes trade names, logos, brands, or other distinctive signs that could be linked to our idea and that could affect industrial property registries.
Cases where a developer publishes an app in one of the stores and then withdraws it for using the same name as a trademark are common.
Not only the holders of industrial property registrations could request the withdrawal of an app for infringing acquired rights, but also those who plagiarize descriptions (brief or complete), screenshots, promotional videos or any other element on the store tab.
We must begin our search for trade names and trademarks in the app stores where we want to post. It is the first step to know if our name is already being used by another application.
Try to create a name, icon, logos, and original graphic designs for your app, that do not match an already registered trade name or brand.
To acquire greater protection and limit the use of your distinctive signs by third parties, you can choose to register the name, logo, or icon of your application as a trademark in the Spanish Patent and Trademark Office (OEPM).
Legal Protection of Apps
It is important to note that apps cannot be patented. You can’t create a social network like Pinterest or a photo editor like Snapseed and prevent others from developing similar apps.
Apps are computer programs made up of lines of code written in the programming language used depending on the computer system and the development platform.
The legal protection on the code is configured with the generating fact enshrined in the Spanish Law on Intellectual Property, which establishes that the intellectual property of work corresponds to the author for the sole fact of its creation.
The text written by a programmer (what is known as source code) falls within the scope of copyright protection and, therefore, doesn’t require you to inscribe this text anywhere else; the copyright protection originates at the time of creating the code.
The same Law establishes that computer programs are the object of intellectual property. This protection extends to the programs of mobile devices since the mobility or not of the device where the program is executed does not delimit the scope of the legal protection.
Furthermore, developers enjoy international protection that applies to citizens from countries signatory of the Berne Convention.
Pre-Development Agreements.
Various actors may intervene in the development of applications depending on who develops the app.
Unless it is a company dedicated to app development, it is normal to hire the services of an external programming company for the specific development of the project.
We are going to focus on the outsourced development of apps, carried out by designers, programmers and third parties hired to develop the design, layout, UX / UI, programming, and distribution of the application.
We do not recommend that you present your idea to people who are able to develop it without first having legal protection in the form of a confidentiality agreement or NDA.
A confidentiality agreement would limit the capacity of third parties involved in the development of the project to act and would prohibit the use of the information shared by the parties.
Nor is it necessary to sign a confidentiality agreement with all the people who participate in the previous processes. If you hire the design of a logo, icon, or website, you must tell the designer what the function of your app is or talk about your project so that it can capture personality in the design.
Furthermore, investors are reluctant to sign a confidentiality agreement just to hear a proposal, so it is not advisable to condition them on the signing of an NDA if we are seeking financing for our project.
If you are completely sure of carrying out your idea and want to present your project to unknown third parties for its execution, you should know some of the agreements that can be developed in the previous stages or during the development process:
• Confidentiality Agreements
- Sign NDA with the layout designer (UX) and programmers
- It is not necessary for the front of relatives or investors who want to know your project.
- Software Development Agreements (SDA)
-It is important to ensure in the agreement that the programmer transfers, without the possibility of claiming, all the rights related to the creation of the code.
- A confidentiality and non-disclosure clauses are usually included in SDAs.
- Other agreements apart from the SDA
- Updates Agreements (to integrate new functions)
- Maintenance and Crash Update(to correct post-launch errors)
- Wireframe
- UX Wireframes detail screen by screen, icon by icon, all the elements that make up the application, and how they are integrated into the user interface.
- UI Design Agreement
- UI stands for User Interface, which is the set of graphic elements that make up the application. These are the fonts, colors, designs, icons, and styles that make up the graphical user interface.
Register elements such as icon, logo, or name as a trademarks, thus limiting other developers to use these designs in their apps.
Compliance with App-Stores Policies
You already have an application developed, now you need to publish it to make it available to users through official app stores such as Google Play for Android and the App Store for iOS.
It is extremely important to know all the policies and guidelines for the developers of both stores.
If you violate one of the developer policies, you will receive a notification to resolve the issue. When the infringements are repeated or serious (fraud, malicious apps, etc.), they will delete the developer’s account and associated apps, without the possibility of appealing the decision.
Policy violations can be varied and depending on the type, they could be amended.
Among the infractions that may entail the withdrawal of an app from the store are the use of graphic elements or trademarks owned by third parties; use illegal download and review services; not specify if the app is aimed at minors or if it displays intrusive or disproportionate ads.
Some of the serious infractions do not give an opportunity to amend and cause the immediate withdrawal of the application and closure of the developer account are: publishing fraudulent apps (malware); fraud or crime committed through the store; or the publication of apps with prohibited content (sexual material, hate speech, violence, harassment, sale of dangerous products).
Privacy Policy
This is one of the most important legal elements when we develop an app.
The privacy policy is the document that specifies in detail the treatment of the personal data of the users by the developer.
A privacy policy should address the following points:
• Responsible or responsible for the treatment
• Data collected (special attention to minors, medial, and biometric data)
• Purpose of the treatment
• Legitimation
• Conservation period
• Security measures
• Third-parties participating in the treatment
• Possible international transfers
• Rights of users
• Contact the person in charge
The privacy policy is an essential requirement that must be met by all apps that want to be published in the app stores. Before it was optional but now it is required that you provide a privacy policy hosted on a web domain before uploading the form to one of the stores.
To facilitate the user to understand the treatment of their data, it is recommended that the privacy policy is available both within the application and on a website.
Legal Design
Privacy policies have always been cumbersome, cumbersome, and difficult to understand by the general public, where far-fetched legal words from slang are often used.
There is a new trend to re-design privacy policies applying what is known as Legal Design to facilitate the reading and understanding of the legal document by users, without losing juristic rigor.
What is sought by applying Legal Design is that the design of the document is light or visually pleasing to the user so that they can understand the information object of the treatment, who is responsible, the purpose, period of data retention, third parties involved and all relevant data more easily.
Terms and Conditions
The Terms and Conditions (also called Terms of Use, Service, or T&C) are very important legal documents in the development of mobile apps.
T&C are agreements between developers and users, in which the general conditions to which the user will be bound when downloading and using the application are specified.
Among the clauses and conditions that are usually included in the document are:
• Description and use of the service
• Use restrictions
• Rights and obligations of the user
• Developer obligations
• License on industrial property rights
• User-generated content
• Reservations
• Assignments of rights
• Termination or suspension of the account
• Limitations and disclaimers of liability
• Severability clause
• Future modifications
• Applicable jurisdiction
• Contact
We should not confuse a T&C with a EULA. EULA is an abbreviation for End-User License Agreement, which is a license to use the software when you acquire it.
When a user acquires a software, this agreement limits, restricts, and conditions the use that the user must make of the program. It is a set of conditions and limitations that developers agree for users where the rules of use, distribution, modification, or transfer of the acquired computer program are established, being generally very restrictive in terms of redistribution or modification of the source code.
It is important to remember that apps must ask users to accept their terms and policies after installation and before the user uses the app, allowing local terms of use terms in the app.
Market Dominance
It should be noted that both Google and Apple are judge and part of the app distribution process.
On one hand, these companies have the ability to regulate and establish compliance policies for developers who wish to publish apps in their stores must adapt.
This freedom of decision allows both Google and Apple to determine the rules of their own game with complete freedom, being able to modify the percentage of the profits generated by the apps (30% in both cases), limit the number of applications by the developer or modify the conditions of use of the platform unilaterally, without the developers (who are considered as “partners” in the T&C) can do anything about it.
On the other hand, both companies develop and distribute apps in the app stores that they regulate.
These companies have the ability to modify the conditions of sale of the applications to the users, being able to align their interests with restrictive policies for developers.
In the case of Google, a company that has a clear position of dominance in the mobile OS market, with a global market share of almost 75% (or in other words, three out of four mobiles are Android) this situation is even more sensitive.
The TFEU protects users from abuse by companies in a dominant position. Any action by a dominant position company that limits or negatively alters competition within the market could be anti-competitive.
Among some of the actions that threaten free competition in the markets is the setting of discriminatory sales conditions. In principle, a dominant company can raise prices above competitive levels, since it understands that it is safe from its rivals.
Google Play is a store that makes applications available and sells to users, therefore the setting of conditions that limit competition or condition users within the market could result in anti-competitive behavior by the American giant.
I understand that it is important to know this independence and domain enjoyed by these companies, especially Google, within the application market if you want to dedicate yourself to the development of mobile apps.
Regulations
Sometimes apps go ahead of state regulations and create new business models that completely alter the socio-economic spectrum, forcing the creation of new regulations.
This is the case of apps such as Uber, Cabify, AirBnb, or Glovo.
These disruptive models affect public policies and compel States to adopt new measures to guarantee the legal order.
One of the most famous cases: AirBnb. The Spanish Government promulgated a series of decrees and measures that oblige intermediaries to rent tourist apartments to identify the transferors, assignees, the house and the amount for which it yielded, in order to avoid possible tax fraud and limit this kind of renting.
Therefore, it is convenient to verify which regulations and laws could be linked to our application, to avoid possible fines or problems with the public administration once made available to users.
References
1. Spanish Constitution of December 29, 1978.
2. Consolidated Version of the Treaty on the Functioning of the European Union, published on October 26, 2012.
3. Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.
4. Royal Legislative Decree 1/1996, of April 12, which approves the revised text of the Intellectual Property Law.
5. Law 17/2001, of December 7, on Trademarks.
6. General Data Protection Regulation (EU) 2016/679 Of the European Parliament and of the Council, of April 27, 2016.
7. Berne Convention for the Protection of Literary and Artistic Works, as amended on September 28, 1979.
8. Decree 79/2014, of July 10, which regulates tourist apartments and dwellings for tourist use in the Community of Madrid.
9. Decree-Law 7/2019, of March 1, on urgent measures regarding housing and rent.
10. Russo, F., Pieter Schinkel, M., Günster, A. and Carree, M. (2010) “European Commission Decisions on Competition: Economic Perspectives on Landmark Antitrust and Merger Cases”. UK. Cambridge Press. P. 113.
11. Google Play (2019) Developer Policy Center: Compulsory Compliance. Retrieved at: https://play.google.com/intl/es/about/enforcement/enforcement-process/
12. Apple (2019) App Store Review Guidelines. Recovered at: https://developer.apple.com/app-store/review/guidelines/
13. Spanish Data Protection Agency (2019) “The duty to inform and other proactive liability measures in apps for mobile devices.” AEPD. Recovered at: https://www.aepd.es/sites/default/files/2019-11/nota-tecnica-apps-moviles.pdf
14. App Annie (2019) The State of Mobile 2019 Report. Retrieved at: https://www.appannie.com/en/insights/market-data/the-state-of-mobile-2019/
15. Framework, SDK, library, API: what are the differences? (April 7, 2013). Recovered at: https://www.4rsoluciones.com/blog/framework-sdk-biblioteca-api-cuales-son-las-diferencia-2/
16. Statista (December 28, 2019). Number of available apps worldwide 2009–2019. Recovered at: https://www.statista.com/outlook/318/100/apps/worldwide
17. Garrijo, M. (2017) “This is how the new regulation affects you if you have an apartment on Airbnb.” Business Insider. Recovered at: https://www.businessinsider.es/asi-te-afecta-nueva-regulacion-si-tienes-piso-airbnb-182478
Ivar Cifré is a lawyer specialized in New Technologies, Apps Development, Blockchain and GDPR.
Founder of JURISPIXEL, a Spanish legal consultancy specialized in Legaltech, App Development and Blockchain. He is also the creator and founder of the security app for Android called lockIO.
