cordova-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mwbro...@apache.org
Subject docs commit: Add new privacy guide.
Date Thu, 25 Apr 2013 22:15:51 GMT
Updated Branches:
  refs/heads/master 290b55001 -> cdeea53bf


Add new privacy guide.


Project: http://git-wip-us.apache.org/repos/asf/cordova-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-docs/commit/cdeea53b
Tree: http://git-wip-us.apache.org/repos/asf/cordova-docs/tree/cdeea53b
Diff: http://git-wip-us.apache.org/repos/asf/cordova-docs/diff/cdeea53b

Branch: refs/heads/master
Commit: cdeea53bf68d6105a7bae83f67dc30116e7d5342
Parents: 290b550
Author: Mike Sierra <letmespellitoutforyou@gmail.com>
Authored: Mon Apr 22 15:56:16 2013 -0400
Committer: Michael Brooks <michael@michaelbrooks.ca>
Committed: Thu Apr 25 15:11:55 2013 -0700

----------------------------------------------------------------------
 .gitignore                                      |    3 +
 docs/en/edge/cordova/camera/camera.md           |    2 +
 docs/en/edge/cordova/contacts/contacts.md       |    2 +
 docs/en/edge/cordova/geolocation/geolocation.md |    2 +
 docs/en/edge/cordova/media/capture/capture.md   |    2 +
 docs/en/edge/guide/privacy/index.md             |   63 ++++++++++++++++++
 docs/en/edge/index.md                           |    4 +
 7 files changed, 78 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/cdeea53b/.gitignore
----------------------------------------------------------------------
diff --git a/.gitignore b/.gitignore
index da8f866..9d3614a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,6 @@
 tmp/
 public/
 release/
+TAGS
+,*
+_*

http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/cdeea53b/docs/en/edge/cordova/camera/camera.md
----------------------------------------------------------------------
diff --git a/docs/en/edge/cordova/camera/camera.md b/docs/en/edge/cordova/camera/camera.md
index 026ccdb..5ec1f4e 100644
--- a/docs/en/edge/cordova/camera/camera.md
+++ b/docs/en/edge/cordova/camera/camera.md
@@ -22,6 +22,8 @@ Camera
 
 > The `camera` object provides access to the device's default camera application.
 
+**Important privacy note:** Collection and use of images from a device's camera raises important
privacy issues.  Your app's [privacy policy](guide_getting-started_index.md.html) should discuss
how the app uses the camera and whether the images recorded are shared with any other parties.
 In addition, if the app's use of the camera is not apparent in the user interface, you should
provide a just-in-time notice prior to your app accessing the camera (if the device operating
system doesn't do so already).  That notice should provide the same information noted above,
as well as obtaining the user's permission (e.g., by presenting choices for "OK" and "No Thanks").
 For more information, please see the Privacy Guide.
+
 Methods
 -------
 

http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/cdeea53b/docs/en/edge/cordova/contacts/contacts.md
----------------------------------------------------------------------
diff --git a/docs/en/edge/cordova/contacts/contacts.md b/docs/en/edge/cordova/contacts/contacts.md
index 28e3e5e..094b856 100644
--- a/docs/en/edge/cordova/contacts/contacts.md
+++ b/docs/en/edge/cordova/contacts/contacts.md
@@ -22,6 +22,8 @@ Contacts
 
 > The `contacts` object provides access to the device contacts database.
 
+**Important privacy note:** Collection and use of contact data raises important privacy issues.
 Your app's [privacy policy](guide_getting-started_index.md.html) should discuss how the app
uses contact data and whether it is shared with any other parties.  Contact information is
considered sensitive because it reveals the people with whom a person communicates.  Therefore,
in addition to your app's privacy policy, you should strongly consider providing a just-in-time
notice prior to your app accessing or using contact data (if the device operating system doesn't
do so already). That notice should provide the same information noted above, as well as obtaining
the user's permission (e.g., by presenting choices for "OK" and "No Thanks").  Note that some
app marketplaces may require your app to provide just-in-time notice and obtain permission
from the user prior to accessing contact data.  A clear and easy to understand user experience
surrounding the use of contact data will help avoi
 d user confusion and perceived misuse of contact data.  For more information, please see
the Privacy Guide.
+
 Methods
 -------
 

http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/cdeea53b/docs/en/edge/cordova/geolocation/geolocation.md
----------------------------------------------------------------------
diff --git a/docs/en/edge/cordova/geolocation/geolocation.md b/docs/en/edge/cordova/geolocation/geolocation.md
index ae1e8ab..f9e349e 100644
--- a/docs/en/edge/cordova/geolocation/geolocation.md
+++ b/docs/en/edge/cordova/geolocation/geolocation.md
@@ -26,6 +26,8 @@ Geolocation provides location information for the device, such as latitude
and l
 
 This API is based on the [W3C Geolocation API Specification](http://dev.w3.org/geo/api/spec-source.html).
 Some devices (Android, BlackBerry, Bada, Windows Phone 7, webOS and Tizen, to be specific)
already provide an implementation of this spec.  For those devices, the built-in support is
used instead of replacing it with Cordova's implementation.  For devices that don't have geolocation
support, the Cordova implementation adheres to the W3C specification.
 
+**Important privacy note:** Collection and use of geolocation data raises important privacy
issues.  Your app's [privacy policy](guide_getting-started_index.md.html) should discuss how
the app uses geolocation data, whether it is shared with any other parties, and the level
of precision of the data (for example, coarse, fine, ZIP code level, etc.).  Geolocation data
is generally considered sensitive because it can reveal a person's whereabouts and, if stored,
the history of his or her travels.  Therefore, in addition to your app's privacy policy, you
should strongly consider providing a just-in-time notice prior to your app accessing geolocation
data (if the device operating system doesn't do so already).  That notice should provide the
same information noted above, as well as obtaining the user's permission (e.g., by presenting
choices for "OK" and "No Thanks").  For more information, please see the Privacy Guide.
+
 Methods
 -------
 

http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/cdeea53b/docs/en/edge/cordova/media/capture/capture.md
----------------------------------------------------------------------
diff --git a/docs/en/edge/cordova/media/capture/capture.md b/docs/en/edge/cordova/media/capture/capture.md
index 088277a..9d6b56b 100644
--- a/docs/en/edge/cordova/media/capture/capture.md
+++ b/docs/en/edge/cordova/media/capture/capture.md
@@ -22,6 +22,8 @@ Capture
 
 > Provides access to the audio, image, and video capture capabilities of the device.
 
+**Important privacy note:** Collection and use of images, video, or audio from the device's
camera or microphone raises important privacy issues.  Your app's [privacy policy](guide_getting-started_index.md.html)
should discuss how the app uses such sensors and whether the data recorded is shared with
any other parties.  In addition, if the app's use of the camera or microphone is not apparent
in the user interface, you should provide a just-in-time notice prior to your app accessing
the camera or microphone (if the device operating system doesn't do so already). That notice
should provide the same information noted above, as well as obtaining the user's permission
(e.g., by presenting choices for "OK" and "No Thanks").  Note that some app marketplaces may
require your app to provide just-in-time notice and obtain permission from the user prior
to accessing the camera or microphone.  For more information, please see the Privacy Guide.
+
 Objects
 -------
 

http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/cdeea53b/docs/en/edge/guide/privacy/index.md
----------------------------------------------------------------------
diff --git a/docs/en/edge/guide/privacy/index.md b/docs/en/edge/guide/privacy/index.md
new file mode 100644
index 0000000..1731700
--- /dev/null
+++ b/docs/en/edge/guide/privacy/index.md
@@ -0,0 +1,63 @@
+---
+license: Licensed to the Apache Software Foundation (ASF) under one
+         or more contributor license agreements.  See the NOTICE file
+         distributed with this work for additional information
+         regarding copyright ownership.  The ASF licenses this file
+         to you under the Apache License, Version 2.0 (the
+         "License"); you may not use this file except in compliance
+         with the License.  You may obtain a copy of the License at
+
+           http://www.apache.org/licenses/LICENSE-2.0
+
+         Unless required by applicable law or agreed to in writing,
+         software distributed under the License is distributed on an
+         "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+         KIND, either express or implied.  See the License for the
+         specific language governing permissions and limitations
+         under the License.
+---
+
+Privacy Guide
+=============
+
+Mobile privacy is a critical issue that every app developer must address. Your users expect
that their private information will be collected and treated appropriately by your app. Also,
there are an increasing number of jurisdictions that now have legal requirements regarding
mobile privacy practices.
+
+This guide on mobile app privacy should be considered a "primer" addressing some the most
significant issues. It outlines some broadly accepted best practices and provides references
to other more detailed guides and references.
+
+* Privacy Policy.
+
+    You app should include a privacy policy that addresses topics such as what kind of information
your app collects from or about your users, how that information is used, with whom it is
shared, and how users can make privacy-related choices within the app. To aid understanding,
you should use plain language and avoid technical jargon. You should make your privacy policy
available for users to review prior to download, such as in the app description in the app
marketplace. In addition, you should make your privacy policy available within the app itself.
The limited size of mobile device displays creates challenges for displaying privacy policies
to users. Consider developing a "short form" of the policy that includes the most important
information, and then provide a link to the "long form" policy for those interested in more
details. Several groups are attempting to develop icon-based standards for communicating privacy
practices, which you may want to consider once these standar
 ds mature.
+
+* Collection of sensitive information.
+
+    An app's collection of sensitive personal information raises important privacy concerns.
Examples of sensitive personal information include financial information, health information,
and information from or about children. It also includes information gathered from certain
sensors and databases typically found on mobile devices and tablets, such as geolocation information,
contacts/phonebook, microphone/camera, and stored pictures/videos. See the following documentation
pages for more information: [camera](cordova_camera_camera.md.html), [capture](cordova_media_capture_capture.md.html),
[contacts](cordova_contacts_contacts.md.html), and [geolocation](cordova_geolocation_geolocation.md.html).
Generally, you should obtain a user's express permission before collecting sensitive information
and, if possible, provide a control mechanism that allows a user to easily change permissions.
App operating systems can help in some instances by presenting just-in-time dialog boxes that
ask fo
 r the user's permission before collection. In these cases, be sure to take advantage of any
opportunity to customize the dialog box text to clarify how the app uses and, if applicable,
shares such information.
+
+* Avoiding user surprise.
+
+    If your app collects or uses information in a way that may be surprising to users in
light of the primary purpose of your app (for example, a music player that accesses stored
pictures), you should take similar steps as with the collection of sensitive personal information.
That is, you should strongly consider the use of just-in-time dialog boxes to inform the user
about the collection or use of that information and, if appropriate, provide a corresponding
privacy control.
+
+* Third party data collection or sharing.
+
+    If you app collects information that is provided to another company -- such as a social
networking platform or an ad network (for example, if your app displays advertising) -- you
should inform your users of that collection and sharing. At a minimum, your privacy policy
should describe the information collection and sharing and, if appropriate, offer your users
the ability to control or opt-out of such collection or sharing.
+
+* Collection limitation and security.
+
+    Your users entrust your app with their information and they expect that you will take
appropriate security precautions to protect it. One of the best ways to avoid security compromises
of personal information is not to collect the information in the first place unless your app
has a specific and legitimate business reason for the collection. For information that does
need to be collected, ensure that you provide appropriate security controls to protect that
information, whether it is stored on the device or on your backend servers. You should also
develop an appropriate data retention policy that is implemented within the app and on your
backend servers.
+
+Following are some additional helpful mobile privacy guides for developers:
+
+* California Attorney General, [Privacy on the Go: Recommendations for the Mobile Ecosystem][1]
+
+* Center for Democracy & Technology, Future of Privacy Forum, [Best Practices for Mobile
App Developers][2]
+
+* CTIA-The Wireless Association, [Best Practices and Guidelines for Location Based Services][3]
+
+* Federal Trade Commission, [Mobile Privacy Disclosures: Building Trust Through Transparency][4]
+
+* Future of Privacy Forum, [Application Privacy][5] Website
+
+[1]: http://oag.ca.gov/sites/all/files/pdfs/privacy/privacy_on_the_go.pdf
+[2]: http://www.futureofprivacy.org/wp-content/uploads/Best-Practices-for-Mobile-App-Developers_Final.pdf
+[3]: http://www.ctia.org/business_resources/wic/index.cfm/AID/11300
+[4]: http://www.ftc.gov/os/2013/02/130201mobileprivacyreport.pdf
+[5]: http://www.applicationprivacy.org

http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/cdeea53b/docs/en/edge/index.md
----------------------------------------------------------------------
diff --git a/docs/en/edge/index.md b/docs/en/edge/index.md
index fc08a23..da1890f 100644
--- a/docs/en/edge/index.md
+++ b/docs/en/edge/index.md
@@ -96,6 +96,10 @@ license: Licensed to the Apache Software Foundation (ASF) under one
             <span>Create, build, deploy, and debug from the command-line.</span>
         </li>
         <li>
+            <h2>Privacy Guide</h2>
+            <span>Learn about important mobile privacy issues.</span>
+        </li>
+        <li>
             <h2>Upgrading Guides</h2>
             <span>Upgrade an application to the latest Cordova release.</span>
         </li>


Mime
View raw message