Security & Privacy in the App Economy

Published Originally on Apigee

As enterprises adjust to the new reality of business having moved beyond their core and legacy systems of record – to millions of mobile devices and social networks at the edge of the enterprise, to new distribution channels in the shape of apps which are often built by third party or partner developers – the question of end user privacy becomes increasingly important. As the app economy matures, it’s participants will have to quickly move from self governance to establishing standards or even regulation to address end-user privacy expectations.

Who is responsible for security and privacy when dealing with applications and APIs?

In the era of the browser, privacy questions were handled expressly between the website operator and the end user. The end user consented to using the products and services exposed through the website and had the right to agree to the policies set forth by the web site operator.

In the app economy, the value chain changes forcing a change in how privacy and privacy policy need to be managed and crafted. The question of privacy will quickly rise higher in the minds of end users as the app economy matures.

Who is ultimately responsible for privacy and policy in the app economy?

End users? API providers? App developers?
The answer is all of the above!

End Users

Privacy is really the control that a user has on their definition in an environment that they are familiar with and understand how it functions. The world of apps is a new environment that end users are only becoming familiar with and privacy best practices from the browser world can be found severely lacking in this new environment. Users will demand similar rights as they do in the online/browser world, including:

  • Understand and view the information being collected about them

  • The ability to choose what information can be collected and for what purposes it can be used beyond the immediate product or service

  • The ability to contest the accuracy of information collected about them

  • Understand the security of processes and systems used to store and process their private data


Through the ability of APIs and apps to reach new markets and end users across the globe, the enterprises might find themselves operating in completely new markets and geographic regions and therefore find themselves bound to the privacy regulations in several parts of the world. This means that enterprises will have to increasingly deal with different privacy rules and regulations for the same services and products. New products and technologies are required to operate in this new environment.

App Developers

The app developer who might not have been thinking about their end-user privacy expectations will very soon have to worry about how and what end user information they collect, store, process, and share. Preparing for success requires developers to be cognizant of privacy and security issues and utilize best practices while building their apps.

Developers should collect only the data required to offer the best experience to end users. They should not store user data without users’ permission. User data should be obfuscated or encrypted if possible, and so on.

As apps become popular, as usage increases and becomes more personalized, these requirements and considerations can be ominous and a distraction for developers. They too will need a new set of tools and technologies to help them deal with privacy expectations, consent, and data management solutions.


A whole host of factors including the advent of big data technologies, publicly available information sources optimized for consumption, sophisticated behavioral analysis for personalization, and the advent of recommendation and predictive products and services, end users will become more concerned about their privacy. They will demand a single point of contact and tools to understand their privacy considerations and control their information and its usage.

Is the app economy ready for this challenge?

Here are some steps that can be taken to get ahead of the problem.


  • Understand and provide to your end users privacy policies and data handling procedures for all services that your app uses

  • Choose APIs (and services) for your app that are highly reputed and offer best-in-class privacy handling and mitigation procedures

  • Enable end users to connect with services directly regarding their policy questions

  • Utilize cloud-based data storage providers that are privacy and security certified


  • Consider the entire value chain from a security perspective – from API to developer to app to end user

  • Build capability to distinguish between good and malicious apps that use your APIs

  • Detect malicious apps and take steps to block such apps and notify end users of these apps and help them deal with any privacy outages

  • Enable end users of apps that use your APIs to understand your data collecting and privacy policies

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s