Mobile App Scanning and Consent
Collect App Consent and Adhere to Global Regulations
The latest regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) are not only focusing on web privacy, but also mobile app technologies; specifically how apps collect data and share that data with third-parties.
CookiePro’s technical solution enables businesses to collect app consent, scan for tracking technologies and unknown SDKs, and give both privacy and mobile app development teams visibility into how their app is sharing data with other third-parties.
Mobile App Consent 101
What is Mobile App Consent?
While almost everyone in the world owns or uses at least one mobile device, a lot of people don’t understand the technologies their favorite apps are utilizing to make the experience better.
Mobile devices utilize a multitude of techniques to collect information about the user. Everything from what screens they visit, how long they are on these screens, what they are talking about, as well as their location when using the app.
Mobile devices have access to much more information than a website does, and because of this, the way you collect and distribute consent is important. It not only helps your organization remain compliant with today’s privacy regulations but also shows your users that you care about their privacy.
How Mobiles Devices Interact with Users
Through Mobile Device Browsers
A mobile device has several ways of interacting with a user. This may include the default browser such as Safari, Chrome, or Firefox. In these cases, the technology being used is most likely cookies, or one of the other website-specific methods.
Through Mobile Applications
Another way of engaging with a mobile user is through a mobile app. In this scenario, the technology being used to collect the user’s information is going to primarily be an SDK that has been included in the app. Compared to mobile app SDKs, web tracking and measurement capabilities are limited in comparison.
A cookie is limited to collecting only what is available on the screen. This may include links you click on, IP address, browser type, or some other basic information. A mobile device does not have the same limitations.
A third-party SDK, if given permission, can access a significant amount of information such as personally identifiable information.
- If an app is granted permissions to something such as contacts, it’s not limited to use that data for only its intended purpose – it will be able to collect the names, phone numbers and even addresses of everyone if the contacts list.
- If granted permission to GPS, the app isn’t limited to collecting and using that information to find the closest store to your location. It can collect that data to see where you go, how long you spend there, and use that information for their own purposes.
Most mobile devices now come with many different types of permissions, including your location, contacts, camera, microphone, Bluetooth, Calendar, phone logs, and text messages. Managing these permissions is important to controlling who is using your data and for what purpose.
Who is collecting data via SDKs?
There are two main sources that are collecting data within an application – the application owner and third-party services or ads.
The application owner will generally be using the granted permissions for giving functionality in the app. However, they are not required to only use those permissions for functionality, they could also be collecting the data to use to deliver a more personalized experience or aggregating data for analytics.
Third-party services also do not have the requirement to use granted permissions for specific functionality. For example, a third-party SDK that is used for logging into an app via a social media account could also use the data gathered to serve more personalized advertisements. Additionally, these third parties are generally the same third-parties that are dropping cookies or other tracking technologies on websites, giving them access to a large pool of information.
How CookiePro Helps
Scan Your App for Third-Party Tracking Technologies
CookiePro enables developers and businesses to scan their app to identify privacy permissions, frameworks, and SDKs. Once scanned, the tools allows users to export visual reports to understand the app’s health, and make consent adjustments based on the scan findings.
Collect Consent To Comply with Regulations
CookiePro has multiple consent approaches built directly into the tool and also allows users to use a customized approach to fit business needs. The CookiePro platform allows businesses to capture detailed information such as who consented, when it occurred, and what they were told upon consenting.
Sync Preferences Across Marketing Channels and IT Systems
CookiePro enables users to leveraging customized preference centers that allow communication management settings by product, channel, frequency, etc.
Maintain Records in a Central Consent and Preference Database
CookiePro allows businesses to leverage the portal to manage historical documentation for data audits and managing customer and data subject requests. Through CookiePro API, analytics and visual dashboards can be used to track progress of your privacy program and integrate with marketing and IT technologies.