by Paul Rubens

How Mobile Developers Can Win Customers’ Trust

Feb 05, 20146 mins
Consumer ElectronicsMobile Device ManagementPrivacy

Many of today's mobile and Web applications collect personal data. This makes plenty of users pause before downloading. To ease user's minds -- and to help developers demonstrate that they have legitimate reasons for collecting that information -- MyPermissions has established a permissions certificate process to deem apps 'trustworthy.'

Someone, somewhere, is about to install the mobile app that took you hundreds of hours and cost thousands to dollars to develop. Just as he’s about to, though, he changes his mind — and you’ve just lost another potential user.

This scenario happens to developers every day. Often, it’s a matter of trust. Many apps request permissions to access private data of many different types. Users — quite rightly — are often reluctant to grant those permissions to an app they have no reason to trust. Do they really want the app to be able to post “on their behalf” on social networks?

“Some apps ask for access to your phone log or your photos, and you start scratching your head as to why,” says Olivier Amar, CEO of MyPermissions, a company that has set up a free permissions certification process for developers. “Sometimes, developers really need those permissions, but they don’t have a way to explain that.”

Developers Must Meet ‘Clear Guidelines’ for MyPermissions Certification

MyPermissions Certified Application Logo

MyPermissions’ certification program covers mobile apps as well as also websites and other applications that connect to online services (such as Twitter or Instagram) or that allow users to authenticate themselves using services such as Facebook Connect. That’s important because about 80 percent of the top 100 iOS apps, and almost two-thirds of the top 100 Android apps, use Facebook Connect to let users sign in to the games or services they provide, Amar says.

To become MyPermisions Certified, developers must go through a form-filling process. This includes a review of the required permissions and a privacy questionnaire that justifies the personal information that their apps access and details why they need it. “We have guidelines, and they are very clear,” Amar says.

[ Read about app certification programs for Amazon Web Services, Google Apps and Twitter ]

Any developer asking for permissions that contravene these guidelines will have to make changes in order to become certified, he explains. “We won’t certify author[s] if we can’t understand why they want certain types of information. Why do they want to know your friends of your political views? An answer like ‘We might need it in the future’ is not acceptable.”

Amar says the certification process is fairly painless. If a developer’s well-organized, it can take as little as 20 minutes. Otherwise, the process could very well last weeks.

Of course, this raises a key question for developers: Why bother? Why go through such an administrative process just to get a certification that, let’s face it, most users have never heard of?

One answer is that it allows you to establish your trustworthiness. Users who are curious can click on the “MyPermissions Certified” logo to bring up information about the certification, along with an explanation of why you needs each permission and what you will do with the personal data your app can now access.

Perhaps a better answer is that it may bring more users to your apps. During testing, apps that displayed the MyPermissions Certified mark saw conversion rates rise between 5 percent and 9 percent, Amar says. (In this case, “conversion rate” means users actually ran the applications after downloading them or signed into them using a system such Facebook Connect, rather than abandoning them.) That’s a significant amount of numbers users — and it could provide a useful increase in revenue as well.

MyPermissions Certification Helps Developers Improve App Downloads

Given that most people have never heard of the MyPermissions certification scheme or know what the “Certified” mark means, does it really work?

Mobile Application Privacy

Rounds — developer of the video chat service that can be accesses through an iOS or Android mobile app, through the company’s website, or as a Facebook or Chrome app — went through the MyPermissions certification process.

[ How-to: 5 Ways to Avoid Mobile App Development Failure ]

[ Commentary: Application Testing and Sins of Omission ]

“When you download the app, the first screen you see when you connect via Facebook is the MyPermissions certification,” says Rounds CMO Natasha Shine-Zirkel. “Even if the user doesn’t know what MyPermissions is, seeing that we are certified by a third party means a lot to end users. They trust us.”

There’s hard evidence to support this, too. When the company started to display the MyPermissions Certified mark on its start screen, it saw an 8 percent rise in the number of people who downloaded the app and then logged on using Facebook Connect, Shine-Zirkel says. (That said, a simultaneous application redesign may have contributed to the increase as well.)

Binpress, a marketplace for commercial open-source projects, also earned MyPermissions certification. CEO Adam Benayoun set up an A/B test on his website and found that “significantly more” people signed up when presented with the MyPermissions Certification mark than when they weren’t.

“We saw the difference the same day,” he says. “A lot of people clicked on the seal to find out what it meant — but, in fact, a lot of people just saw the seal and it inspired trust. That’s important. So many people decide not to sign up at the last minute because they don’t trust you.”

Changing Application Permissions May Require Recertification

For now, many users seem willing to accept a third party trust mark, even if they don’t know exactly what it means. But what happens if developers abuse this trust by adding extra permissions or using information in new ways after they’ve been certified?

[ Analysis: Are Mobile Apps Leaving Quality Assurance Practices Behind? ]

[ More: 5 Mobile Security Lessons From the Department of Defense ]

Amar says his company monitors more than 400,000 apps. If any certified companies change their permissions, then they’re contacted if MyPermissions is not happy. If changes aren’t made to bring the app in to compliance with the program, then it could lose its certification.

The risk, of course, is that unscrupulous developers could use the Certification mark anyway. In those circumstances, MyPermissions is prepared to pursue legal action, Amar says. If the developer is based overseas, in a country that’s effectively beyond the law, then there’s little the company could do, he concedes.

Nevertheless, the attractions of the certification program seem clear. Aside from the time it takes to participate, it costs nothing to join. (This will change in the future, with a $50 monthly charge for applications with more than 100,000 users.) If it really does result in a 9 percent increase in users for your app every month, then getting certified might make a lot of sense.

Paul Rubens is a technology journalist based in England. Contact him at Follow everything from on Twitter @CIOonline, Facebook, Google + and LinkedIn.