tags:

views:

326

answers:

2
+1  Q: 

Do I need an EULA for this Android app?

If you have an Android application that needs to retrieve data from your own server that depends on the latitude and longitude of the requests, do you need to let a user agree with the ability to save that same latitude and longitude for simple (and fun) statistical and anonymous purposes in some sort of EULA?

Or is it sufficient to mention the gathering of statistics somewhere in the Help section of that app?

A: 

Well, you can't go wrong if you do mention it in EULA. I think that the best way to cover this would be to show a message first time application is started which will inform the user of tracking and point him to the EULA. I'm sure that you wouldn't like your users accusing you of spying on them. Even if you do mention somewhere in your program that you are gathering statistics, if you don't show it in a way that even worst luser can't miss it there is a chance that it will cause negative publicity.

Keep in mind that in some countries it could be illegal to monitor users without notifying them in advance.

Also, how certain are you that the data collected is anonymous? Can you give 100% guarantee that user can't be tracked? Even if your server does not collect private data about users, you can't be sure that someone along the way won't be able to collect private data. First thing that comes to mind are telephone and WiFi operators.

tl;dr Better be safe than sorry in areas such as this one.

Also I'm a bit surprised that there aren't more answers to this question. I think it's very important ethical question.

AndrejaKo  2010-05-20 08:59:57
The thing is that I generally dislike EULAs, but I'm afraid my hands are tied on this one ...Another option that I would favor is to have a preference which the user can enable or disable, so he can be in control whether his data can be saved or not. I'm afraid that would be insufficient as well, right? Or would that depend on the default value of that preference (similar to opt-in vs opt-out)?
Franklin  2010-05-20 09:19:50
Also, how would a telephone or WiFi operator be able to use the latitude and longitude for their own purposes? Telephone operators already know the locations of their users, and WiFi operators surely know the location of their networks as well ...I'm not simply disagreeing with you on this one, but I'm sincerely wondering in what way that information could be abused. :)
Franklin  2010-05-20 09:24:28
Well, I think the best way would be to do the same thing which the developers of popularity-contest for GNU/Linux did. Have an option, mention it to user and have its default state be off. This way, users need to opt-in so they can't complain about being uninformed. I think that its the best way to go if you hate legalese as much as I do :)
AndrejaKo  2010-05-20 09:24:50
About telephone operators and friends: Look at it this way: What if someone tries to indirectly use operator to monitor users? We all know that it's a simple thing for telephone operators to track their users and a bit more complicated thing for WiFi operators to track their users, but what if someone associated with the operator is doing the tracking without op's blessings? I'm thinking about corrupt employees, intelligence agencies, organized crime and similar (but mostly corrupt employees). In a perfect world, you wouldn't have to worry about something like that, but reality is a bad place.
AndrejaKo  2010-05-20 09:30:34
Of course the most important thing about privacy concerns is how often does the application send data? If it's once every few days, then it's not very useful for tracking, but if it's once every minute...Also another vote for the opt-in: To send data, you have to use Internet. In some countries (like mine for example) Internet over mobile phones is very expensive and users definitely wouldn't want to have some application spending their hard earned money without notifying them in advance.
AndrejaKo  2010-05-20 09:33:40
The application can be configured how often to retrieve updates, from once every 5 minutes to once every hour (defaults to once every 30 minutes). Since use of the application completely relies on data connectivity and that users have to agree on beforehand that applications can use their internet connection at will, I'm not concerned with users begin surprised that the app actually does something with that granted permission. :)
Franklin  2010-05-20 09:41:48
Totally forgot about that one when I was typing the comment.
AndrejaKo  2010-05-20 13:11:24
+1  A: 

The best approach would be to have the location tracking feature switched off by default and allow it to be switched on in the settings and perhaps present user dialogs asking for it to be switched on.

If your application requires it in all use cases, make sure that there is a notification at start-up that warns the user all future uses of the application will collect location data.

In general, a EULA is supposed to be designed to protect you, not gain permission from users.

The users have already agreed to the terms of the Market which include your application being able to see their location if they install your application.

Remember, they already give you permission in two ways:

  • Your application indicates the permission in the manifest and therefore at install-time, so they know it when they install your application
  • They have the option to switch off location detection in the settings via networks and GPS at any time

To conclude: You should include a notice, but not an entire agreement as it is unnecessary. A notice is courteous enough. You do not require their permission as long as the phone is being used in a country Google may legally perform business in.

HXCaine  2010-05-20 15:21:12
Thanks, I went for the notice inclusion option! :)
Franklin  2010-05-22 22:50:51

related questions

What are the legalities of repackaging other's RSS feeds into a new presentation?
Adding the GPL license to C# Projects
Could I get in legal trouble for copying a website's stylesheet?
Is it legal way to get use GPL code in close-source application through plugin?
Data Protection and Web 2.0 Web sites
What's the difference between the open source licences
GPL software in debug only closed source applications
Is it legal to reverse engineer binary file formats
Potential legal issues with storing Social Security/Insurance Numbers (SSNs/SINs)?
Freelance work with no contract - who owns the code?
Is using Dexter's character sprite okay, or do I have to...
How can newly registered trademarks affect previous non-trademarked software?
Non-Compete Clauses
Legality of Encryption in Standard Libraries
Self-owning web services, or services that can survive the death of the inventor
Place To get EULA and Other Legalese For Software?
Copyright and Fair Use in Distributable Software
Visual Web Developer Express and .NET, et al.
Copyright question - Dictionary Application
Am I allowed to run a javascript runtime (like v8) on the iPhone?
Using icons licensed under GPL or LGPL in a closed source commercial software?
When/if to seek a patent?
Corporate-Friendly Open Source Licenses
What can I do about my employer's intellectual property policy?
Found a critical bug, but the company doesn't care