MOBILE APP LEGAL ISSUES
John D. Goodhue Goodhue, Coleman & Owens, P.C. Pervasive through all of this is the notion of privacy. The different app marketplaces may require BACKGROUND privacy policies, customers may demand it, the development of the mobile app will dictate what should be present in a privacy policy, and the Federal Trade Commission may enforce it. And if the mobile app is used by or directed towards children, involves health data, or involves financial data additional laws and regulations may apply.
Intellectual property issues are also ever present in terms of protecting the mobile app or aspects of it through patents, trademarks, and copyrights, obtaining necessary licenses and permissions and not violating the intellectual property rights of others.
Given the number and scope of mobile app legal issues, this white paper does not attempt to provide a comprehensive treatment, but instead focuses on some of the most significant and common concerns and identifies relevant legal authority and marketplace agreements. In areas where technology evolvesrapidly, it is useful as a practitioner to understand something of the technology and relevant business considerations to identify and address the attendant legal issues. With mobile apps there are many. App development, distribution, marketing, and monetization can raise numerous and varied legal issues. As app functionality increases, creativity of app developers BASIC AGREEMENTS flourish, and applicable laws and regulatory frameworks continue to multiply and expand so does the complexity of advising those associated with mobile app development. The legal issues are intertwined with the various technology and business issues to create a very complex environment. Developer and Distribution Platform Agreements
This is especially true for startups. Technology startups, including some of the most successful In order to develop and distribute a mobile app requires consent to a number of different technology startups (Uber, Snapchat, etc.), often times have a mobile app which is integral to their agreements. Some of the most relevant ones for the largest app distribution platforms are set success. In some instances, these apps are tied to physicalproducts or services. Other times all forth below. Note that the various platforms may provide for specific APIs in which case additional services are entirely online. For startups where an app is critical to success, legal missteps can be agreements may apply. The various platforms may provide for integrating ad services in which case devastating. Mistakes that preclude an app from being published on a major distribution platform or additional agreements may apply. The listings below are not comprehensive for each distribution result in the removal of the app from a major distribution platform can end revenue for a technology platform. start-up. App Store (Apple) Development of a mobile app may involve the use of a number of different resources. This may include source code from various sources. This may involve source code from independent • App Store Review Guidelines, https://developer.apple.com/app-store/review/guidelines/ developers, employee developers and the use of open source code and other code or libraries (last visited August 15, 2017). made available under open source or third party licenses. Of course, source code is not the only type of resource used in a mobile app. Content may include visual elements such as splash screens, • App Store Marketing Guidelines, https://developer.apple.com/app-store/marketing/guidelines/ backgrounds, buttons, icons, and other user interface elements. Content may include written work, (last visited August 15, 2017). photos, videos, maps, links to the work of others, and content made available through APIs or user- generated contents. The complexity grows further when one recognizes that many apps have some • Guidelines for Using Apple Trademarks and Copyrights, http://www.apple.com/legal/ type of back-end which means in addition to the mobile app itself there are servers communicating intellectual-property/guidelinesfor3rdparties.html (last visited August 15, 2017). with the apps . • Apple Developer Program License agreement, , (last visited August 15, 2017). When developing for a particular platform and a particular marketplace, such as the App Store for Apple iOS or Google Play for Android, there are numerous agreements and policies which govern what one can and cannot do. Failure to follow these agreements may result in the mobile app never even being permitted to be listed or may result in the mobile app being removed from the store. Of course, once a mobile app is available on an online marketplace, does not mean that anyone will actually find it or use it. App marketing can be performed in various ways and relevant advertising laws and regulations apply. Moreover, app marketplace agreements further limit the manner in which mobile apps may be marketed.
2 MOBILE APP LEGAL ISSUES MOBILE APP LEGAL ISSUES 3 Google Play Privacy Policy According to the Federal Trade Commission (FTC), “App developers should: [h]ave a privacy policy • Google Play Developer Distribution Agreement, and make sure it is easily accessible through the app stores; [p]rovide just-in-time disclosures https://play.google.com/about/developer- distribution-agreement.html and obtain affirmative express consent before collecting and sharing sensitive information (to the (last visited August 15, 2017). extent the platforms have not already provided such disclosures and obtained such consent); [i] mprove coordination and communication with ad networks and other third parties, such as analytics • Google Play Developer Program Policies, companies, that provide services for apps so the app developers can provide accurate disclosures to https://play.google.com/about/developer-content-policy.html consumers.” (last visited August 15, 2017). The FTC provides various relevant resources regarding mobile privacy policies:
Amazon Appstore • Mobile Privacy Disclosures: Building Trust Through Transparency, https://www.ftc.gov/ reports/mobile-privacy-disclosures-building-trust-through-transparency- • App Distribution Agreement, federal-trade-commission (last visited August 15, 2017). https://developer.amazon.com/appsandservices/support/legal/da (last visited August 15, 2017). • Children’s Online Privacy Protection Rule: A Six-Step Compliance Plan for Your Business, https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-protection- • Trademark Guidelines, https://developer.amazon.com/public/support/legal/tuabg rule-six-step-compliance (last visited August 15, 2017). (last visited August 15, 2017). In addition, various app distribution platforms require privacy policies at least in certain situations. • Program Materials License Agreement, https://developer.amazon.com/public/support/pml html For example, Apple’s App Store will rejects certain apps without a privacy policy: (last visited August 15, 2017).
“5.1.1 Data Collection and Storage • Mobile Ad Network Publisher Agreement, (i) Apps that collect user or usage data must have a privacy policy and secure user consent https://developer.amazon.com/public/support/mobileads/publisher-agreement.html for the collection. This includes—but isn’t limited to—apps that implement HealthKit or other (last visited August 15, 2017). health/medical technologies, HomeKit, Keyboard extensions, Apple Pay, Stickers and iMessage extensions, include a login, or access user data from the device. Your app description should let These various agreements are important to understand for a variety of reasons. First, if a mobile app people know what types of access (e.g. location, contacts, calendar, etc.) are requested by your is not in compliance it may never be published by a distribution platform. If it is published and later app, and what aspects of the app won’t work if the user doesn’t grant permission.” determined not to be in compliance it may be removed. In addition, these various agreements may place requirements on developers regarding the terms they may need to include in their terms of … service or their privacy policy. 5.1.4 Kids … Terms of Service Every mobile app should have a Terms of Service also known by various other names including Moreover, apps in the Kids Category or those that collect, transmit, or have the capability to Terms and Conditions or in some instances as a Disclaimer. What is present in the Terms of share personal information (e.g. name, address, email, location, photos, videos, drawings, the Service will of course vary based on the mobile app itself, its functionality, and the specific issues it ability to chat, other personal data, or persistent identifiers used in combination with any of the poses. Distribution through a particular marketplace or distribution platform may impose its own above) from a minor must include a privacy policy and must comply with all applicable children's requirements on what is included in your terms of service. For example, Apple provides the following, privacy statutes. For the sake of clarity, the parental gate requirement for the Kid’s Category is “Instructions for Minimum Terms of Developer’s End-User License Agreement”, generally not the same as securing parental consent to collect personal data under these privacy http://www.apple.com/legal/internet-services/itunes/appstore/dev/minterms/ statutes.” (last visited August 15, 2017).
-- App Store Review Guidelines, https://developer.apple.com/app-store/review/guidelines/ (last visited August 15, 2017).
4 MOBILE APP LEGAL ISSUES MOBILE APP LEGAL ISSUES 5 The privacy policy should explain what information is collected, how it is used, and how it is shared. This can be a far more difficult determination than what it might initially seem. For example, where OPEN SOURCE AND THIRD PARTY LICENSES analytics functionality or ad network functionality is incorporated into the mobile app there may be additional collection and use of information. In app development, as in any other type of software development, source code or libraries from others may be used which are governed by third party licenses. Some of these licenses may impose Of course, the privacy policy needs to be updated whenever new app features are added which requirements that copyright notices or license agreements be maintained intact and distributed with involve collecting and using additional information. the commercial product. One way to address this is to have an “Open Source Licenses” or an “Open Source and Third Party Licenses” section of the Terms of Service or as a separate document. Where With mobile devices, keep in mind, that the mobile app can, with appropriate permission, access the license is for content, a similar approach may be used. all kinds of information on the device. Thus, where such data is being used or collected or shared in some way, appropriate descriptions may be in order. Examples may include, performing in-app Of course, not every open source license permits commercial distribution or even distribution without purchases, reading device and app history, reading cellular data settings, access accounts and profile distribution of the source code. information, read and modify contacts, read and modify calendar information, location access, send and read SMS or MMS messages, read and write to a call log, read storage, take pictures and videos, Failure to comply with these third party licenses can result in an app being removed from the record video, record audio, access Wi-Fi connection information, getting information from nearby distribution platform in addition to any legal claims. Bluetooth devices, access data from wearable sensors, and other functions. See e.g. https://support.google.com/googleplay/answer/6014972?hl=en (last visited August 15, 2017). App Marketing Distribution agreements may place restrictions on app marketing. For example, the Google Play Special attention needs to be paid to any collection and possible collection of data from children to Developer Program Policies place the following restrictions on app developers: ensure compliance with Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6502(c) and 6505(d) and the Children’s Online Privacy Protection Rule (“COPPA Rule”), 16 C.F.R. Part 312. Advertising laws apply including Section 5(a) of the FTC Act, 15 U.S.C. § 45(a) which precludes, “Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful.” United States of America v. Yelp, Inc., CASE NO. 3:14-CV-4163, https://www.ftc.gov/system/files/documents/cases/140917yelpstip.pdf “App Promotion The FTC settled with Yelp for alleged violations of the Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6502(c) and 6505(d) and the Children’s Online Privacy Protection Rule (“COPPA Rule”), 16 We don’t allow apps that directly or indirectly engage in or benefit from promotion practices C.F.R. Part 312. The settlement included a $450,000 payment and the alleged violations involved that are deceptive or harmful to users or the developer ecosystem. This includes apps that collecting age-related information but not handling such information appropriately even when engage in the following behavior: data was being collected from a child • Using deceptive ads on websites, apps, or other properties, including notifications that are similar to system notifications and alerts. Note that in addition to the privacy policy, other types of disclosure may be warranted. These include “just-in time disclosures” such as message boxes or notifications that information is being accessed in • Promotion or installation tactics that redirect users to Google Play or download apps order to obtain clear consent from users. This may be especially important when information being without informed user action. collected does not seem readily related to the function of the app. Similarly, it is advisable to put programmatic safeguards in place, if information collected sufficient to identify a user as a child as • Unsolicited promotion via SMS services. opposed to merely including a statement in a terms of use that children under age 13 should not use the app. It is your responsibility to ensure that any ad networks or affiliates associated with your app comply with these policies and do not employ any prohibited promotion practices.”
--Google Play Developer Program Policies, https://play.google.com/about/developer-content-policy-print/ (last visited August 15, 2017).
6 MOBILE APP LEGAL ISSUES MOBILE APP LEGAL ISSUES 7 Here you can specify copyright violations, trademark infringement issues, file a counter notice to reinstate content that was removed due to an alleged copyright violation, or other legal issues. Google provides an appeal process for reinstatement of an application if an error was made and that Federal Trade Commission et al. v. Equiliv Investments et al., the app is actually in compliance with the applicable policies. https://www.ftc.gov/enforcement/cases-proceedings/142-3144/equiliv-investments-prized (last visited August 15, 2017). Repeated violations by a Developer can result in the developer being banned from Google Play for life. These platforms may also allow the same process to be used to deal with defamation, right of FTC and New Jersey settled with app developer regarding app which installed malware that publicity, and other issues. hijacked phones to mine cryptocurrency leaving phones with drained batteries, depleted data plans. The FTC brought is claims pursuant to Section 13(b) of the Federal Trade Commission Act, Adoption of mark 15 U.S.C. 53(b) and New Jersey brought its claims pursuant to the New Jersey Consumer Fraud Issues can arise when adopting a name which is a trademark of another. The risk of doing so can be Act (“CFA”), N.J.S.A. 56:8-1 et seq. to prevent Defendants from engaging in unfair and deceptive mitigated by performing a full trademark search and opinion or at least a trademark screening search. acts or practices in violation of Section 5(a) of the FTC Act, 15 U.S.C. § 45(a). When performing a trademark screening search for the name of a mobile app, consider searching the major app markets for the same and similar names in addition to any other searching which may be performed. The FTC provides resources such as the following: Use of trademark associated with app distribution platforms • Marketing Your Mobile App: Get It Right from the Start, https://www.ftc.gov/tips-advice/ The various app distribution platforms allow for the use of certain trademarks for advertising apps business-center/guidance/marketing-your-mobile-app-get-it-right-start for their platform such as badges, images, and logos. However, their policies and guidelines set forth (last visited August 15, 2017). how their trademarks can and cannot be used in promotion and distribution of apps.
Intellectual Property Issues Patents Although intellectual property issues are intertwined with the basic agreements and app marketing, Utility patents may be possible for a particular mobile app. However, 35 U.S.C. § 101 and Alice Corp. here are some additional issues of relevance. This section address some of these issues, particularly v. CLS Bank International, 573 U.S. __, 134 S. Ct. 2347 (2014), may create significant patent eligibility with respect to aspects which may be different in the context of mobile apps or specific to mobile subject matter hurdles for some mobile apps. apps. In some instances, design patents may be an appropriate way to protect portions of an app where Intellectual Property Enforcement there are unique aspects of the user interface. Where a mobile app is distributed through a mobile app distribution platform, these distribution platforms have their own systems for dealing with infringement issues. Intellectual property ownership and permissions Intellectual property associated with a mobile app can include source code and components, content App Store such as graphics, text, audio, video, and other types of information. Appropriate written agreements To initiate a Content Dispute, follow the below link: from creators of this material should be obtained. http://www.apple.com/legal/internet-services/itunes/appstorenotices/ Apple also allows developers to appeal to the App Review Board if they have a rejected app. If the mobile app links to other sources there should be permission obtained. For example, if https://developer.apple.com/contact/#distribution displaying content from a web site or an RSS feed the relevant terms of use should be checked and a commercial license may be needed. Google Play To initiate the process to remove content from an app on Google Play, follow this link: https://support.google.com/legal/troubleshooter/1114905?product=androidmarket (last visited August 15, 2017).
8 MOBILE APP LEGAL ISSUES MOBILE APP LEGAL ISSUES 9 Copyright notices Proper copyright notices and attributions should be included. Consider filing copyright registrations where appropriate.
Other legal issues Of course there are numerous other legal issues which apply to mobile apps.
User content If apps include user-generated content, then the app developer should consider registering for the safe harbor protection of the Digital Millennium Copyright Act, 17 U.S.C. § 512. This involves registering as a designated agent at the Copyright Office and enacting policies to remove infringing content and address repeated offenders.
Entity formation App publishing is a business activity. Many individual app developers do not consider the potential for liability and may need to consider forming another entity.
Financial data Where apps use financial data then various other rules and regulations may apply regarding privacy and use including Gramm-Leach Bliley Act, 5 U.S.C. § 6801 et seq.
Health data Mobile apps which use health data may be subject to the Health Insurance Portability and Accountability Act (HIPPA) and the HIPAA Security Rule. These apps may also be subject to the Health Breach Notification Rule.16 CFR Part 318.
Mobile Medical Apps The Food and Drug Administration (FDA) also regulates certain types of mobile apps including those which meet the definition of a “medical device.”
10 MOBILE APP LEGAL ISSUES MOBILE APP LEGAL ISSUES 11