The policy accessibility framework aims to describe:
What are the sources of data are being used by the app, and how aware will you be when they're collected?
- address book
- some applications will access individual records, or the entirity of your address book, for their names, email addresses and phone numbers, or any other details you have on your network. actively, the application would show you a list of your contacts to choose from. passively, the application would select data from your address book in the background.
- accessing the microphone allows the application to record and interpret sounds. this might be for voice control, recording, measuring the volume of your environment, or what kind of environment you're in. actively, you'd be asked to record or capture a sound. passively, it would be capturing audio data without your direct awareness.
- the camera on most devices can capture images, but also light levels, record movement, and generally record a great deal of data. it could in theory recognise individuals, the place you're in, or near by objects. actively, you'd be asked to point the camera at something. passively, it would be capturing visual data in the background.
- text messages
- an application could access the text messages messages on your device. actively, it would ask for you to select messages. passively, it could read and store any of the messages, along with who they were sent to/from, and times and dates.
- the images stored on your device may be accessible to the application, along with any meta data within the images, for example, time, date, and location. the image data could also be explored, to recognise people, places and objects. actively, you'd be asked to select which images you'd like to share. passively, it would do this without your direct awareness.
- an application could 'listen' in to your phone call, and use the call as an audio source, along with the person who is calling, their number, duration, time of day, etc. actively, you'd need to allow the application to eavesdrop. passively, it could do this without asking each time.
- call logs
- an application could review your call logs, the list of who you called and received calls from, and at what time of day, duration of call, and whether it connected or not
- other applications
- an application could review what other applications you have on your device, and potentially share data with those applications, or read data from those applications. actively, you'd be asked which applications you'd want to share with. passively, it would do this without asking
- an application can find your current history, and by taking a series of measurements, calculate your velocity and direction of travel. actively, the application would need to ask for your location. passively, it would do this in the background.
- location history
- an application could log or access a log of all of your locations over a period of time. actively, the application would ask you for this list. passively, it would access or create its own list silently
- device ID
- devices have a number of uniquely identifying attributes, like IMEI numbers, hardware serial numbers, SIM card addresses, and so on. these are often used to identify a device when a user has not registered. whilst it may not identify you with personally identifable information, it does mean the application knows it is the same device each time, and together with location or contact data, can be used to build a profile of you as a user, even if you didn't register
- payment accounts
- as mobile and micro payments become more common, your device will store payment account information, which could be accessed by the application. accessing this information passively could be extremely risky. actively, it would ask you to confirm payment or access of your payment details. passively, you may not be aware the application is reading your payment details
- Near Field Communications, or NFC allows your device to interact with other physical devices which are near by. this can be used for many reasons. actively, you would be asked to touch against an NFC device. passively, the device might just wait until it comes in contact with an NFC device and react silently
- the accelerometers are able to measure the orientation and movement of your device in space. actively, your device might ask you to get ready to move. passively, which is more common, the device would react to accelerometer changes in some way without your direct intervention
- your device may have temperature sensors, and use these to measure the ambient temperature. actively, you may be asked to take a temperature reading. passively, the application could capture and record this data silently
- your application may be able to connect to other devices wirelessly via bluetooth. actively, you will be asked to pair with another device. passively, it may search for or connect to other devices without your awareness
- your application may be able to scan for, connect to or access previous connected wireless networks, along with their usernames and passwords. actively, you'd be asked to connect to a network. passively, this data may be accessible without your intervention
and, whether you're actively prompted to okay the source being used (at time of use) or whether it passively accesses the data (perhaps on install).
What are the destinations the data will be sent to?
read only (ie. not stored), our servers for this app only, our servers for any of our apps, anonymised and shared with other companies, shared with other companies, public (actively aware), public (passive)
How long will this data be held?
session only, application lifetime, 6/12/18/24 months, indifinitely, mixed
How will the data be used?
advertising, usage patterns, network matching, context setting, other
And a boilerplate including:
some standardised links, ie. URL to a plain english version of the policy, and the full legal policy statement; what countries this policy applies to; what local agencies potentially have access to this information (ie. courts, police); a data policy contact email address; contact details for the company. etc.