Part IV: App Security
Another concern that app developers must be aware of is the security of the app itself and the security of the data that the app collects from users.
Minimise user date & secure what you store
User data can include anything from asking users to create an account with a username and password to asking users to upload and store evidence of abuse. The first step to data security is to only collect the information needed to provide the service. Don’t ask for data you don’t need. For example, some apps require users to create an account when there is no obvious need. Other apps require access to information on the device, such as the user’s contact list and calendar, even when that information is irrelevant to the app’s functionality.
Also, remember that some types of data are more sensitive than others. Sensitive data includes personally identifying information like name, birthdate, location, health/mental health information, and documentation of abuse. The exposure of sensitive data can have dangerous consequences for the survivor if the abuser discovers it. For this reason, securing sensitive data from unintentional disclosure is crucial. [In Australia, you must also be aware of the Privacy Act].
Develop your app in a way that doesn’t require users to share personal information or offers users multiple ways to opt into or out of sharing personal information. For example, some safety apps allow users to contact someone through the app. Develop the app in a way that lets the user manually type in the contact information rather than requiring that the app be connected to their contact list. Also, remember – if your app is designed to inform 2 or 3 contacts when the survivor needs help, the app does not need access to the entire address book. This is also helpful because some users may want to input a safety contact, such as their domestic violence advocate or private attorney, who isn’t in their contact list.
App security
For apps that collect no or minimal data from their users, the security issues are more about the app itself. Some apps are built to function fully on the device, where all the content is accessible via the downloaded app. Other apps require users to retrieve information online. Depending on how the online content is hosted, if someone was covertly watching the internet traffic, they might be able to discover the names of the websites and other content being accessed. Think about where your online content is hosted and how that information is retrieved. For example, to protect survivors, app videos may be hosted on a secure server, and the files could be named in a way that obscures what they are in case someone is covertly watching the internet traffic.
Have a security framework and policy
Anytime you ask users to share personal information with you, you need to know (and let them know) how you’ll keep that data secure. The security framework should encompass every level of engagement – from the time they share their information (account creation, uploading/downloading content) to when you store that information (on secure and encrypted servers) to how (and how often) you destroy content. Your security policy should be clear and posted so users can easily review it. It should also be very clear about when and how you might share their information with third parties such as the police or courts.
Educate users on security
If your app encourages people to use third-party cloud storage like Dropbox to store personal information gathered via your app, provide tips and education on good security practices. Where appropriate, teach users to utilise solid security practices such as strong passwords, multi-factor authentication (MFA), passkeys and backup/recovery codes. The better they understand the risks and how to minimise them, the better they can navigate them and develop stronger safety strategies.
This series was written by our sister project, the U.S. Safety Net Project at the National Network to End Domestic Violence. This series is based on lessons learned when developing the NNEDV Tech Safety App, and in reviewing dozens of apps created for victims of domestic violence, sexual assault, and stalking.

Get Social