With the surge of mobile applications being released, many developers and companies are finding it increasingly harder to standout from the rest. A great way to differentiate yourself, build a strong user base, and keep them happy with your product is through trust. As security and privacy come up more often the news, users are becoming more concerned with what information is required of them, and what that information is being used for. By being proactive with the information gathered in a privacy safe manner, businesses can differentiate themselves. Establishing trust with your user-base should be something that is transparent, and unfortunately is really only ever noticed when something goes wrong.
Even ignoring security implications, users still want a certain sense of anonymity when online, and while the browser world has made large strides towards standards in the area, the mobile world is lagging behind. This feeling is not as prevalent in the younger generations who grew up with mobile devices, and being constantly connected, but the idea of building consumer trust is still important to them, whether it is obvious or not, as can be seen with the recent ‘violations’ in the news recently with Facebook, Target, Adobe, and so many more, these younger generations are the most vocal.
Testing For Trust
So that information is all well and good, but how can you build trust into your app, and more importantly, how can and should you test for it?
With the short turn around time in the customer feedback loop, and the instantaneous availablity of bad reviews, trust issues within your software can mean a quick death to the application. This means that trust testing needs to be included before the app store testing takes place. Ideally, trust should be considered at the beginning design stage, and should be tested as soon as possible. This means design your application with security and privacy in mind. Don’t ask the user for information that isn’t consistent with how the application is being used. For example, if you have a solitaire web application, don’t request GPS information from the user. Also, determine if there may be a better way to accomplish tasks without PIA or PD. As for initial unit testing, applications should examine how their data is being stored, and how it can be accessed on the device.
Once we move into the functional realm of testing, the trust testing becomes a bit more strait forward. Ensure the testers know what sort of data is required by the application, and look at what data is actually collected. Tools such as Kryptowire can analyze the code, and verify that all data permissions requested being requested as being used, no more, and no less. When data is being saved, ensure notifications are being sent to the user. If data is being requested from the user that may cross over into personal data, be upfront about it, and notify the user to why the information is being collected. A quick way to destroy trust within an application is for a user to find out that data is being collected or used from then, without their knowledge.
Security testing should heavily examine data being stored, and how it is accessed by the app. Ensure all private data is encrypted, and all data can’t be accessed by other applications unless specifically desired to do so. Additionally, when doing network testing, look at what data is being sent. Run your testing through a proxy, and see if anything sensitive is being transferred that should not be.
Building trust with your users is easy enough to do, but also easy enough to mess up. Learn from the mistakes of others; keep all data secured, don’t gather unnecessary data, and above all, be upfront with your actions. Having a trusting user-base will spread word of your application, help your application grow, and ultimately make your company more money.