Considerations for App Developers:
Safety & Privacy for Survivors of Abuse
As with any technology, when developers create apps for survivors of abuse, the professionals they work with, and the general public, there are many considerations needed to prioritize safety and privacy for the users. The following are questions and considerations for developers as they work on creating or updating apps. They are organized by the important themes of developing any technology for survivors of abuse: maximize safety, prioritize privacy, educate, and work with experts.
Does the app work the way it is intended?
- When our team tested various apps, many of them did not send emergency alerts or location information as they said they would. In real life, survivors may assume that their call for help, and the necessary information that should accompany that call, was received, and they may not make other attempts to call for help. In the U.S., 3 to 4 women are murdered each day by an intimate partner. It is extremely important that anything intended to connect a survivor with emergency services works as it says it will and does not leave the survivor with a false sense of security.
Are disclaimers included to inform survivors of possible safety risks?
- A common tactic of technology abuse is to monitor phone or computer activity. Abusers can do this by manually going through the phone/device or by installing a program to monitor the activity remotely. Before downloading and using an app, it’s important that survivors consider whether their device could be monitored by the abuser.
- In the app store and on your website, provide clear disclaimers to let survivors know that if they think the abuser may be monitoring that device, then they should try to access that app or related information from another, safer device.
- Create these disclaimers in various formats and make sure they are accessible to survivors who may access the information via a screen reader or other assistive technology.
Does the app description imply that it does more than the app actually provides?
- Some apps claim that they will help victims be safe from harm, prevent assaults, and provide the user with immediate assistance. Even an app that is well thought out and working effectively will have limitations. An app that helps a survivor collect evidence of abuse is different than having an officer by their side at all times. Apps should be another available tool for users, not create a safety risk by offering a false sense of security. Make sure that the app marketing and content does not over-reach in describing what it offers.
Does the app use trusted contacts or individuals that the survivor can communicate with through the app?
- If the app’s emergency safety feature is dependent on the user communicating with a trusted individual, suggest that the trusted individual be notified of the app and what it would mean to get an emergency message from the survivor. Also suggest that users test the app to ensure that it works for them the way that they need it to.
- Consider how the trusted contact is entered into the app. For safety reasons, a survivor may want to use a person that is not in their phone’s contact list. Allowing the trusted contact to be directly entered and not strictly via the contact lists provides flexibility and options for the user, especially if the abusive person may look at the phone’s contacts.
- Allow users to change or edit the default language in the app when communicating with the trusted person.
- Be transparent and offer options on how the trusted person is connected. Many apps just allow the user to add certain individuals who may never know they are a part of the survivor’s safety plan unless the survivor tells them. Other apps automatically send a message to the trusted contact and may do so even before the survivor is ready to communicate their safety concerns with them.
Are users clearly given hotline information and ways to contact help if they need it?
- Always include the National Domestic Violence Hotline and other relevant resources. See the Provide Education section below for more information.
Is the concept of Privacy by Design being used throughout the development process?
- Privacy by Design is an engineering & development concept that ensures privacy and personal control over your own information is built in throughout the entire development process. The technology is developed so that features offering the most privacy are the default and many options for privacy are always offered. There are 7 Foundational Principles of Privacy by Design; the principles are not specific to mobile applications, but apply to the development of any technology. Additionally, the International Association of Privacy Professionals (IAPP) created a Mobile App Privacy Tool to help developers navigate the various standards and obligations imposed by leading regulators in the United States.
- Privacy is extremely critical for survivors of abuse and is intrinsically connected to their safety. Any technology developed for survivors should offer various features for accessing and using it in ways that maintain privacy, as well as options for how to control their information.
Are there options available for survivors who may want some additional privacy and/or security?
- Since monitoring phone activity is a common tactic of abuse, offering a survivor options for increasing their privacy and safety can be very helpful. While no one strategy is fool-proof and no one safety feature will work for all survivors, providing multiple options will allow survivors to creatively use what will work for them, since there can be pros and cons to each option. Offer as many options as possible so users can use the app in a way that feels safest for them.
- Passwords: If the abuser is regularly looking through the victim's phone, having access to the app content could be a safety risk. Some apps offer an option of putting a password on the app or on certain parts of the app, depending on the content. Keep in mind that an app requiring a password could gain the attention of and be suspicious to an abuser. Because of this, it’s recommended that passwords be an option that survivors choose to use, but not a default.
- Icon Options: Some apps have been built to look like something else on the phone. Examples include apps that look like calculators and will open after a passcode is entered, or a news app that hides sensitive information within categories of news.
- Account Security: If the user is required to create an account in order to use the app, consider offering options for additional security than just a password. Options can include 2-step authentication or security questions. Always advise users to choose passwords and answers to security questions that someone else will not be able to guess.
- Data control: If the app collects information about the survivor and stores it remotely off of the device, offer additional security measures for accessing that data.
Does the app make use of the device’s GPS and other location settings?
- A common recommendation for survivors is to turn off a device’s GPS and other location settings when they are not in use to avoid abusers misusing GPS information to locate the survivor. Apps that ask users to keep their location settings on at all times conflicts with this best practice. Consider what the location requirement of your app is for and how users can maximize both the app’s features and enhance their privacy. For example, if the location is only accessed to provide information about resources geographically near the user, it can be suggested within the app that the location be turned on when the user is doing that search and then turned back off again.
Does the app ask the user to provide personally identifying information?
- Privacy is extremely important to survivors of domestic violence. Many users may feel unsafe providing personal information, either about themselves or the abuser. Before asking for any identifying information, consider the purpose for why that information is collected and whether it’s truly necessary.
- If asking for any identifying information, be clear to the user regarding what the information is for and do not require the user to share information in order to use the app. Users should be able to access basic information about abuse without being required to share personal information.
- Always notify users within the app of any changes to how you collect and use their information.
- Be transparent about how long data on any users or their devices is retained and who may have access to that data. Does your company/organization respond to requests from law enforcement? Do the requests have to be official court orders or subpoenas? Is the user notified that there has been a request for their data? Does the user control whether the information is shared?
What permissions does the app ask for?
- People are increasingly wary of apps that ask for access to a lot of data. Only ask for permissions to features the app absolutely requires to function and avoid collecting anything else.
Are helpful, accessible resources clearly offered for survivors?
- Always include the National Domestic Violence Hotline (NDVH) so the user can find local resources (NDVH will connect callers with local resources). Other national hotlines can be included as well, depending on the purpose and scope of the app. These could include the National Sexual Violence Hotline or state or county specific hotlines.
- Many apps have content that is specific to a geographic area. Even in this case, strive to make the app as helpful as possible to anyone who comes across it and always provide the National Domestic Violence Hotline in case the specific resources are not helpful to the user.
Even if the app is mainly directed at a certain population or topic, can the content be broad or inclusive enough to help a wider audience?
- Many apps have been developed to specifically address a certain population or issue, such as college students, teens, or strangulation. Consider whether the content is actually specific to that population or topic, or whether broadening the scope would make the app more helpful to a larger number of people. If the content is not specific to a population or issue, but the resources are, users who don’t fit into that population may be without helpful information. An example of this would be a screening tool that is not specific to any age group, so anyone can take it, but the resources and information listed in the app is only for college students.
Does the app allow the user to communicate or share certain information with others?
- Personal safety apps and some evidence collection apps allow the user to share information with other people. For many of these, it’s to communicate to a trusted person or authorities when the user is in need of help. Make sure that the user is informed of each step of this process so they can plan accordingly and trust that the app will work for them when the time comes.
- Always suggest that a survivor ask about confidentiality when reaching out to another person to disclose abuse or ask for assistance. Some professionals have strict confidentiality obligations and some have requirements to report different types of abuse when they become aware of it.
- An example of this is suggesting that a survivor on campus inform a RA or a professor. Many professionals on campuses have requirements that would require them to disclose certain types of abuse to a third party. Survivors have a right to know the limitations to confidentiality and privacy before disclosing abuse.
- When asking the user to identify trusted contacts to communicate with, make sure the user knows: 1) when and if those contacts will be notified that they have been added to the system, 2) if approval is required from the contact and, if so, if approval was given, and 3) if a contact does not accept or approve of the app’s communication or doesn’t respond.
- Encourage users to discuss the use of the app with their chosen contacts. This communication can be a critical part of ensuring that the trusted contact is aware of the safety plan, can help test the app so it works like it should, and will know how to respond when they receive an alert. Otherwise the trusted contact may not know what to do when they receive a notification that their friend needs help.
Work with Experts
Are you working with a reliable organization with expertise on the issue?
- Domestic violence, sexual assault, and stalking are complex social issues that can be complex and nuanced and need to be taken seriously. Any recommendations provided to a survivor from within an app should be discussed with expert organizations to ensure that the information provided doesn’t inadvertently put the victim in more danger.
Was a focus group used to help test the app?
- Unfortunately, many of the apps Safety Net tested either didn’t function as they promised or were complicated to navigate, set-up, and/or use. Test the app on various platforms, while traveling, and with groups of people who can provide feedback. Organizations like NNEDV are available to test apps and provide guidance.
Download this content as a PDF:
App Considerations for Developers: Safety & Privacy for Survivors of Abuse