Mobile App Scanning
Bringing Privado's set of web tools, such as data flows, consent management, and code scanning, to mobile apps.
Details
What's Privado?
Privado is a platform that automates privacy compliance and governance by scanning code to map data flows, identify risks, and embed privacy into your software development lifecycle.
What is Code-scan?
Privado's code engine automatically scans your codebase to identify data flows, detect privacy issues, and reveal how personal data is being used and processed throughout your applications.
Code scan is a tool to automatically detect privacy issues in your code base. This works perfectly for web-applications, but this meant a big chunk of our market was not able to use Privado as our engine could not access Mobile Apps.
My role involved adapting code scan engine for mobile apps and designing a new suite of privacy tools for Privado to capture the mobile app market
Team
Harshit Beniwal
,
Product Designer
Nitin Garg
,
Head of Design
Vaibhav Antil
,
CEO
Timeline
2024 - 2 month
Goals
1
Understand how software teams build mobile apps
2
Work with engineering team to create a βeta
3
Give privacy teams visibility into mobile apps
Understanding Mobile Development
Mobile apps are developed differently from conventional web apps, where updates are continuously pushed. Instead, mobile apps are versioned, packaged and then deployed as apps.
Web
Mobile
Web app vs Mobile app development
Adding Apps
App new app
To start testing mobile applications, we need packaged app files. By scanning the APK and IPA files, we could identify the SDKs and permissions requested by the app. This gave privacy officers valuable insights. To explore further, for example to find if an app is dropping a cookie despite rejection, we need to manually run that flow and check for it. This means designing an environment that allows for simulation and testing.
Mobile App Tester
Privacy officers are not familiar with simulating and testing. To address this we set out to create a testing tool that removes the complexity of a traditional simulator and focuses on allowing them to record flows.
Test recorder
We had to use metaphors from a recorder to help them understand the test recording functions.
Record
Similar to a recorder, you can start and stop "recording" your steps.
Replay
Once recorded, you can "playback" your steps to verify the actions.
Restart
If you recorded the wrong step or made an error, restart anytime.
These metaphors, combined with removing everything unnecessary, even the navigation, made it easier for privacy officers to conduct tests.
Overview Dashboard
Mobile app overview
A single app will have multiple policies applied based on geographic locations and applicable laws, such as GDPR and CCPA. Each policy will include several tests, which may lead to various privacy issues.
To assist privacy officers in understanding this complexity, we created an overview of all findings related to an app. Giving them a birds-eye view of the third parties sharing, data elements compromised and issues created by Privado Mobile App scan.
Mobile app PDF report
We also created an exportable report that offers an overview of high-level data and findings for privacy officers to share with management and leadership. This aims to build confidence in investing resources in privacy, especially considering the substantial fines imposed by various countries.
Results
The mobile app scan is still in beta and is available for existing customers to test. It is used in sales calls to showcase Privado's unparalleled features that cover all privacy touchpoints: codebase, websites, and mobile apps.
The mobile app has solidified Privado's position as a privacy center within organizations and has helped us acquire new customers in the mobile gaming, consumer apps, and e-commerce sectors.
Learnings
•
Balancing speed and quality. Launching mobile app scan beta on time was top priority but making sure the experience was simple and intuitive, especially in a new category product is important.
•
Prototype to test your design options. We prototyped multiple options for the recorder metaphors and by testing it (among ourselves) we figured the best mental model for our users.
my team
my manager and mentor