Mobile App Scanning
helping software teams strengthen their mobile app privacy
Details
Privado is a data privacy tool for software teams. Using code-scan technology to analyze privacy issues in web apps. This meant that we couldn't tap into a sizable mobile app market.
We started researching the technology for mobile app scanning and thinking how we can turn it into a business opportunity. With mobile app scan, Privado will be able to provide software teams visibility into privacy issues in their apps.
My role involved working with my Head of Design and CEO on the product and design.
Role
Product, Design
Team
Timeline
2024 - 2 month
Goal
1
Understand how software teams build mobile apps
2
Work with engineering team to create a βeta
3
Give privacy teams visibility into mobile apps
Understanding mobile development
Mobile apps are developed differently from conventional web apps, where updates are continuously pushed. Instead, mobile apps are versioned, packaged and then deployed as apps.
Web
Mobile
Web app vs Mobile app development
Adding apps
App new app
To start testing mobile applications, we need packaged app files. By scanning the APK and IPA files, we could identify the SDKs and permissions requested by the app. This gave privacy officers valuable insights. To explore further, for example to find if an app is dropping a cookie despite rejection, we need to manually run that flow and check for it. This means designing an environment that allows for simulation and testing.
Mobile App Tester
Privacy officers are not familiar with simulating and testing. To address this we set out to create a testing tool that removes the complexity of a traditional simulator and focuses on allowing them to record flows.
Test recorder
We had to use metaphors from a recorder to help them understand the test recording functions.
Record
Similar to a recorder, you can start and stop "recording" your steps.
Replay
Once recorded, you can "playback" your steps to verify the actions.
Restart
If you recorded the wrong step or made an error, restart anytime.
These metaphors, combined with removing everything unnecessary, even the navigation, made it easier for privacy officers to conduct tests.
Overview Dashboard
Mobile app overview
A single app will have multiple policies applied based on geographic locations and applicable laws, such as GDPR and CCPA. Each policy will include several tests, which may lead to various privacy issues.
To assist privacy officers in understanding this complexity, we created an overview of all findings related to an app. Giving them a birds-eye view of the third parties sharing, data elements compromised and issues created by Privado Mobile App scan.
Mobile app PDF report
We also created an exportable report that offers an overview of high-level data and findings for privacy officers to share with management and leadership. This aims to build confidence in investing resources in privacy, especially considering the substantial fines imposed by various countries.
Results
The mobile app scan is still in beta and is available for existing customers to test. It is used in sales calls to showcase Privado's unparalleled features that cover all privacy touchpoints: codebase, websites, and mobile apps.
The mobile app has solidified Privado's position as a privacy center within organizations and has helped us acquire new customers in the mobile gaming, consumer apps, and e-commerce sectors.
Learnings
•
Balancing speed and quality. Launching mobile app scan beta on time was top priority but making sure the experience was simple and intuitive, especially in a new category product is important.
•
Prototype to test your design options. We prototyped multiple options for the recorder metaphors and by testing it (among ourselves) we figured the best mental model for our users.
my team
my manager and mentor
