26 Apr 2018

With new legislation coming into force next month, we pause and discuss how we plan to adapt and how we feel about data collection in gen

A weekly podcast that follows the journeys of two iOS developers

Join the conversation.

Show Notes

With new legislation coming into force next month, we pause and discuss how we plan to adapt and how we feel about data collection in general.

Links:

 

Transcript

 

Dave Nott

Welcome to Waiting For Review, a show about iOS development and the Apple ecosystem. From Devon, England I’m Dave Nott and joining me from Wellington, New Zealand is David Wood.

Dave Wood

Okay, cool. This week I kind of wanted to talk about the process that I’m going through at the moment of looking through my applications and my websites, just with an eye on things like GDPR and data collection. This is, it’s coming up very soon, the the European directives on data collection for EU citizens I believe it’s what at the end of May Dave?

 

Dave Nott

25th, I believe

Dave Wood

… and at that point the way you hold data on on EU citizens needs to bear that legislation in mind. I think I can’t actually pretend to understand it in the depth that I think you really should if you’re sort of getting a lot of data for your customers, but from you know there’s the kind of cursory investigations I’ve done for the services that I use and the type of data that I collect, it seems to boil down to you need to be able to retrieve information, if you’ve got personally identifiable information for your users for your customers and you need to be able to provide that to them on demand.

So if you’re if you’re logging any particular information and the accounts information analytics that sort of thing and it can identify them as an individual then I believe you need to be in a position to give them a full output of all of that, and I guess if that data is incorrect there’s probably a requirement there to get it made correct as well I think this is probably quite similar to the UK’s old data protection laws in that respec. Does that sound about about right to you Dave?

 

Dave Nott

It’s so vast every time I look at this it just seems like more that kind of unfolds in front of me yeah, but yeah as a synopsis there, I think that’s reasonable

Dave Wood

I think the thing is as you sort of, start to pull the thread… I sat down and I kind of went ‘well okay what am I really gathering on my users?’, and in terms of my apps I’m kind of not. My apps that I’ve got in the App Store are kind of shoe-box apps. They’re not using cloud services or anything like that. I’ve not got a server that they’re accessing, there’s no API that I’ve got that they’re sending data back to, but they are using things like Crashlytics/Fabric and so I’ve got those services in, so there is some, it’s effectively anonymous data because there’s not a user name or anything like that associated with it, but it’s still tracking things like geography and you know kind of employing some some level of statistic back on those users as well, I can see device information and that sort of thing. I guess if you knew enough about somebody and my users were small enough you could probably identify an individual sort of in the reverse maybe, but effectively quite anonymous within the apps themselves. But wider than that on my websites, I had things like a contact form set up on on GoVJ’s websites, and I use services like Zendesk and that sort of thing as well.

 

Dave Wood

It’s not necessarily that it’s a problem to be collecting data and using it in a practical kind of way, you know I mean you can’t just switch everything off that’s not necessarily a practical thing to do, but it’s more about the your ability to be able to to retrieve that information to give that to the user if they did were to demand it. I mean I’ve checked through ZenDesks set up and they sort of seem pretty on it, you know they’re signing all of the legal documentation that they need to sign sort of become certified I believe, under the EU. So that’s pretty cool, they’ve got everything needed for me to extract any information as well so I can provide that information quite easily for them for any particular person whom who may sort of go hey what have you got on me gimme! I can do that. So Zendesk feels like a good service for me to use I sort of, it wraps it nicely in that someone else problem field and so I use that for managing support requests and that sort of thing and it’s really good to build sort of search back through and access that sort of outside of my email history. What I did is I stripped out my contact form on my website I’ve replaced that with the default sort of Zendesk contact. It’s not looking quite as nice as I’d like it to, but it works I’ve had somebody contact me through its already and like I say as far as I know I am as compliant as I need to be in terms of being able to sort of make that information available to an individual. So that yeah that involved a change to the website and like I say just kind of generally thinking about what I was gathering. Beyond that I also have things like Google Analytics running on all of my websites or rather I did. However I think about this because my sites for my apps don’t necessarily get an awful lot of users, you know you’re not talking like hundreds and hundreds of hits every day or anything like that and I don’t use that info, you know so I started tracking it at the beginning because it kind of sort of seemed like well you know, I need to know if anybody’s actually touching the sites and this is kind of what everybody seems to say you should do, you know put analytics on then you can find out about your customers about the people hitting, you can optimize and this that and the other, and the reality is is that for the scale that my apps are at that’s just not a thing. You know, I know people who hit the site I know they go through to seeing info and sometimes they they go to the App Store, but to be honest I think people are actually finding out about about the apps just by searching through the App Store and sort of looking at stuff I put out on Twitter as well

Dave Nott

Yeah, yeah and not only that if you use a third party one, lets say it goes bust I mean that would be really bad, in fact didn’t it happen like recently wasn’t there one?

 

Dave Wood

Yeah, Parse, about 18 months ago somewhere called Parse there was a service called Parse

Dave Nott

Yeah that rings a bell

 

Dave Wood

I think was it was a be longer ago than that now, it was a back end for quite a lot, it might even be longer than that now

Dave Nott

I seem to remember Twitter lighting up about it for a few days when it happened

 

Dave Wood

Yeah and that had bit of a sunset with it if I remember rightly, and then there was kind of this this potential that loads of sort of small apps that had used the service were all sort of going to you know six months later they’ll all stop working sort of thing

Dave Nott

So yeah in general I think that’s kind of the path I’m on for this new app and it feels like um, it just feels like feels like I’m on the right side of everything

 

Dave Wood

That’s a good feeling to have though I mean one of the things with this for me is that I think I’ve had to go on my own kind of journey just sort of thinking this through, you know okay how much data do I really need? Where do these things need to be? I mean getting rid of these services and that sort of stuff you said before it sort of felt a bit like I’ve got somebody else’s code running in my app, you know like with the AdMob stuff and that side of things and I think the more I’ve thought about this in, in sort of a lot of depth the more I’ve sort of ended up in this feeling of well if these things are not there I don’t have these problems, and that’s that’s good you know. There’s no potential problem there, everything’s as clean as it can be and that’s, that’s great.

So I guess I I don’t know really, I think this may be on a sort of micro level my journey is kind of reflecting a little bit in terms of the way the markets going overall in terms of like, I think GDPR is driving this for a lot of people now but I think broader than that sort of feels like there’s an awareness at the moment that not all data collection is good, you know and that not everything that, you’re entrusting your information to is kind of doing it for your own good. I think I think a lot of people, end-users are now actually starting to consider these things and it might not have been important two years ago three years ago whatever, would like certainly not when I was starting to put together my app starting to put together GoVJ you know it just sort of seemed like well okay drop these frameworks in you’ve get all these analytics out of the other side job done everybody’s doing it that’s great. Like I say I sort of feel like the times up for that now you know another year from now another two years from now GDPR or not I don’t think it’ll be considered acceptable to not be letting people opt out for example

Dave Nott

I was looking on their Reddit and someone asked pretty much that exact question, there was quite a few users being like you know wwhere does data go and I think one of their people wrote back ‘it’s okay guys we do it all on on CloudKit and that’s how it syncs across your devices and yeah it’s all on Apple.’ and everyone is like ‘okay cool thanks’. That was the end of the discussion as opposed to ‘oh yeah we’ve run our own servers and yeah we store stuff securely honestly we do.’ it’s just a much much more convenient way to, like you say, it’s about wrapping up almost like a someone else’s problem field around it. I know it’s it’s still kind of your problem as a developer stil,l but yeah I think it just goes back to what we were saying probably two or three weeks ago now about just as indie developers, you just need just easy wins wherever you can find them.

My awareness to that has been heightened an awful lot recently mostly because the time I now have, go back to what you’re saying about time being precious my time is being squeezed kind of at both sides at the minute for what I can give to my applications, and any new applications I’m going to develop, so I’m just looking for wins that can save me like bags of time all over the place. Couple that with what you were saying a heightened sense of user privacy, yeah I could, not that we were ever really going around like sucking up loads of data and pumping it into the cloud from our apps, but nevertheless it’s just a heightened sense of you know responsibility around user data, so anything that you’re gonna do with user data if you can put that somewhere like CloudKit or somewhere that’s sort of generally considered trustworthy I think that’s that’s where I’m going to be looking for the future

 

Dave Nott

Okay we’ll call that a wrap, if you’ve enjoyed today’s show it’d be great if you could leave us a review on iTunes or if you could and leave us a recommendation in Overcast by hitting that star button that will help us reach even more like-minded people. Also we have our Slack channel we’d love to invite you to join, our hope is it can be a really great place for fellow developers to come and hang, out if you’d like to join just leave us a message on twitter @ WFRPodcast and we’ll get you signed up. So, Dave before we run off, where can people find you?

Dave Wood

You can find me on twitter @DWroboheadz that’s Roboheadz spelt with the “Z” and you can find my apps at roboheadz.com, again that’s Roboheadz spelt with a “Z”. How about you Dave?

 

Dave Nott

Yeah you can find my remote control for Kodi at armchair-remote.com, my latest app to help kids learn to read you can find a spacereaders.com and on twitter i am @_davenott