MOBILE APP LEGAL ISSUES

John D. GoodhueGoodhue, Coleman & Owens, P.C.

MOBILE APP LEGAL ISSUES MOBILE APP LEGAL ISSUES2 3

BACKGROUND

In areas where technology evolvesrapidly, it is useful as a practitioner to understand something of the technology and relevant business considerations to identify and address the attendant legal issues. With mobile apps there are many. App development, distribution, marketing, and monetization can raise numerous and varied legal issues. As app functionality increases, creativity of app developers flourish, and applicable laws and regulatory frameworks continue to multiply and expand so does the complexity of advising those associated with mobile app development. The legal issues are intertwined with the various technology and business issues to create a very complex environment.

This is especially true for startups. Technology startups, including some of the most successful technology startups (Uber, Snapchat, etc.), often times have a mobile app which is integral to their success. In some instances, these apps are tied to physicalproducts or services. Other times all services are entirely online. For startups where an app is critical to success, legal missteps can be devastating. Mistakes that preclude an app from being published on a major distribution platform or result in the removal of the app from a major distribution platform can end revenue for a technology start-up.

Development of a mobile app may involve the use of a number of different resources. This may include source code from various sources. This may involve source code from independent developers, employee developers and the use of open source code and other code or libraries made available under open source or third party licenses. Of course, source code is not the only type of resource used in a mobile app. Content may include visual elements such as splash screens, backgrounds, buttons, icons, and other user interface elements. Content may include written work, photos, videos, maps, links to the work of others, and content made available through APIs or user-generated contents. The complexity grows further when one recognizes that many apps have some type of back-end which means in addition to the mobile app itself there are servers communicating with the apps.When developing for a particular platform and a particular marketplace, such as the App Store for Apple iOS or Google Play for Android, there are numerous agreements and policies which govern what one can and cannot do. Failure to follow these agreements may result in the mobile app never even being permitted to be listed or may result in the mobile app being removed from the store.Of course, once a mobile app is available on an online marketplace, does not mean that anyone will actually find it or use it. App marketing can be performed in various ways and relevant advertising laws and regulations apply. Moreover, app marketplace agreements further limit the manner in which mobile apps may be marketed.

Pervasive through all of this is the notion of privacy. The different app marketplaces may require privacy policies, customers may demand it, the development of the mobile app will dictate what should be present in a privacy policy, and the Federal Trade Commission may enforce it. And if the mobile app is used by or directed towards children, involves health data, or involves financial data additional laws and regulations may apply.

Intellectual property issues are also ever present in terms of protecting the mobile app or aspects of it through patents, trademarks, and copyrights, obtaining necessary licenses and permissions and not violating the intellectual property rights of others.

Given the number and scope of mobile app legal issues, this white paper does not attempt to provide a comprehensive treatment, but instead focuses on some of the most significant and common concerns and identifies relevant legal authority and marketplace agreements.

BASIC AGREEMENTS

Developer and Distribution Platform Agreements

In order to develop and distribute a mobile app requires consent to a number of different agreements. Some of the most relevant ones for the largest app distribution platforms are set forth below. Note that the various platforms may provide for specific APIs in which case additional agreements may apply. The various platforms may provide for integrating ad services in which case additional agreements may apply. The listings below are not comprehensive for each distribution platform.

App Store (Apple)

• App Store Review Guidelines, https://developer.apple.com/app-store/review/guidelines/ (last visited August 15, 2017).

• App Store Marketing Guidelines, https://developer.apple.com/app-store/marketing/guidelines/ (last visited August 15, 2017).

• Guidelines for Using Apple Trademarks and Copyrights, http://www.apple.com/legal/ intellectual-property/guidelinesfor3rdparties.html (last visited August 15, 2017).

• Apple Developer Program License agreement, , (last visited August 15, 2017).

MOBILE APP LEGAL ISSUES MOBILE APP LEGAL ISSUES4 5

Google Play

• Google Play Developer Distribution Agreement, https://play.google.com/about/developer- distribution-agreement.html (last visited August 15, 2017).

• Google Play Developer Program Policies, https://play.google.com/about/developer-content-policy.html (last visited August 15, 2017).

Amazon Appstore

• App Distribution Agreement, https://developer.amazon.com/appsandservices/support/legal/da (last visited August 15, 2017).

• Trademark Guidelines, https://developer.amazon.com/public/support/legal/tuabg (last visited August 15, 2017).

• Program Materials License Agreement, https://developer.amazon.com/public/support/pml html (last visited August 15, 2017).

• Mobile Ad Network Publisher Agreement, https://developer.amazon.com/public/support/mobileads/publisher-agreement.html (last visited August 15, 2017).

These various agreements are important to understand for a variety of reasons. First, if a mobile app is not in compliance it may never be published by a distribution platform. If it is published and later determined not to be in compliance it may be removed. In addition, these various agreements may place requirements on developers regarding the terms they may need to include in their terms of service or their privacy policy.

Terms of Service Every mobile app should have a Terms of Service also known by various other names including Terms and Conditions or in some instances as a Disclaimer. What is present in the Terms of Service will of course vary based on the mobile app itself, its functionality, and the specific issues it poses. Distribution through a particular marketplace or distribution platform may impose its own requirements on what is included in your terms of service. For example, Apple provides the following, “Instructions for Minimum Terms of Developer’s End-User License Agreement”, http://www.apple.com/legal/internet-services/itunes/appstore/dev/minterms/(last visited August 15, 2017).

Privacy PolicyAccording to the Federal Trade Commission (FTC), “App developers should: [h]ave a privacy policy and make sure it is easily accessible through the app stores; [p]rovide just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information (to the extent the platforms have not already provided such disclosures and obtained such consent); [i]mprove coordination and communication with ad networks and other third parties, such as analytics companies, that provide services for apps so the app developers can provide accurate disclosures to consumers.”

The FTC provides various relevant resources regarding mobile privacy policies:

• Mobile Privacy Disclosures: Building Trust Through Transparency, https://www.ftc.gov/ reports/mobile-privacy-disclosures-building-trust-through-transparency- federal-trade-commission (last visited August 15, 2017).

• Children’s Online Privacy Protection Rule: A Six-Step Compliance Plan for Your Business, https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-protection- rule-six-step-compliance (last visited August 15, 2017).

In addition, various app distribution platforms require privacy policies at least in certain situations. For example, Apple’s App Store will rejects certain apps without a privacy policy:

“5.1.1 Data Collection and Storage(i) Apps that collect user or usage data must have a privacy policy and secure user consent for the collection. This includes—but isn’t limited to—apps that implement HealthKit or other health/medical technologies, HomeKit, Keyboard extensions, Apple Pay, Stickers and iMessage extensions, include a login, or access user data from the device. Your app description should let people know what types of access (e.g. location, contacts, calendar, etc.) are requested by your app, and what aspects of the app won’t work if the user doesn’t grant permission.”

…5.1.4 Kids…

Moreover, apps in the Kids Category or those that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must include a privacy policy and must comply with all applicable children's privacy statutes. For the sake of clarity, the parental gate requirement for the Kid’s Category is generally not the same as securing parental consent to collect personal data under these privacy statutes.”

-- App Store Review Guidelines, https://developer.apple.com/app-store/review/guidelines/ (last visited August 15, 2017).

MOBILE APP LEGAL ISSUES MOBILE APP LEGAL ISSUES6 7

The privacy policy should explain what information is collected, how it is used, and how it is shared. This can be a far more difficult determination than what it might initially seem. For example, where analytics functionality or ad network functionality is incorporated into the mobile app there may be additional collection and use of information.

Of course, the privacy policy needs to be updated whenever new app features are added which involve collecting and using additional information. With mobile devices, keep in mind, that the mobile app can, with appropriate permission, access all kinds of information on the device. Thus, where such data is being used or collected or shared in some way, appropriate descriptions may be in order. Examples may include, performing in-app purchases, reading device and app history, reading cellular data settings, access accounts and profile information, read and modify contacts, read and modify calendar information, location access, send and read SMS or MMS messages, read and write to a call log, read storage, take pictures and videos, record video, record audio, access Wi-Fi connection information, getting information from nearby Bluetooth devices, access data from wearable sensors, and other functions. See e.g.https://support.google.com/googleplay/answer/6014972?hl=en (last visited August 15, 2017).

Special attention needs to be paid to any collection and possible collection of data from children to ensure compliance with Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6502(c) and 6505(d) and the Children’s Online Privacy Protection Rule (“COPPA Rule”), 16 C.F.R. Part 312.

United States of America v. Yelp, Inc., CASE NO. 3:14-CV-4163, https://www.ftc.gov/system/files/documents/cases/140917yelpstip.pdf

The FTC settled with Yelp for alleged violations of the Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6502(c) and 6505(d) and the Children’s Online Privacy Protection Rule (“COPPA Rule”), 16 C.F.R. Part 312. The settlement included a $450,000 payment and the alleged violations involved collecting age-related information but not handling such information appropriately even when data was being collected from a child

Note that in addition to the privacy policy, other types of disclosure may be warranted. These include “just-in time disclosures” such as message boxes or notifications that information is being accessed in order to obtain clear consent from users. This may be especially important when information being collected does not seem readily related to the function of the app. Similarly, it is advisable to put programmatic safeguards in place, if information collected sufficient to identify a user as a child as opposed to merely including a statement in a terms of use that children under age 13 should not use the app.

In app development, as in any other type of software development, source code or libraries from others may be used which are governed by third party licenses. Some of these licenses may impose requirements that copyright notices or license agreements be maintained intact and distributed with the commercial product. One way to address this is to have an “Open Source Licenses” or an “Open Source and Third Party Licenses” section of the Terms of Service or as a separate document. Where the license is for content, a similar approach may be used.

Of course, not every open source license permits commercial distribution or even distribution without distribution of the source code.

Failure to comply with these third party licenses can result in an app being removed from the distribution platform in addition to any legal claims.

App MarketingDistribution agreements may place restrictions on app marketing. For example, the Google Play Developer Program Policies place the following restrictions on app developers:

Advertising laws apply including Section 5(a) of the FTC Act, 15 U.S.C. § 45(a) which precludes, “Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful.”

“App Promotion

We don’t allow apps that directly or indirectly engage in or benefit from promotion practices that are deceptive or harmful to users or the developer ecosystem. This includes apps that engage in the following behavior:

• Using deceptive ads on websites, apps, or other properties, including notifications that are similar to system notifications and alerts.

• Promotion or installation tactics that redirect users to Google Play or download apps without informed user action.

• Unsolicited promotion via SMS services.

It is your responsibility to ensure that any ad networks or affiliates associated with your app comply with these policies and do not employ any prohibited promotion practices.”

--Google Play Developer Program Policies, https://play.google.com/about/developer-content-policy-print/ (last visited August 15, 2017).

OPEN SOURCE AND THIRD PARTY LICENSES

MOBILE APP LEGAL ISSUES MOBILE APP LEGAL ISSUES8 9

The FTC provides resources such as the following:

• Marketing Your Mobile App: Get It Right from the Start, https://www.ftc.gov/tips-advice/ business-center/guidance/marketing-your-mobile-app-get-it-right-start (last visited August 15, 2017).

Intellectual Property IssuesAlthough intellectual property issues are intertwined with the basic agreements and app marketing, here are some additional issues of relevance. This section address some of these issues, particularly with respect to aspects which may be different in the context of mobile apps or specific to mobile apps.

Intellectual Property Enforcement Where a mobile app is distributed through a mobile app distribution platform, these distribution platforms have their own systems for dealing with infringement issues.

App StoreTo initiate a Content Dispute, follow the below link:http://www.apple.com/legal/internet-services/itunes/appstorenotices/Apple also allows developers to appeal to the App Review Board if they have a rejected app.https://developer.apple.com/contact/#distribution

Google PlayTo initiate the process to remove content from an app on Google Play, follow this link:https://support.google.com/legal/troubleshooter/1114905?product=androidmarket(last visited August 15, 2017).

Here you can specify copyright violations, trademark infringement issues, file a counter notice to reinstate content that was removed due to an alleged copyright violation, or other legal issues.Google provides an appeal process for reinstatement of an application if an error was made and that the app is actually in compliance with the applicable policies.

Repeated violations by a Developer can result in the developer being banned from Google Play for life. These platforms may also allow the same process to be used to deal with defamation, right of publicity, and other issues.

Adoption of markIssues can arise when adopting a name which is a trademark of another. The risk of doing so can be mitigated by performing a full trademark search and opinion or at least a trademark screening search. When performing a trademark screening search for the name of a mobile app, consider searching the major app markets for the same and similar names in addition to any other searching which may be performed.

Use of trademark associated with app distribution platformsThe various app distribution platforms allow for the use of certain trademarks for advertising apps for their platform such as badges, images, and logos. However, their policies and guidelines set forth how their trademarks can and cannot be used in promotion and distribution of apps.

PatentsUtility patents may be possible for a particular mobile app. However, 35 U.S.C. § 101 and Alice Corp. v. CLS Bank International, 573 U.S. __, 134 S. Ct. 2347 (2014), may create significant patent eligibility subject matter hurdles for some mobile apps.

In some instances, design patents may be an appropriate way to protect portions of an app where there are unique aspects of the user interface.

Intellectual property ownership and permissionsIntellectual property associated with a mobile app can include source code and components, content such as graphics, text, audio, video, and other types of information. Appropriate written agreements from creators of this material should be obtained.

If the mobile app links to other sources there should be permission obtained. For example, if displaying content from a web site or an RSS feed the relevant terms of use should be checked and a commercial license may be needed.

Federal Trade Commission et al. v. Equiliv Investments et al., https://www.ftc.gov/enforcement/cases-proceedings/142-3144/equiliv-investments-prized(last visited August 15, 2017).

FTC and New Jersey settled with app developer regarding app which installed malware that hijacked phones to mine cryptocurrency leaving phones with drained batteries, depleted data plans. The FTC brought is claims pursuant to Section 13(b) of the Federal Trade Commission Act, 15 U.S.C. 53(b) and New Jersey brought its claims pursuant to the New Jersey Consumer Fraud Act (“CFA”), N.J.S.A. 56:8-1 et seq. to prevent Defendants from engaging in unfair and deceptive acts or practices in violation of Section 5(a) of the FTC Act, 15 U.S.C. § 45(a).

MOBILE APP LEGAL ISSUES MOBILE APP LEGAL ISSUES10 11

Copyright noticesProper copyright notices and attributions should be included. Consider filing copyright registrations where appropriate.

Other legal issuesOf course there are numerous other legal issues which apply to mobile apps.

User contentIf apps include user-generated content, then the app developer should consider registering for the safe harbor protection of the Digital Millennium Copyright Act, 17 U.S.C. § 512. This involves registering as a designated agent at the Copyright Office and enacting policies to remove infringing content and address repeated offenders.

Entity formationApp publishing is a business activity. Many individual app developers do not consider the potential for liability and may need to consider forming another entity.

Financial dataWhere apps use financial data then various other rules and regulations may apply regarding privacy and use including Gramm-Leach Bliley Act, 5 U.S.C. § 6801 et seq.

Health dataMobile apps which use health data may be subject to the Health Insurance Portability and Accountability Act (HIPPA) and the HIPAA Security Rule. These apps may also be subject to the Health Breach Notification Rule.16 CFR Part 318.

Mobile Medical AppsThe Food and Drug Administration (FDA) also regulates certain types of mobile apps including those which meet the definition of a “medical device.”