02-20-2011 04:20 PM
I have made a planning type app and I am trying to submit it. I am on the user-generated-safeguards section. The app doesn't connect to the internet or anything, but it does allow users to enter subjects, deadlines, and assignment information into textareas and it saves that information to a (local) sharedobject. I don't think this information needs to be secured because it shouldn't hurt a person if someone else were to access it, so do I still need to put a check for user generated content? If yes, what would I put into the boxes about the safeguards (just putting no in the boxes doesn't sound good).
02-20-2011 05:02 PM
... it does allow users to enter subjects, deadlines, and assignment information into textareas and it saves that information to a (local) sharedobject. I don't think this information needs to be secured because it shouldn't hurt a person if someone else were to access it, so do I still need to put a check for user generated content?
John's correct, IMHO, but I want to point out the danger in how quickly you dismissed the risk to the user.
When dealing with privacy and/or security, try to be as suspicious, devious, and cynical as possible. In fact, start by assuming all data exposure would harm the user and try to think in the most sociopathic way you can how you could use that info if you were an attacker. (Enlisting someone like an older sibling can help with that. ;-) )
In this case, if I were able to get access to your users' data, it appears I would know what classes they are taking and, from that, possibly which school. I would then have narrowed down what general location the user lived in, and when the user would be away from home... I'll let you follow the trail of thought from there.
In this case, having the data stored only in the sandbox should make it as safe as just about anything else on the PlayBook, but if you were ever going to put the info online, don't be quite as quick to say something "shouldn't hurt a person".
02-20-2011 05:16 PM
Thanks for the replies,
By I don't think the information needs to be secured, I didn't mean that it doesn't need to be secured at all, but that it shouldn't need any extra security beyond the fact that it is only on the local machine in the sharedobject and not on the internet (and I have no intention of ever putting it on the internet).
Im a little bit confused as to what to put into all of the boxes under user generated content.
You prominently disclose the existence and nature of the safeguards.
(mention sharedobject as stated above)
You conform to relevant business practices to the disclosure made about the safeguards.
You established processes to accept complaints from Subscribers about nudity, pornography, harassment, unwelcome contact, fraud or other inappropriate conduct or activity.
(????? I don't really see how this relates to my app at all since only one user can modify and see the data)
You established processes to immediately (within 24 hours) acknowledge receipt of a complaint about inappropriate conduct or activity and promptly (within three (3) business days) provide an explanation to the complainant of the steps taken to address the complaint.
(Yes??? Again, I don't really understand the relation)
You established processes to ensure compliance with applicable laws, rules and regulations.
Thanks again for the replies
02-20-2011 05:22 PM
Those questions all seem focused on situations where there is user-generated content that becomes available to other people through the use of the PlayBook. That doesn't apply in your case. This would be things like if your class/assignment schedules were transferred up to some public site, and that would mean people would be exposed to "content" (in this case any of the text users have entered) that is generated by others.
They're trying to protect minors from inappropriate content, etc. None of this sounds like it applies in your case.
02-20-2011 05:26 PM
so just fill out the first box with the sharedobject information? Leave the rest blank or put that they don't apply? Or don't check off the user generated content box at all? (It does say that text is user generate content). I think I should probably put something in all the boxes though.
02-20-2011 05:30 PM
I'm sorry that I don't recall the exact wording of the question, but I'd definitely consider just saying "no user-generated content", given http://en.wikipedia.org/wiki/User-generated_conten
I really think that term is intended to be about content that makes it up to some public place, or at least a place where other users can see it, and not merely data stored in an app.
I could be wrong... anyone know for sure what definition they are using for that? I think the App World agreement may have said something about it. Or not.