A couple of months ago, just after the concerns were raised about the use of people’s contact lists on certain mobile applications, we explained how the Friend Finder feature on the Showyou app works.
We have been monitoring the debate in the industry around this, and have made a few additions to our app over the past few months in response to that debate and observing what we think are best practices among app developers, and we wanted to discuss those here.
First, we submitted an update for Showyou to Apple on February 14, and which was released on February 21, with an extra step in the Friend Finder. Now, when you you sign up to create an account on Showyou, we ask if you’d like us to use your contact list to find friends already on Showyou. It looks like this:
On March 23, we uploaded another update for Showyou to Apple with many changes and improvements, including the addition of SSL encryption for transmission of all data sent from the Showyou app to our servers. That update was approved by Apple on March 30 and we released it publicly via the App Store on April 2.
We think these are good and important changes. But the most important thing we do to protect people’s data and privacy — by far — is this: we do not store and have never stored any data used for the Friend Finder feature on our servers.
What does this mean from a practical standpoint? Before you use the Friend Finder on Showyou we know nothing about, and we do not have access to or control over, data from your contact list on your iPhone or iPad. After you use the Friend Finder feature on Showyou we know nothing about, and we do not have access to or control over, data from your contact list on your iPhone or iPad. That’s because we do not store that data or seek to maintain any control of that data for any future use.
And this has been true since we launched the Showyou app in April 2011.
Our efforts here have been guided by three principles: 1) transmit only the minimum data we need to find your friends (email addresses only); 2) ensure that our use that data is specific and limited (we access the data temporarily, literally for a couple hundred milliseconds, and for one reason only, to find your friends already on Showyou); and 3) try to prevent any possibility of future use (or misuse) of the data (by not storing any of it).
Our goal is, as it always has been, to make an app and service that is delightful and easy to use. And as developers, we have always tried to treat people who use our app the way we’d want to be treated.
We would, of course, welcome any feedback about the changes we made. Are we thinking about this the right way? What are we missing, and what have we gotten wrong? We’d love to hear what you think: firstname.lastname@example.org.