Privacy vs. Relevancy: Exploring the Balance | AppsFlyer
7 Min. Read

Exploring the Privacy-Relevance Balance in Mobile Marketing

Cassie Phillips (Guest Author) May 16, 2016

As a savvy marketer, you know you need lots of information to stay on top. Some of this information, such as gender and location, will be considered personal to some consumers. Others want to share this data with brands hoping to get an experience that’s more relevant to their interests and activities.

The question is, what’s the right balance? On the one hand, collecting information might be useless if the information is too vague (think country of use instead of region or city info), but on the other hand, being too intrusive can backfire.

In general, people are often more than willing to allow for the personalization and improvement of their services. They merely want to know that there are safeguards in place involving their data in a world filled with hackers and scammers who could use it against them. Their concerns are well founded, but as a marketer, you can provide or advise the means to security.

Here are some of the major questions and considerations you need to consider as a mobile marketer:

Opt-in or Opt-out?

opt in and out options with a pencil on white paper background

Opt-in methods – where you have to actively permit marketers to send you information or collect data – will ensure that you don’t have to worry about any ethical concerns or complaints from consumers. By the nature of opt-in data collection, you’ll be getting people who are interested in your mobile product and any community you have surrounding it. You absolutely need to protect data, but you need not worry so much as to the data you collect. The main problem with opt-in data is lack of scale as the vast majority of users do not change default settings.

Opt-out methods will allow you to get a far better collection of data, but users might not be happy and avoid your app entirely (or delete it immediately upon discovery of your marketing data collection). You will need to decide whether this potential deterrent effect (which can absolutely be minimized by proper consumer education and a clear opt-out method) is worth the improved data collection for further outreach purposes.

The recent Mobile Privacy Predicament Report published by Syniverse talks about the importance of being clear with consumers about what you are trying to achieve. People say that they’re willing to share information in order to achieve better services, but they absolutely need to know that they’re safe.


The Need for PII

Just as you know you need data, you have to ask yourself if you have any true need for Personal Identifiable Information (PII) such as name, address, email, national ID number, IP address (when linked, but not PII by itself in US), credit card numbers, date of birth, birthplace, telephone number, login name or handle.

Leakage of PII would be catastrophic. You have to think about every possible issue that could come up, no matter how unlikely.

You should note that email addresses can be used to identify someone through a quick internet search or a jaunt through databases that already exist. Specific addresses and location information can be risky if released, but general regional data won’t let a hacker go too far. Sometimes hackers will already have a large amount of data on an individual with need for just a few more details to perform identity theft. You aren’t responsible for the information you don’t collect.

Also, remember that in many cases, anonymous non-PII data is all you need. For example, if you want to retarget a user, you only need to know that user with advertising ID 123456 viewed product number 78901.

Ask yourself if the information could be used to specifically identify a person and whether you have a true need for information that specific. Write down potential changes you can make, and brainstorm new ideas with the privacy of consumers in mind. It’s a balancing act, but an important balancing act.


App Permissions: Android vs. iOS

Another key area of privacy in mobile is app permissions. Following the recent Marshmallow update, Android now offer app developers options as to how they want to go about data collection, just like iOS.

Before this important update, Android had to accept all terms when they installed an app and that was it. That made things difficult for developers who wanted to keep options open for users that might otherwise be concerned about a single permission.

Now that there is choice, you will need to better justify your data collection efforts in your app, as requesting permissions on either platform could lead to reduced installation rates.

Additionally, permissions work differently on iOS in that it is more situation-specific as to allow for use of smartphone resources. If your app wants to use something, it often has to be permitted each time.



What Permissions Should You Focus on?

People are often more sensitive to some types of information being collected than others. For this reason, you should be aware of some of the key permissions that you might ask of users from your app. While this list isn’t definitive, it will give you a clear picture:

  • Contact information can be very valuable, but you absolutely do not want to overstep your bounds where this permission is concerned. If you have a clear idea on how to integrate this with social media information, you will find a gold mine of information to help improve your marketing efforts. Yet many people want to keep their friends on social media unbothered. Make sure that you are only collecting information and not directly contacting people’s contacts. 
  • Camera permissions on a phone are complicated. You might want to ask people for photos or have them take photos for more consumer interaction (which can net you a great deal of useful data), but people want to know they are in control. Think about the use of photos in your app. Are there specific targeting purposes you could use photos or videos for otherwise? Think about realistic and long-term uses for camera access before asking for it.
  • You may request microphone permissions so that you can request voice commands and input. As long as you aren’t going to be secretly recording users (and give no possibility for a misunderstanding that you would do such a thing), most users won’t be too concerned about the permissions for this particular item.
  • Location information and measurement is a tough one. It will directly use the GPS to locate (and perhaps WiFi) the user’s location so they are more sensitive about brands knowing their whereabouts. If you are marketing an app or product that will have sales differ from region to region, or if you are a retailer and have physical stores, you should probably ask for this permission from your app. If it’s not vital to your business, you should pass on this one.
  • Any calendar permissions you request should be clearly explained so as to not put off anyone questioning what you want with their schedule. You might not even need to use this (its marketing uses are rather limited), and you might be able to get information from Google Calendar via another method if it’s important.
  • Photos, media and other files may come under many different names, but it is something people will be sensitive about. It could mean information that’s on the storage of the phone, and people often keep password information and private financial information on their devices. They will be afraid for it. Be explicit and honest about what you need it for if you are using it in your application, and otherwise try to avoid this potential pitfall.

The main takeaway is that you should be thoughtful and deliberate with any choice you make regarding app permissions.


Protecting the Information You and Your Brand Have

You should be using the following tools and habits to better protect your data and reassure your customers that their data is bunker-safe. Additionally, make sure that you are knowledgeable about how your employer or the brand you are marketing handles customer data so you can accommodate your marketing efforts. Make sure you take this into consideration:

  • Try to see to it that databases and servers are protected. Shared server options should never be used except for the least sensitive data and firewalls and other defensive measures should be checked and updated every week by the IT professionals you work with.
  • Be careful about the use of cloud services and know what data might be stored on them. Know that all services are not created equal. Services such as Dropbox are generally not as safe as the more high-end services such as Tresorit. If customer data is stored in the cloud, know the risks and make sure sharing options and permissions are handled conservatively by leaders and IT managers.
  • Start with your own data security: Your devices and data, especially emails, are a potential minefield. However, this aspect of security is often overlooked. That’s why you should:
  1. Encrypt your emails and measure emails you send
  2. Try to avoid the use of public networks unless you are also using a strong Virtual Private Network to protect your connection as you work. On these networks, hackers often lurk, hoping to intercept private communications and account information. It is one of the most common causes for data theft, and it is entirely preventable.
  3. Make sure to completely separate any devices you and your team use for work and any devices they use personally. Personal devices will often have more lapses in security, and increasing the number of devices you use for mobile marketing (even if it is just checking email) will increase the number of privacy vulnerabilities.
safe email

Email encryption tool Criptext

Adaptation and the Changing Internet Landscape

The privacy issues of this year will not necessarily be the privacy and personalization issues of next year. The professional mobile marketer must keep up to date. This is especially the case with changing legal restrictions, as privacy concerns are coming to the forefront with the recent Apple “backdoor” case and some lawsuits involving data leaks (the T-Mobile case being chief among them).

Redundancy is often your friend, so have a clear plan as to how to react to a new set of restrictions that make gathering marketing metrics more difficult. Are authorities cracking down on GPS locating? Ask users for region information and give enough region options for you to be able to make marketing and targeting decisions. Write down every metric and statistic that is vital to you right now, and then try to come up with a way that you could find an alternative. That’ll be the beginning of your contingency plans list.



Remember that data privacy is a complex topic and that there are many other variables that you need to consider based on the specifics of your business and product. A simple gaming app might not require as much data as one focused on productivity and life management, for example.

What you do need to work out is a clearly drawn line of personalization and options that can help make the consumer feel like every necessary safeguard is in place. After that, you need to make every effort to keep any data you and your brand have safe. Assure consumers that their information is kept anonymous and used for their benefit.