"It means just what I choose it to mean..." Why the App Stores are like Humpty Dumpty

Who makes the law? If you are working with Google Play, iTunes or the Windows Phone store then your first port of call may be their developer agreements – irrespective of what you understand is permitted under applicable laws.

Who makes the law? If you are working with Google Play, iTunes or the Windows Phone store then your first port of call may be their developer agreements – irrespective of what you understand is permitted under applicable laws. As a mobile only or primarily mobile player, if you need their distribution, then their rules may be the ones that count even if different or stricter than applicable national laws.

The Google Developer Agreement is generally as may be expected: it requires Developers to comply with all applicable laws and asks to be indemnified against any breaches. However, the Policy Guidelines and Practices (which are made part of the agreement and breach of which can result in your applications being taken down) are more prescriptive e.g. in the areas of intellectual property, personal & confidential information, sex & nudity, and spam. The iTunes Program License Agreement (account needed; certain versions may be available on the web) has a similar tone and more detail in some of these areas, but with comparable App Store Review Guidelines. For ‘completeness’, here are the not dissimilar App Developer Agreement and Store Policies for Windows Phone.

Whether based on an assessment of their actual potential liability as an intermediary, a belief that developers may not properly know or investigate laws (or be in any position to indemnify the stores), or simply keeping out of trouble, this certainly makes the stores’ review and management of applications easier. Their gatekeepers only need to look at one set of rules and apply them (and in practice this may be the only feasible way for them to work). So, for example, intellectual property infringement cases are easily and quickly solved by reference to the policies and not to any particular legal system (tip: having a registered trademark anywhere can be very effective in convincing the stores to act against copycat apps).

However, the effect of this is to remove grey and borderline areas from developers’ businesses. Even if you are responsible and correctly analyse the law as it applies to your applications in the markets you target, or have decided any risks are manageable, these catch-all policies mean you have to play by the stores’ risk-averse rules. This is despite the differences between territories – so if your application is targeted only at one territory (e.g. India where detailed data protection laws are not yet developed) you will end up complying with the stores’ policies which are based on a high standard (more comparable to protective data EU laws).

If your application is only mobile then your business model will need to be tailored around the store rules. Contrariwise, if you have a mobile and web business then you might still work in line with national laws for the web side and store rules for the mobile side. I’m not convinced how effective or advisable this is, but we even see such artificial (and possibly meaningless) formulations as the following (ID removed):

“Where the XX App is obtained from other sources than Apple App Store or Google Play, You may share the names, numbers and email addresses contained in Your device’s address book (“Contact Information”) with XX for the purpose described below …. Where the XX App is obtained from Apple App Store or Google Play, we will only use Contact Information for sourcing and recognizing and recommending You to people You may know within the XX community.”

Of course complying with the store policies doesn’t take the place of complying with local laws where your app is marketed and used, nohow. However, as a mobile only or primarily mobile business the store agreements and policies set a high bar which may mean that more aggressive or risky strategies based on local laws won’t get off the ground. Even though termed “guidelines” and “policies”, these documents are not optional (and the stores have wide discretion in their application and do make checks). The baseline of the “law” regarding what your app can do? Like the Humpty Dumpty theory of language it’s what the stores say it is.

(Illustration, Sir John Tenniel, Through the Looking-Glass)


READ THIS NEXT: I received a request for user data from a police force. Do I have to comply?