Office of Operations
21st Century Operations Using 21st Century Technologies

Smartphone Applications To Influence Travel Choices: Practices and Policies

Chapter 5. Current Challenges

Although smartphone apps have become ubiquitous, a number of significant challenges remain for app developers, mobility service providers, and public agencies. Five key challenges affect the adoption and effectiveness of smartphone apps, and best practices to overcome these challenges are explained in the following section.

Privacy Concerns

smartphone displaying mobile security screen
Source: Thinkstock Photo

Numerous studies indicate that people are either unaware of what private information they are exposing or they do not understand what information they are consenting to share (Miller, 2014). Privacy policies for most software companies and app marketplaces (e.g., Apple, Google) are often written in legalese, making user agreements long, confusing, opaque, and challenging to understand for the vast majority of users. All too often, app marketplaces have multi-page user agreements with fine print that software companies "expect" users to read and provide consent. For example, Apple’s iTunes user agreement contains 56 pages that users are expected to read, tap, and agree (Pidaparthy, 2011). In many jurisdictions, selecting "agree" constitutes an electronic signature akin to typing your name in an email or signing a document with a pen. In other cases, apps may intentionally or unintentionally collect a wide array of sensitive and personally identifiable information (PII), such as location history, email addresses, phone numbers, financial information, and usage history of the apps installed on their phone and mobile Internet browsing history. Privacy and security concerns are further complicated because vulnerabilities may exist on many different levels, such as through the app, API3, the cloud, or hardware.

One possible privacy breach may occur between apps and APIs. According to a recent report by the analytics service "SourceDNA," hundreds of apps in the iOS App Store were extracting PII user information via private APIs, although Apple had forbidden the apps from engaging in this type of practice (Perez, 2015). The report found that the applications in question had been using a software development kit (SDK) from a Chinese advertising company called "Youmi," which was accessing this information by way of private APIs. After confirming its validity, Apple responded by banning numerous apps from its marketplace. Privacy breaches have impacted and have been a notable concern among other operating systems as well. Google has stated that any new APIs being proposed must either be "safe" by default, or in the case where some capability is being granted that may negatively impact the user’s security or privacy, this capability should be granted through a user interaction that is natural and understandable to the individual (Fetter and Eisenger, 2013).

In addition to security, there are growing concerns about the use of sensitive geospatial user data. In June 2015, the Electronic Privacy Information Center (EPIC) revealed that Uber would soon track and report back the whereabouts of its users even when they are not using the app (Thomson, 2015). Specifically, EPIC claimed that the ridesourcing app collected the location of its users via their smartphones’ GPS tech even if the app is running in the background unused. EPIC further claimed that if a user switches off the satellite service, the app would continue to use the smartphones IP address to approximate the user’s geographic location. Similar reports indicate that other apps both in the iOS and Android environment use location data of their users to provide them customized service (Thurm, 2010). This represents one example where users may not understand the type and implications of the data they are sharing on their smartphones.

Cloud privacy can also be a significant user concern. Increasingly users are backing up data in the cloud for convenience, multi-device access, back-up, and storage expansion. Users may not be able to opt-out of this functionality. For example, Apple requires its iPhone users to create a mandatory iCloud account, where it backs up all data from the smartphone, including deleted data. While Apple insists that the data are secure and no one but the user can access it from their iCloud accounts, recent cases where personal pictures of celebrities were hacked from their iPhone and iCloud accounts may indicate possible security vulnerabilities with cloud storage systems (Whitman, 2015).

While improving the privacy of all app users continues to evolve, a few significant developments are strengthening user privacy. Google has introduced stricter rules for Android applications to reduce the number of malicious apps in the Google Play app market (Ashford, 2012). Developers have been warned that apps that introduce security vulnerabilities, spread malware, collect information without authorization, or "harm user devices" will not be permitted in the Google Play Store. Malicious scripts and password phishing scams are also now prohibited on Google Play, as are applications that cause users to unknowingly download or install apps from sources outside of Google Play. Apple is also focusing on privacy. To address the "fine print" and "legalese" challenges associated with privacy and user agreements, Apple has started introducing user agreements written in clear language in the new iOS9 update (Panzarino, 2015).

When it comes to privacy issues—whether at the app, cloud, or smartphone level, privacy is a two-way street. End users should exercise caution and due diligence in reading the privacy policies, be aware of spam links, and avoid "copy-cat" versions of mainstream apps. Likewise, app manufacturers have an obligation to design their apps to provide necessary security, and app marketplaces could play an important role in ensuring that apps distributed on their sites are secure and free of security vulnerabilities and malware. Public agencies and governments may be able to address a wide array of privacy issues through security standards and consumer privacy protection laws.

Open Data and InterOperability Among Services and Modes

It is common for apps to share data with third-party apps and services (including APIs) to provide a seamless user experience and enhanced functionality. Most location-based services, such as Google maps, use search histories to recommend and advertise an array of products and services to their users. For example, when a user searches "Starbucks" on Google, the search usually includes a map of the nearest Starbucks outlets at the top of the search browser. Similarly, an app, such as "Moovel," which is a multi-modal trip aggregator, uses data from public transit apps and traffic data to provide the user the "optimum" multi-modal route available, based on user preferences, such as least expensive fare, fewest transfers, shortest waits between connections, etc. Although open data has provided new opportunities, it also creates a number of challenges for app developers and end users.

One major challenge for app developers is the need to design the same app for several mobile operating systems, such as iOS, Google Android, and Microsoft Windows. Different operating system and marketplace requirements make it difficult and costly for developers to create cross-platform apps. Similarly, creating a uniform look and feel across devices can also be a challenge. Replacing native apps with browser-based functionality that can work across platforms may be one way to address this challenge.

As previously discussed, privacy challenges also re-emerge with open data and data sharing among services. Any API that facilitates data sharing among apps without user consent can create a number of ethical and legal issues. How much data are wise to share among services and how best to protect these data can vary by circumstance. Generally, providing the end user with a very clear and limited consent process is a best practice. For example, rather than having an end user consent to sharing all data with third parties, allowing a user to choose what data to share is more ideal (e.g., billing information, travel history, search history, etc.). This gives users more transparency and control over the type and extent of information they share with third parties.

Data can broadly be divided into three types: 1) open data, 2) proprietary data, and 3) personal data. Open data are data that are publicly available for download or through APIs. Proprietary data are data related to the company or corporation including copyright, patent, or trademarked material (e.g., proprietary code). Proprietary data can also be important to a company’s business plan or growth strategy. In contrast, personal data includes email addresses, phone numbers, and other PII. Personal travel behavior (e.g., origins and destinations) and IP addresses (to the extent that they can identify a particular individual or location) also constitute personal data. Protecting all three types of data, while still enabling information sharing with other apps and services, is a continual challenge confronting developers. Industry-wide security standards, data sharing practices, and common computer languages may assist in addressing this challenge. Increasing public awareness is also important so that people understand the benefits and risks associated with sharing their personal information (Roberts, 2014).

App Authorization

In many cases, users must download smartphone apps through an app marketplace maintained by the operating system manufacturer (e.g., Apple’s App Store, Android’s Google Play, etc.). A developer interested in publishing their app initiates a request to the operating system manufacturer (e.g., Apple or Google). This is designed to keep the app ecosystem healthy and to protect users from low-quality, insecure, or malicious apps.

Based on nearly 70 reports released by developers in 2014, it takes an estimated eight to ten days for Apple to approve a new app in its App Store and an average of seven days for Android’s Google Play marketplace. Apple has reported that the iOS App Store had approved 89% of new app submissions, and 95% of submitted app updates, within eight business days (Friedman, 2012). Other reports have cited a lengthier app approval process, averaging 22 days (Friedman, 2012). A lengthy approval period could create problems for app developers, particularly when they attempt to quickly push an update to address compatibility issues, correct critical errors, or fix security vulnerabilities. Often times app developers are at the mercy of app marketplaces; however, accelerated approval processes and increasing awareness of this challenge by app marketplaces may be mitigating this developer concern.

One strategy to overcome the delays associated with app authorization is for companies to develop mobile websites (accessed via a mobile web browser) instead of a native smartphone app. Many experts believe that smartphone apps may be replaced by mobile websites in the long run (Magid, 2015). Similarly, Google also stated that it believes apps may be replaced with mobile sites (Magid, 2015). Mobile web-based platforms not only address challenges associated with app authorization delays, but they can also relieve app marketplaces of potential liabilities associated with security vulnerabilities and address cross-platform compatibility issues, negating the need to develop operating system specific apps.

Accessibility Considerations

Another challenge confronted by public agencies, app developers, and manufacturers is how to address accessibility issues related to smartphone apps.

Bridging the Digital Divide

Mobility consumers are becoming increasingly dependent on smartphone hardware and applications, and the data packages required are often expensive for low-income households. While some state and federal programs exist to provide reduced cost mobile service, more education and outreach are key to promote these programs, and program expansion and additional programs are also needed.

In 1997, the Federal Communications Commission (FCC) established the Universal Service Fund (USF), as part of the Telecommunications Act of 1996. One key program component, known as Lifeline, provides a subsidy of up to $10 per month for Americans below 135% of the poverty line for land line or mobile service (Phillips Erb, 2012). In 2015, the maximum income threshold for the contiguous U.S. was $15,890 and $32,734 for a household size of one to four, respectively (United Service Administrative Company, 2015). As of 2012, 17 million households received a $9.25/month subsidy through the program (Malter, 2012). In 2012, the FCC announced its intention to transition the Lifeline program from basic mobile phones to Internet-capable smartphones (Henry, 2013) (Federal Communications Commission, 2012).

Service and Data Limitations in Rural and Less Urbanized Locations

Some mobility services may not be available in less urbanized and rural areas. Moreover, data speeds and service quality may limit the use of smartphone applications in less urbanized and rural locations. The end user experience of any smartphone app depends on not just the way the apps are coded, but also on numerous external factors, such as Internet availability, quality of the network service, and hardware limitations.

Most apps that provide real-time data services require a continuous high speed data connection. This may not be readily available in many rural areas nor affordable to low-income users. Slow Internet speed and limited data availability represent a notable accessibility challenge: many users may not upgrade their apps when an upgrade is available because of limited data constraints. When app developers add new features and fix various problems through upgrades, not installing updates can limit user’s ability to benefit from new features and security updates.

To address the challenge of providing a similar experience for all users irrespective of data speed constraints, many companies have started designing a "lite" version of mobile sites and apps (Felker, 2012). These lite versions may not result in less end-user functionality but instead restructure data use through data caching and asynchronous data exchanges (e.g., supplementing download data through WiFi connections). In addition to consuming less Internet data and operating on low speeds, lite versions of apps may also help conserve smartphone battery life.

Unbanked Users

Smartphone apps with a payment component may not serve the needs of unbanked users (typically lower-income households). Many smartphone apps generally require payment facilitated through credit/debit cards or mobile/Internet banking. If a user is unbanked (they do not have a bank account or a credit/debit card), app-based services with a payment component (e.g., electronic fares and ticketing) may be difficult or impossible to use-leaving behind households that cannot afford to have a credit card or bank account (due to insufficient funds, bad credit history, etc.).

To address this challenge, services may consider allowing alternative payment methods, alongside cashless transactions or programs to bank unbanked users. New programs are now being developed to assist unbanked users open a bank account (Helhoski, 2014).

Washington DC  Capital Bikeshare
Source: Thinkstock Photo

A common concern among bikesharing operators and local governments is low-income access to bikesharing and the requirement to have a debit or credit card for use. In Washington DC, Capital Bikeshare partnered with United Bank and District Government Employees Federal Credit Union (DGEFCU) to allow users to open up a bank account and obtain a debit card. New account holders receive a $25 gift card good toward the cost of an annual Capital Bikeshare membership(Capital Bikeshare, 2015).

Addressing Special Needs

Another accessibility issue is ensuring that smartphone apps are accessible to all users. Accessibility requires apps to be usable by people with various health conditions (primarily older adults), as well as disabled individuals who need assistance. Although the smartphone apps of today have improved tremendously in design, user interface, and power, there has been less progress toward making these apps available for the visually impaired or users with learning disabilities.

For example, Uber has partnered with the National Federation of the Blind and Lighthouse for the Blind in San Francisco to test VoiceOver iOS compatibility that allows blind or visually impaired riders to speak to their Uber app (Uber, 2015). Lack of information about available ADA accessible options may adequately serve all users. For example, some parking apps enable users to access real-time information about parking availability and pricing but exclude information on disabled parking.

Technology manufacturers and app developers are making some progress. For example, Apple has released a list of more than 50 apps that are specifically designed for blind and low-vision users (Apple Vis, 2014). However, this represents only a very tiny fraction of the overall number of apps available on its marketplace. Public agencies, app developers, and marketplace stewards should move toward ensuring that all transportation apps provide user interfaces that serve individuals with special needs. Similarly, special attention should also be given to the user interface, keeping in mind that users may have special needs, such as older adults who may have difficultly operating a smartphone with a touchscreen. Such innovations are needed to ensure that transportation apps provide mobility and accessibility for all segments of society.

Additional Challenges

For app developers, a few other challenges exist. For example, as previously mentioned, another challenge is the interoperability across a growing array of devices and operating systems. In recent years, there has been an increasing number of devices with varying hardware capabilities and screen resolutions (e.g., desktop computers, notebooks, 2-In-1 devices, tablets, smartphones, smart TVs, and wearable devices, such as watches, bands, and glasses). Providing apps for all of these devices is becoming increasingly challenging and expensive for developers and their companies. Additionally, it takes time to develop, test, re-test, and deploy an app across these devices. With new devices and technology entering the marketplace daily, it is increasingly difficult for developers to keep pace with these advances. The release of Windows 10 may be able to address some of the technical challenges associated with interoperability across a growing array of devices. Windows 10 offers developers the ability to create "universal apps" that can seamlessly run and scale across a spectrum of devices, ranging from phones to desktops.

In addition to interoperability challenges, companies must be able to generate sufficient revenue to support the development costs associated with creating and maintaining their apps. In recent years, both ad blocking apps and add-ons have become more commonplace. For example, in its latest version of iOS, Apple has allowed users to block ads on the safari browser and several apps (Tsukayama, 2015). Most developers and companies oppose this feature because they interfere with their ability to generate revenue and provide free or reduced cost services to end users. Most free apps in the marketplace generate revenue from in-app advertising or in-app purchases. Google’s Senior Vice President of Advertising and Commerce, Sridhar Ramaswam, recently said that the industry must agree on advertising standards and address sites that have poor advertising practices (DOnfro, 2015).

3An API, short for "Application Programming Interface," is a set of routines, protocols, and tools for building software and applications. APIs can help developers and smartphone apps share data and information between apps and make it easier third parties to develop apps and incorporate features from existing apps. [ Return to note 3. ]

Office of Operations