In the wake of #FaceApp privacy discussions, below are some practical tips on privacy-aware mobile app design from a still relevant 2013 guidance from the United Kingdom's Information Commissioner's Office. (ICO)

• Get consent for non-necessary features like personalization suggestions.
• Assign random numbers to users that are only used in the app.
• Ensure that, by default, your app strips out unnecessary metadata from each image before it is uploaded, which may include the creation date or location of the image (stored in Exif format).
• Wherever possible, use less precise location — for example: have the device itself work out where the nearest town is and use this location, avoiding the need to send exact GPS coordinates of the user's location back to the central server. Users who want results based on their accurate location can change the default behavior.
• Allow your users to permanently delete their personal data and any account they may have set up with you. You should only make an exception if you are legally obliged to keep the data
• To collect usage or bug reporting data — try to use anonymized data. If you rely on anonymization, it must be performed thoroughly so that there is negligible risk of re-identifying a user from the data.
• Your app should only request access to the sensors, services or other data that are necessary. If the operating system does not give you the granularity you require then you can provide additional information to users about exactly why a specific permission is needed.
• If you have performed a privacy impact assessment, then you could consider publishing it in order to increase transparency and further establish trust.
• If you develop for multiple platforms, ensure that you take account of any differences between mobile platforms and their respective app stores —information and features provided by one platform are not necessarily provided by another.
• Pay particular attention to highlighting any actions that would be unexpected or considered onerous by the user. Conversely, do not hide important information or otherwise mislead the user.
• Consider just-in-time notifications, where the necessary information is provided to the user just before data processing occurs. Notifications like this could be particularly useful when collecting more intrusive data or if data is being processed in an unexpected way or for more sensitive data. For example: GPS location, uploading data to the internet or for prompting users about features of an app that they are using for the first time.
• Consider using clear and recognizable icons to indicate that this is occurring and, where necessary, the option to stop (eg to cancel an upload).
• If your app is supported by advertising, make this clear to your users and give information relating to any analytics you might have included within the app.
• Give users a granular choice where possible. This allows the user to make meaningful decisions rather than giving the user a single 'all or nothing' choice
• Allow your users to easily review and change their decisions once the app is installed and in use. Give them a single and obvious place to go to configure the various settings within the app and give them privacy-friendly defaults. It should be as easy to disable a setting as it was to enable it.
• Research good security practices and adhere to them, both in the design of your app and the design of any central servers that the app communicates with.
• Before uploading of activities, a confirmation dialog is displayed and a progress bar is displayed with a "cancel" option.
• Where multiple reminders may cause an interruption to the user experience, an option to "remember this option" is used with the option to disable found in the settings page.

Odia Kagan is a Partner at Fox Rothschild and chair of the firm’s GDPR Compliance and International Privacy Practice. For assistance, contact Odia at okagan@foxrothschild.com or 215.444.7313.