But You Get Badges And Networking Opportunities…

*Note 2/8 at 5 p.m., if you’re just joining us– ACRL did respond to a few of the privacy questions in the comments. I have not seen the Lightning Talks voting addressed as yet.*

I was troubled this week to learn that ACRL is promoting an app specific to those of us attending ACRL 2017. It struck me as a waste of phone space and of limited use. But what particularly surprised me was that in a “Welcome to the Conference” email, I was informed that the only way I could participate in voting for Lightning Talks was to download this app.

A colleague of mine has a lightning talk that I’d really like to see presented–and this then backs me into a corner. No alternate option was given, nor was there a specific contact on the email (the response email went directly to ACRL’s general inbox). So I tried to download it. A waste of phone space, yes, and annoying…

And also attempting to invade my privacy.

On my Android device, the app aggressively pushes for access to my device’s contact list. There is no apparent need for this and when I chose “Deny” the app kept rerouting me to try and get me to agree. **See the screenshots at the bottom for what it looks like**  Android has the option to “Deny and check here to stop it asking this again.” 

Once you finally get those pop ups to stop, now you are required to fill in at least some part of the manually entered profile to get to the app. Again, no clear way around this and no apparent need for this. You can’t click on a “do this later” or anything like that. Trying to get out of the Profile page sends you back on a loop of “we need to access your contacts.” So at minimum they have an email address, first name, and last name and even then you have to guess/try to figure out how to get to the full application. (Note: A hard return will do it after you fill in the last name) I leave it to the usability experts to clarify how this might also be a usability issue.

By the time I actually got into the full app, I was more than a little suspicious of what else it was signing me up for, so I went to check the settings. The default is that all of them are turned on. This includes a variety of notifying people when I/others check in, automatic blue tooth beacon alerts, and receiving private messages from anyone else with the app. What it didn’t include was any information of what was being done with information we put into this app.

The responses I got from ACRL when I shot off a few questions were not adequate.

  • They were surprised to hear about the Contacts requirement that the app was asking for. I sent the screenshots below but how do you not know what happens when the app is installed?
  • They said the app could be used at more than one ACRL event. But the conference is every two years and I really don’t want an ACRL app, LITA app, ALA app, STS app, etc. Nor do I want my other organizations to suddenly jump on this bandwagon so additionally I end up with an RDAP app, IASSIST app, Code4Lib App…
  • They went with an app rather than a mobile site due to feedback from last year. I am not convinced of the tradeoff for a universal ALA/Divisions mobile website for conferences.
  • In response to my question about the all Opt-Out settings, I got a generic statement about respecting people’s privacy. Considering the profile information being required and the settings, I am not convinced of this.
  • Regarding the Lightning Talks–both the email I got from ACRL and a lovely person on the Innovations Committee on Twitter offered to take my votes in some other way and ensure they get counted. This is not a viable option, only available to those of us frustrated on social media. There should be an option for those who do not have a smartphone or other device or who just do not want to use the app.

The latest Pew report I could find from 2015 tells me that we have ~64% saturation of some type of smartphone. That is by no means universal and I find that presumption from ACRL incredibly off-putting. This tells attendees who don’t have a Android/Iphone smartphone that they cannot participate in shaping the Lightning Talk session.

This app is also asking for my contact information and a suspicious depth of profile information in exchange for notifications I probably don’t want. Where is that information going and who has access to it? How much does the app maker DoubleDutch get? Should I expect vendor spam from them now that they have my work email? Is someone archiving all of the content captured in the app and if so, for how long and will that be searchable? None of this is clear. LITA and the ALA Information Freedom Privacy Subcommittee just put out checklists for Patron Privacy. Perhaps we need one for organization privacy as well?

ETA: Eric Hellman tells me the screenshots may not be embedding. I’ve also shared the Google Album here: https://goo.gl/photos/kdHvrSbUSGimy8wG7

 

5 Comments

  1. Comment by eric:

    The iPhone app is useable without giving them access to your contacts. But it won’t let you display your Twitter handle and throws errors if you don’t. But you can review the app in one of the polls! Android in general does a poor job of managing app permissions.

    This looks like unthinking app design; ACRL should complain to the vendor. It’s good that you mention the vendor, Doubledutch, by name in this post- they are likely to be sensitive to public criticism.

    Having said that, there are some privacy advantages along with the disadvantages to using an app rather than a website for this. I don’t think having a conference app is a bad idea; this app is fixable.

  2. Comment by ACRL 2017:

    Thank you for raising these concerns.

    The minimum level of information required to use the app is email, username and password. The rest is optional.

    The app does ask if you want to sync your Linked in profile to make it easy for you to use the app (so you don’t have to fill out another profile manually when your LinkedIn profile is already publicly available).

    The app does ask if you want to sync your contacts with two equally visible “Deny” or “Allow” buttons.

    The engagement features of the app are hard coded by DoubleDutch to opt-in but easily turned off in the Settings of the app.

    In response to specific questions:

    – Where is that information going and who has access to it?
    The information gathered from the app is stored in DoubleDutch’s database and is only accessible by the event administrator.

    – How much does the app maker DoubleDutch get?
    DoubleDutch does not in any way use or profit from any data that is collected from the app.

    – Should I expect vendor spam from them now that they have my work email?
    Neither DoubleDutch nor ACRL sell client/attendee emails or private information from this app to vendors.

    – Is someone archiving all of the content captured in the app and if so, for how long and will that be searchable?
    DoubleDutch does collect data of all actions taken in the app and store it in our highly secure database. This information is only accessible by the event administrator and no one else. It is searchable for 2 months post event.

    For further questions about privacy and the app, please see: http://doubledutch.me/privacy-policy/

    These concerns that have been raised are important ones and we will consider these principles in future app development projects.

  3. Comment by Natalie Clairoux:

    I am using the app on my iPad and did not get requests to access my contacts. I find the app useful to set up my personal calendar, and my Twitter feed is integrated as well. If it is similar to the app I used last year at MLA’s Mosaic conference, then we may be able to view posters etc. after ACRL 2017. I wouldn’t recommend using a phone to access this type of information though – screen is too small (plus my phone is 5 years old so yes, not enough memory space :))

  4. Comment by Abigail Goben:

    It does sound like the Apple version is a little better– but you confirm one of my points. I don’t want apps for every conference I attend.

  5. Comment by Abigail Goben:

    Thank you for responding and addressing some of the concerns about privacy. However :

    1) This does not address the lightning talk voting issue.

    2) “The app does ask if you want to sync your contacts with two equally visible “Deny” or “Allow” buttons.” — As I said in my blog post, choosing Deny cycles you around and around and around as the app tries to continue to demand access. This is (a) poor design and (b) the app shouldn’t ask for this at all.

    Future app develop projects? Why not a good mobile website that could be repurposed across ALA?