The California Consumer Privacy Act (CCPA) governs how companies can capture and use data of their consumers. This act establishes new rights for every citizen living in the U.S. state of California. It is similar to GDPR in European Union (EU) region in terms of privacy rights. The CCPA is something that business owners have to consider because it applies to product or services databases, websites, and mobile apps.

To comply with the legislation, developers have to make sure that they are following all rules under CCPA when building a mobile app. In this post, let's discuss how you can build CCPA-compliant mobile applications with the Crowdbotics App Builder.

Main requirements of CCPA

The CCPA grants any consumer based in California control over their personal information that businesses collect about them. This also includes a list of all third-party sources that the data is shared with. The main agenda of this new act is to allow an app user to:

  • request deletion of their personal information the app is collecting
  • request to know how the data is collected and how it is shared further with third-party services
  • opt-out of the sale of their personal information
  • not be discriminated against for exercising their CCPA rights

Personal information constitutes several things. Here are relevant forms of data when it comes to using and collecting a user's personal information in your mobile apps:

  • Any personal identifier such as name, residential address, IP address, email, driving license number, social security number, and passport number.
  • Biometrics data
  • Geolocation data
  • Professional information, such as that of an employee

How do I know if my app needs to be CCPA compliant?

CCPA was passed in the state of California on January 1st, 2020. Any business based in California is subject to CCPA. Moreover, a company does not have to be physically located in California for CCPA to apply; if their online services are operational in the state of California, CCPA applies.

CCPA has a strict set of rules that apply to only a certain set of businesses and applications. The majority of apps won't meet all of the following criteria. However, if your business matches any instance of these criteria, the CCPA is applicable.

  • The business has a revenue of more than $25 million (USD)
  • The business buys, sells, or receives the personal information of 50,000 or more California residents, households, or devices
  • The business generates 50% or more in annual revenue from selling California residents' personal information

If any of the instances are applicable to the type of application you are developing, you have to make sure that the mobile application is CCPA compliant. Do note that this is only applicable to for-profit businesses and not to non-profit organizations or government agencies.

How can I determine if my app is CCPA-compliant?

The CCPA contains clear and precise requirements with which your app must comply. To meet these requirements, here are the steps you can take to ensure compliance:

  • Adopting security practices with a focus on tracking, accessing, and storing data. The app is required to keep a consumer's data secure by avoiding any potential threats and vulnerabilities. In the later stages of app development and deployment, testing for security vulnerabilities should be considered. This approach can avoid any penalties for not following the data by complying with CCPA and keep the data secure.
  • Update the app's privacy policies and provide the same information regarding this. The CCPA requires you as the app developer to specify a purpose for collecting consumer's data and what kind of information is being collected.
  • Maintain the transparency of how and where the consumer's information is shared. For example, let's say the app you are building does not sell personal data for marketing purposes, but it relies on the usage of some third-party modules. There are going to be some circumstances when sharing data with these third party modules is a requirement. You should specify how the data is shared with any of these third-party modules, and for what purpose.
  • There should be a clear way to let the consumer exercise their rights which fall under CCPA, such as a request to delete stored app data from their account.
  • There should be a clear way to inform consumers about privacy policies in the app. Having a separate section or a webview page in the mobile app is the general practice many mobile applications use. This way, when updating the privacy policies in the future, it becomes easier to notify the consumer.
  • The consumer should have an opt-out option subject to their consent, especially in cases where the consumer is a minor and under the age of 16. This is important when your business is selling their information unless it is explicitly authorized by the consumer. In the case of minors under the age of 13, explicit authorization is required from their parent or guardian.

try our app estimate calculator CTA image

How to implement CCPA compliance using the Crowdbotics App Builder

The essential steps you can take as an app developer when building a CCPA-compliant mobile app is to implement a privacy policy and properly handle the app user's permissions for personal or sensitive data. In this section, we are going to cover an example when adding a particular module in your app with the Crowdbotics App Builder.

Before we proceed, please make sure to have an account registered with the Crowdbotics App Builder and have access to the dashboard and other screens such as Storyboard. If necessary, brush up on how to Scaffold a new Custom Mobile App with Crowdbotics and create a new demo app with the App Builder.

Once the scaffolding process is done, you are going to be welcomed by the Storyboard screen. This editing tool provides a logical flow to maintain a collection of your app's screens.

The first module we are going to cover is called Maps and is used to capture and use a user's geolocation data. Geolocation data consists of a user device's coordinates in the form of longitude and latitude. The Crowdbotics App Builder provides a built-in Maps module that you can drag-and-drop directly into your app to add Maps functionality.

At the Storyboard screen, from the right panel, select Modules and then add the Maps module by drag-and-drop on the Storyboard. Click the save button.

This screen module is now added to your RAD stack app. To add the necessary permission to access the location on the user’s device, you have to take care of both iOS and Android platforms. This requires some manual coding, so click over to your source code from within the Settings page.

On Android devices, to prompt for any type of permission, you need to add the code to request access to the location. Open the file [Your Project Name]/android/app/src/main/AndroidManifest.xml add the following <uses-permission> tag in the manifest file.

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />

The last step is to install and add the react-native-permissions in the Maps/screens/MapsHome/index.js file in your React Native app. The module react-native-permissions requires that to specify the wanted permission for each platform to request user's access.

// after other import statements
import { PERMISSIONS, request } from 'react-native-permissions';

request(
  Platform.select({
    android: PERMISSIONS.ANDROID.ACCESS_FINE_LOCATION
  })
);

On an Android device, this is how permission is prompted to the user. They now have the option to either grant or deny permission.

To access the similar features on an iOS device running the latest version, you have to add the following permissions in the file ios/[Your Project Name]/Info.plist:

<key>NSLocationWhenInUseUsageDescription</key>
<string>Allow "geoWeatherApp to access your location while using the app?</string>

On the iOS platform, the module react-native-permissions requires you to include the appropriate permission handler. In our case, we want the app to access the user's location when the app is in use. Thus, add the following to the ios/Podfile:

source 'https://cdn.cocoapods.org/'
platform :ios, '9.0'
require_relative '../node_modules/@react-native-community/cli-platform-ios/native_modules'

// ADD THE FOLLOWING
permissions_path = '../node_modules/react-native-permissions/ios'

target 'ccpa_demo_21860' do
  // ADD THE FOLLOWING
  pod 'Permission-LocationWhenInUse', :path => "#{permissions_path}/

// REST OF THE FILE REMAINS SAME

Then, from a terminal window, make sure to execute the following series of commands to install the cocoapods for permission.

# at the root of your project directory
cd ios/

pod install

# after the pod is successfully installed, navigate back to the root directory of the project
cd ..

The last step is to add the ios platform when requesting permission to use the device's location in the file Maps/screens/MapsHome/index.js.

request(
  Platform.select({
    android: PERMISSIONS.ANDROID.ACCESS_FINE_LOCATION,
    // Add the line below
    ios: PERMISSIONS.IOS.LOCATION_WHEN_IN_USE
  })
);

Here is an example of how the app prompts permission for geolocation access on an iOS device:

This set of permissions is an example of how you can build a mobile app that complies with the CCPA. Other CCPA considerations, such as the right to erase data or asking for consent and the inclusion of a Privacy Policy (which is a highly customized screen to add to an app) are organizational and technical priorities that fall outside the scope of the Crowdbotics App Builder.

Conclusion

Now you know how to build CCPA-compliant apps with the Crowdbotics App Builder, and, more generally, what the main requirements are to build a CCPA-compliant mobile app. CCPA compliance is made possible via Crowdbotics' full-code approach to build mobile apps, in which users have total control over the way their data is processed in their Crowdbotics app.

An app generated with the Crowdbotics App Builder tool comes with default permissions, specifically the ones we have discussed in the previous section. To build an app, Crowdbotics offers both the low-code Crowdbotics App Builder and managed app development by expert PMs and engineers.

For further reading on CCPA, check out this resource. To learn how to build mobile apps with Crowdbotics App Builder, please read our guide to building a custom mobile app with Crowdbotics.