Mobile Security Audit Icons v1

I’ve been thinking about some ways to improve a user’s understand or perception of what an app or service does or does not provide in the way of security, privacy or protection. This work is inspired by other efforts, including Mozilla’s Privacy Icons and the television and video game labeling standards. I think it is time that developers come up with a way to accurately communicate the benefits and risks their app brings, especially one it comes to personal or sensitive information, or users in high risk situations.

I began by breaking down the areas of possible concerns into three groups: User Identity (including location), Network Connectivity, and Data Storage & Access. These represent, collectively, who and where you are, how and when you are connecting and what you are accessing or sharing. I came up with a brief description of the positive and negative impact an app or service could have in each area. I then designed a basic icon for each, came up with a color scheme and a matching positive or negative charge indicator.

The goal of the icon design below is to indicate whether an app or service deals with these three areas of possible concern in a positive (go green!) or negative (warning yellow!) way. Very rarely will an app address all three, though sometimes used in combination a solution can be made to do so. In some cases, an app might provide a benefit in one area,while proving detrimental in another. We might also include one or two more icons to indicate how the security of the app was verified, a + meaning open-source, fully commercially audited, and a – meaning it only has a “trust us” model for security.

I hope to begin using these to label the apps and libraries provided by the Guardian Project to help better educate our users. If there are similar existing ways to label apps out there, we would be happy to consider them. Otherwise, please provide feedback below, or steal our cc-licensed SVG file, and make your own variations.

Leave a Reply

Your email address will not be published. Required fields are marked *