In the Russian Federation, a preliminary standard for mobile applications with 87 requirements for their functionality
Rosstandart officials have approved a preliminary standard for mobile applications in Russia. It contains 87 requirements for software functionality, as reported by Kommersant. One of the main requirements is the possibility of free familiarization with the possibilities of paid software. So far, the standard itself and its requirements are purely advisory in nature, but the developers of the document believe that when creating new applications, it is worth focusing on it.
Requirements are divided into several categories, including the quality of mobile applications, usability, security, performance. Ilya Loevsky, Deputy Head of Roskoschestvo, said: “Previously, Russia did not have state standards in the field of mobile applications, and the developers were guided by corporate guidelines, in particular Google and Apple.”
So, users should get all the necessary information about what data the application will collect and how the user's personal data will be processed and stored. Information should be available on who can access user data in any case. According to the new standard, any user has the right to refuse to collect data and use any application. Most importantly, all personal data of users should be stored in Russia, which is determined by the so-called "Spring Law".
Another important requirement of the standard is to notify users of any application whether personal information will be used for advertising in one form or another. Paid applications should have a lite-version with the possibility of testing the main functions of the program. If the user of the application is suitable, he can buy it. But this will happen only after the one who downloaded the application, fully acquainted with it. An interesting requirement of the standard is the need for a lack of critical vulnerabilities. At the same time, applications should be updated at least once a year; there should be no intrusive advertising in them. Developments are obliged to respond quickly to user questions.
Officials believe that the new standard is intended to become a “reference point for organizations in the development of mobile products.” It is planned to enter into force on October 1 of this year, as reported by representatives of Roskachestvo. Ilya Loevsky said that these standards, if necessary, can be used by all interested persons, including organizations of the countries of the Eurasian Economic Union. Loyevsky is sure that in three years the standard will receive the status of "GOST R" and will become indefinite.
Not all developers are satisfied with the new initiative of officials. In particular, the senior Node.js developer Yury Bushev expressed his opinion. He stated that about 60% would pass the test for compliance with the requirements of the described standard.
Indeed, most applications are “struggling” to get as much user personal data as possible so that later developers or their partners can use the collected information to monetize in one form or another. But be that as it may, many developers believe that an attempt by the state to protect users of applications will not have a significant effect.
This is explained by the fact that the status of a “preliminary standard” does not absolutely oblige the organization to fulfill its requirements. Moreover, the new standard contains almost no clear technical requirements. It is possible that people who are not very familiar with the realities of the IT sphere worked on the standard. Be that as it may, there is a far from non-zero possibility that the standard will become a necessary condition for application developers for the state.
Large companies are most likely not interested in this GOST, but for young developers it may be useful and warn against simple mistakes that beginners most often make. In addition, the standard will not solve the problem in the event of a conflict between the developer and the user, since the latter does not have the right to require the manufacturer to comply with this set of requirements.