DDL Privacy Q&A for Mobile App


As part of the delivery of a mobile application to be published by a customer, Gemalto has to provide the following information to the customer: 

1- Device & App history 

Does the App allow to view one or more of information about activity on the device, which apps are running, browsing and bookmarks? 

No, the App doesn't allow to view any activity on the device.
However, the App will only show its own transaction history. 

2- Location 

Does the App use the device's location: Approximate location (network based)

Precise location: GPS and network based? 

Does the App notify and obtain user consent before collecting, transmitting or using location data? 

No, the App doesn't use any location information (neither network based nor GPS based).
Yes, before sharing any data, the App specify the data sharing (type of data) and requires the user consent to proceed. 

3- Identity 

Does the App find account on the device, add or remove accounts?

No the App doesn't add or remove any accounts on the device.
The app will only allow the use of the applicative account stored inside itself. 

4- Photos/media/files 

Does the App uses one or more of: files on device such as images, videos or audio, the device's external storage? 

No the App doesn't use any photo, media files stored on the device's internal or external storage.
The App use some pictures & information provided by the user when enrolling to the service. The enrollment is performed by the relevant authority in charge of the digital document. 

5- Wi-Fi connection information 

Does the App allow to view information about Wi-Fi networking, such as whether Wi-Fi is enabled and names of connected devices? 

No. 

6- Device ID & Call information 

Does the App allow to determine the phone number and device IDs, whether a call is active and the remote number connected by a call? 

Not at all 

Does the App also records and transmits anonymized network performance data for analysis by Analytic Engine. This data is used for the purpose of assessing network quality of service issues. No personally identifiable information is recorded or transmitted, including no key press information, no contact information, etc.? 

No 

7- App description 

Digital Document Wallet Application. It allows the end-user to install and use a valid digital driver license. Prior to use this App, the end-user shall contact the relevant authority in charge of driver license in his country and then to enroll to the DDL service. This App does not grant any driver license rights.
With this App, the end-user can use his DDL to prove his driving privileges, to allow reading of the information across issuing authorities and law enforcement, to selectively authorize the release (sharing) of information from his DDL to a DDL reader (to give a proof of age for instance, to show his driving class entitlements to a car rental company….) 

8- App Permissions

Does the App require access to certain systems within your device? When you install an application, you are notified of all of the following permissions required to run that application:

Access to Bluetooth

Access to NFC (if supported by smartphones)

Access to the Camera (to scan QR code)

Access to Face ID (for compliant iPhones)

9- Encryption

Does the App send data over unencrypted (HTTP) or an encrypted (HTTPS) connection?

Yes it sends data over an encrypted communication channel.

10- Explain why the data are being collected, when and for what purpose

Collected data:

  • phone model,
  • OS version,
  • reason of installation failure if any,
  • if the installation process was not completed, at what stage the user stopped

Data is anonymized.

Purpose is to get analytics on smartphone fleet (marketing studies) and the reason of failure to report to our customers/ to improve our product

11- Do you assign an appropriate rating to the App?

No Rating.

12- Can the App be downloaded by children?

Yes, it can be downloaded by the children, the downloaded App is not configured. Configuration of the app would require end-user to enroll to the DDL, following local regulations.

13- Does the App comply will all the terms and conditions explained in the Apple iOS Human Interface Guidelines?

Yes

14- Does the App use trademark, service mark or images of Google, apple, BlackBerry or other market store owners?

No