Creating COPPA-Compliant Apps With Dynepic playPORTAL™ SDK

Posted 6 years ago by Petr Matej

With 79% of websites and 7 out of 10 smartphones collecting personal information, now more than ever, data privacy is paramount. Laws such as the U.S. Privacy Act, the Health Insurance Portability and Accountability Act, and most recently, the California Consumer Privacy Act all aim to protect personal data.

There are some types of personal data we need to protect more than others—children’s. Recent statistics indicate that 71% of children ages 3-18 use the internet, and 69% of families with children under the age of 8 have smartphones. Furthermore, 38% of children under the age of 2 used a mobile device. How can we keep children safe online and on mobile devices?

In the US, there is federal law called Children’s Online Privacy Protection Act (COPPA) which provides rules for websites, apps, and other services that collect the personal information of children ages 13 and under (https://www.ftc.gov/tips-advice/business-center/privacy-and-security/children%27s-privacy).

Compliance with this act can be a lengthy, complicated, and involved process. Penalties for violations are steep; violations can amount to $40,654 per violation. In 2014, Yelp was fined $450k and TinyCo was fined $300k for improperly collecting children’s information. If you create these kinds of apps, websites, or services, how can you be sure you’re compliant?

Meeting COPPA Compliance with Dynepic playPORTAL

Dynepic is a new U.S.-based startup that helps developers easily create COPPA-compliant apps with their SDKs and playPORTAL studio tools. You can use their platform for other features, such as authentication and identity management, and push notifications, to name a few. The current version of playPORTAL uses REST API, which includes the following features:

  • Authorization
  • Profile
  • Friends
  • Application User Data
  • Images
  • Search
  • Notify

If you’ve ever worked with APIs, then you’re probably familiar with Postman’s complete API development environment. We really like that playPORTAL offers the  Postman collection, which you can easily import and test without extra work. They also offer API examples on swaggerhub, which is also nice.

You don’t need to communicate with the API directly, because playPORTAL currently has several SDKs for various languages. They plan to release more SDKs for easy implementation in any language you might use for building your app. Current SDKs include:

You can also use the web API directly instead of an SDK.

Developing an App With playPORTAL Studio

Dynepic provides an easy-to-use tutorial on the Github README page. The process is straightforward. Sign up for a free developer account at playPORTAL Studio, get verified, and create your app using the developer dashboard in playPORTAL Studio.

The dashboard is the main hub for the developers. Let’s just go briefly through some features it offers.

Brands – You can create brand which can be associated with your apps. Such brands can have “characters” or “mascots”. You can use these mascots as support contacts in your apps. Or for example they can play a role of “administrator” which the kids can contact ingame using a chat.

Apps – You can register your apps. Generate the necessary API keys and also configure the specific playPORTAL features for each of your apps.

Sandbox is very practical feature for development. You can test your app in a separate test environment from the production environment. You can create fictitious users with individual profiles and group them by account type, and set up elaborate friend connections to simulate real-life social network relationships, as shown in the screen capture below.

Data Browser –  With the API you can store data about your users directly in the platform. Which is the prefered way because you know the data are stored on the secured servers and you don’t need to worry about them. The data browser allows you to display these data.

The Analytics feature provides feedback about your app’s usage, including installation, user login, and active users, as shown in the screen capture below.

Making Your App COPPA-Compliant

The platform allows you to store all the data about your app users securely on its servers. And what is most important, it handles all the necessary things such as parental consent for you.

Building an App With an Android SDK

We decided to put the platform and the SDK to the test by building an Android application for notes. Generally speaking, the implementation of the SDK could not be easier. On top of that, the documentation is wide enough so you can easily copy the important code.

As the SDKs are hosted on JFrog bintray, so adding one to your app is as easy as copying four lines of code. After that, you need to configure the SDK to properly connect to playPORTAL using your keys. Doing so is just as easy as the first step; just use the correct function to configure playPORTAL manager, and replace the variables with your keys and URI:

manager.configure(id, sec, uri, "sandbox", name, (status) -> {
    if (manager.isAuthenticated() && manager.getUserData().hasUser()) {
        Intent intent = new Intent(this, MainApp.class);
        startActivity(intent);
        finish();
    }
});

Note: This is just an example snippet; refer to the SDK docs for the full code.

The last step is to create a way to log in to playPORTAL. The easiest way to do this is to create a button which will call Windows for login from the SDK:

public void onSignInClick(View v) {
    if (!manager.isAuthenticated()) {
        Intent myIntent = new Intent(this, MainApp.class);
        manager.showSSOLogin(myIntent);
    }
}

Now you can use all of the permissions scopes you added to your app in playPORTAL Studio. You will probably use the functions to display your profile data and picture in the app. If you use the friend list, for example, you will use the functions for getting profiles from all of your friends.

One really neat feature we used is the data store. You can save any objects in JSON format there, from progress in games, to notes in a notebook (which is also scenario we tried). Data can be saved and found under a key which is bound to them.

Conclusion

The thorough documentation made it easy to use the SDK. You can find the source code for our app here https://github.com/profiq/playportal-notes-android together with the README on how to set an app up, if you want to try to build it directly in your Android Studio.

While testing the platform we found only a few, very minor bugs, that were easily remedied. For example, the button is not hidden after exceeding some limit. This can be fixed by refreshing the web page. When testing this bug, we found exploit that lets you create an infinite amount of characters for your brand. We reported it to Dynepic team and they swiftly fixed the bugs in the next update. New updates also included new features and more are coming to the platform in the upcoming months.

Dynepic’s playPORTAL studio makes creating a COPPA-compliant app easy and fun. It builds in compliance, identity management, and data security, so you can focus on what’s most important—creating an awesome app or smart toy.

Petr Matej

Leave a Reply

Related articles