Would you ever code an app that does something like scrape someone's phone for contacts? And how do you feel about selling user data or analytics?
What lengths do you go to protect user data from a software perspective?
I'd only do so if permission was requested and full disclosure provided first from/to the user. I'd expect most users to decline [it should be opt-in, not opt-out] Software that is 'free' or ad-free may use this as a revenue source but it should not be a hidden 'fee'
If I am given a project at work, which requires me to do so, I will. However, I am working for a big corporation, so they at least have to uphold some regulations, like GDPR (which they do!) So it's quite simple for me to accept such tasks.
Would I do so for a freelancing job? Maybe, depends on the exact requirements. As long as the application honors the user's choice and informs them, I will scrap for personal data. I will not support shady business dealing with personal data, though. I do not want people to scrap my data without my consent, so I will not do that to others. Of course, the client will find someone else, who is willing to get the job done, which is sad.
Protecting data is important for me, and I will try to tick off all measurements on the ASVS (or any equivalent) list.
Todd
Software Security TechLead
No, in fact, I'm probably going to be coding apps that look for apps that scrape and block them. :P
Seriously though, privacy and security are huge to me so I would not do this. One of the cool parts about working in security is I generally am doing things to help protect people's privacy and data rather then collect it.