How Digital Products Protect Users From Disaster

Imagine you are a product manager building a digital product where users can interact with each other and post their own content. It can be anything, a dating app, online store, messenger or even a fitness app with social mechanics. What can potentially go wrong? Well, many things. For example: Catfishing, Scams, Unsolicited Images, Harassment, Abuse, Stalking, Data Leaks, Impersonation, Spam, and much more.

How will you make sure that your users have a safe and secure experience while using your product? And why product managers should care?

Importance of Privacy and Security Features

Threats can happen on every step of the user’s journey, including registration, login, and both in-product and real-life experiences, which we will review in this article. However, before we dive into examples of privacy and security features, let's talk about three main reasons why it is important to consider them from the beginning of the development of your new product or feature.

[01] Regulatory requirements

The first reason why you need to care about privacy and security features is regulatory requirements. Each market has its own set of regulations, so you need to review what applies to your markets. To put things into perspective, since GDPR came into effect in 2018, digital companies have been fined over 4 billion euros.

[02] Competitive advantage

The second reason, is that you can use privacy and security features for your product’ competitive advantage. People becoming more aware of the potential risks associated with using digital products. As a result, companies that prioritise these features can gain a competitive advantage and attract more users and customers to their product.

According to the 2022 McKinsey research on Digital Trust, 87% of respondents consider ethical and trusted reputation, as well as the amount of collected personal data, to be nearly as important as common purchase decision factors, such as cost (94%) and convenience (92%).

Here are a couple of examples of how privacy and security features were used as competitive advantage and even got their own ads.

• A 2-minute ad explaining how Badoo, a dating app, fights against unwanted images in their app:

• A WhatsApp ad about end-to-end encryption of users’ communication:

[03] Building Trust and Loyalty with your users

One negative incident can result in losing a user forever, and acquiring a new one can cost five to seven times more than retaining an existing one. This is why it is very important to ensure you have a great relationships with your existing users.

In the same 2022 McKinsey research on Digital Trust 40% of respondents stopped buying from a company either because they disagreed with its ethical principles or because they learned of a data breach.

By proactively preventing abuse and harassment and protecting users’ personal information you not only create a safer environment but also help to build trust and loyalty to your product which results in higher user retention and stickiness.

Each step of the user journey is an opportunity for your product to build trust with your users through demonstration of benevolence, integrity, and ability (the main fundamentals of trust).

How to Prioritise What to Build First

There are many different privacy and security features that can be added to digital products to build trust and loyalty with users. In this article, we will review some examples from successful products. However, before we will dive into it, let’s discuss how can you prioritise what to build first.

Here is my 3 steps framework which can help you to prepare your privacy and security roadmap, when working on a new product or a feature:

1. Consider how your product of feature can be misused

   1. Does the feature consider social interactions (meeting, selling, buying etc)?

   2. Will users be able to upload UGC (user generated content)?

      
      

2. Measure the associated risk

   1. What’s the rollout plan and how many users will be exposed to this feature?

   2. What media titles could arise about your products if this feature is misused?

      
      

3. Decide whether you want to be proactive or reactive in mitigating this risk

   1. If proactive – include privacy and security features into the roadmap, think about if you can use them into your Go-To-Market campaign
   2. If reactive – ensure that monitoring of the risk is in place.

Privacy and Security Features Throughout a User’s Journey

In this section, we will review the privacy and security features that successful products use to build trust and loyalty with their users throughout the user's journey.

Note: Based on the product nature various methods to ensure user privacy and security can be used. In this article, I will focus primarily on user-facing features that can help build trust between your product and its users. The list of features is not exhaustive and used as an example.

Registration and Onboarding

The registration and onboarding processes are the first touch points with your product. This is a chance to start building trust by sharing your product guidelines, being transparent about your data privacy policy, and providing users with security tips such as password policies and common scams to be aware of.

1. Password policies. By implementing password policies, app developers are demonstrating their commitment to protecting their users' personal information and keeping it out of the hands of cybercriminals. The best products not only implement such policies, but also make them easy for users to understand and incorporate.

   
   

   

   
   

2. Code of Conduct. A code of conduct is a powerful tool to build trust with users. It outlines your values and principles, and demonstrates your commitment to fairness, respect, and ethical behaviour when interacting with your company.

   
   

3. Privacy Information. Although privacy policies can be lengthy and dense, breaking them down into easily digestible sections can highlight the most important aspects to your users. This can build trust by demonstrating benevolence.

   
   

   

   
   

4. User Education. Offering guidance and educational materials during the registration process to inform users about best practices, online safety tips, and potential risks. This helps promote responsible and safe usage of the app.

   
   

   

Login

During the login process, it is crucial to ensure that users accounts are well-protected. Communicating the measures taken to protect user accounts can increase their confidence in the security of the product and generate greater trust leading to increased customer loyalty.

1. Two-Factor Authentication (2FA). 2FA adds an additional verification step, such as a unique code sent via SMS or generated by an authentication app, to log in to the app.

   
   

2. Account Lockouts. To prevent unauthorised access, some products automatically lock out user accounts after a certain number of failed login attempts.

   
   

   

   
   

3. Device Recognition. Apps can also have a device recognition technology to identify and flag unrecognised devices during login attempts. Users may be prompted for additional verification or receive notifications to verify the legitimacy of the login.

   
   

4. Login Activity Monitoring. Some apps keep a log of user login activity and display it to users. This enables users to review their recent logins, identify any suspicious activity, and take appropriate action if needed.

   
   

   

5. Account Recovery Flow. If the app has a login flow, it must have a secure account recovery process, allowing users to regain access to their accounts in case of forgotten passwords or compromised accounts. Sometimes it can involve identity verification and additional security measures.

   
   

6. Session Management. Some apps implement session timeouts to automatically log users out after a period of inactivity, reducing the risk of unauthorised access if a user leaves their device unattended.

In-product Experience

Once users register and log in, they start using your product. This is a great opportunity to build trust by showing support and proactively mitigating any risks that may arise.

1. User Verification. Some apps encourage (or sometimes require) users to undergo additional verification steps, such as identity verification or linking social media accounts, to increase trust between users.

   
   

   

   
   

2. Content and User Reporting. These tools are added to report, review, and monitor user-generated content within the product and other users. This helps prevent the display of inappropriate, offensive or harmful content and ensures a positive user experience.

   
   

   

   
   

3. Self-protection tools. For example, the ability to block, report, or mute other users to avoid unwanted interactions or features to hide inappropriate content.

   
   

   

   
   

   
   

4. Privacy Controls. Ability to customise privacy settings, including who can see their content or contact them, to maintain control over users’ personal information and interactions.

   
   

   

   
   

5. Safe Communication. To ensure safe communication (messaging, calls) apps add end-to-end encryption, anti-spam filters, and mechanisms to prevent the sharing of personal information or malicious links.

   
   

6. User Education and Safety Resources. Some apps provide in-app educational materials, safety tips, and resources to promote awareness of common scams, privacy settings, and best practices for online safety.

In-Real-Life Experience

Developing an app with social mechanics requires considering potential real-life interactions and the associated risks. While such interactions may not be the app's direct responsibility, any negative outcomes could harm the company's reputation. Educating users about safety measures and providing tools for risk mitigation demonstrates benevolence and builds trust.

1. User Reviews and Ratings. Some apps have a system where users can leave reviews and ratings for others based on their real-life interactions. This helps establish trust and provides transparency about other users' experiences.

   
   

   

   
   

2. Safe Meeting Guidelines. Provide users with guidelines on safe practices for meeting in person. This may include suggestions such as meeting in public places, informing a trusted friend or family member about the meeting, and exercising caution when sharing personal information.

   
   

   

   
   

3. Reporting and Emergency Assistance. Enable users to report any safety concerns or incidents that occur during real-life meetings.