S1 Mobile Mapper Application for Android Privacy Policy

Thank you for reviewing the S1 Mobile Mapper for Android privacy statement. This application does not collect any personally identifiable information (PII). Here is how we handle usage and crash information when you use this application:

The application is used to collect, update and synchronize field data collected by agency personnel. This user generated content is stored in the application's data directory until it is synchronized or removed by the user. All transfers of content to/from the device are initiated solely by the user and never without the user's consent. The application can also be used by public user without an agency login to access publicly available maps to download for offline use.

Information Collected and Stored Automatically

This mobile application is built upon the ESRI Runtime SDK for Android and if accessing agency specific data, requires an ESRI ArcGIS for Organization account. For more information regarding ESRI's Privacy policy, see: http://www.esri.com/legal/privacy.

If secured agency feature services are accessed, separate agency specific active directory credentials will also be required. This information is securely stored within the application until the user executes the Switch User function in the applications Tools/Options menu or uninstalls the application.

The application will store:

1) Currently applied user defined settings 2) Current map layers 3) Last known map extent & GPS location 4) Current logged in user and agency until token expires.

Metrics reported for analytics purposes:

This application does use third party analytics (Google Analytics & Firebase Console) services that collect and aggregate information about the application's use metrics.

This analytics information is only used by the developers to improve the application's performance in future releases. We do not sell, share or give away any analytics information that is reported. We do not collect information for commercial marketing. We do not collect or aggregate any user collected field data in our analytics information.

1) Agency Organization logged into, 2) S1 Application version number, 3), device model, 4) Android Operating system version, 5) Application engagement time, 6) Application functions/tools used, 7) Application crash events & ANRs (application not responding), 8) general device location, 9) if the app is uninstalled

Privacy Impact Assessment

A privacy impact assessment (PIA) is an analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy, (ii) to determine the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronic information system, and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.

The E-Government Act requires federal agencies to conduct PIAs for electronic information systems and collections and, in general, make the assessment results publicly available.

No PII (personally identifiable information) is collected, stored or shared via the S1 Mobile mapper application. Usage information cannot be tied back to an individual user from the information collected. Since there is no PII collected, shared or stored by this application this information does not require any special considerations or protections to secure this information.

S1 Mobile Mapper for Android can use ESRI and Active Directory Credentials in order to authenticate users and their access to ArcGIS Online hosted services and agency services. Credentials are verified against ArcGIS Online using OAuth2 (https://developers.arcgis.com/documentation/core-concepts/security-and-authentication/). S1 does store and encrypt credentials locally on the device. However, password is never stored by the application. Using OAuth2 the server verifies credentials and passes back a token. This token is stored and encrypted with credentials locally. Username and token are protected via encryption and passwords are never stored. This ensures a secure system that cannot provide access even in the case where encrypted credentials are hacked. None of this information is transferred off the device by the developers or the user.

Comment Policies

If you have any comments or questions about the information presented here, please forward your concerns to the application developers.

Email: blm_or_s1mobiledevteam@blm.gov

Or provide feedback via our S1 Feedback Form