Mobile Application Implementation Policy
Exceptions
- There are no predefined exceptions to the Mobile Application Implementation Policy.
- Exceptions will be made on a case-by-case basis.
To request an exception, please complete the IT Policy Exception Form.
Exception requests will be processed within 10 business days of receipt of the request. If an exception is created, the exception will be audited on an annual basis. The developer of the application or the contact for the third party developer must respond to the annual audit and verify that the exception is still required.
Changes to the exception may only be requested by the developer of the application or the contact for the third party developer.
Frequently Asked Questions
This policy applies to you if you are planning to develop or procure a mobile application that meets any one of the following criteria:
- Accesses data from or pushes data to a UNLV enterprise system
- Accesses or collects data that is protected by federal or state laws/regulations, or NSHE/UNLV regulations or policies
- Requires infrastructure services managed by UNLV
- Will be branded as a UNLV product
The policy also applies to you if you are hiring a vendor to assist in the development of a mobile application that meets the criteria above.
An enterprise system is a large-scale application software package that supports business processes, information flows, reporting, and data analytics in complex organizations.
Examples at UNLV include but are not limited to: student information system, human resources system, finance system, learning management system, identity management system, space management system, etc.
“Accessing data from” means using or displaying data from a UNLV enterprise system.
For example, the mobile application is designed to list all students enrolled in a particular class (e.g., SOC 101 Section 1001). The data would be pulled from UNLV’s student information system (i.e., MyUNLV).
“Push data to” means adding new data to, updating existing data in, or deleting data from a UNLV enterprise system.
For example, the mobile application is designed to take attendance in a particular class (e.g., SOC 101 Section 1001) and transfer the data to the learning management system (i.e., WebCampus).
The data likely to be used in a mobile application is the same type of data used in many other environments on campus (e.g., web page, within an application, in a paper document). If the data being used in a mobile application must be protected in any other environment it must meet the same level of protection in the mobile application.
The type of data protected by federal or state laws/regulations, or NSHE UNLV regulations or policies includes sensitive, personal information which is defined as:
Any information about the individual maintained by the university, including the following: (a) Education, financial transactions, medical history, and criminal or employment history; and, (b) Information that can be used to distinguish or trace the individual’s identity, including name, social security number, date and place of birth, mother’s maiden name, or biometric records. [38 USCS § 5727(19)] Sensitive, personal information does not include publicly available directory information that may be lawfully disclosed (Definition taken from Breach of Information Notification Policy available at: https://it.unlv.edu/policies/breach-information-notification-policy).
Mobile application using the following types of services provided by UNLV would be using infrastructure services managed by UNLV:
- Authentication services (e.g., ACE, MyUNLV login services, etc.)
- Data storage
- Database
- File services
- Web and/or application servers
Information about logos, colors, and other graphic identity standards is available on the university identity website at: http://www.unlv.edu/identity/.
Information about UNLV’s Licensing Program for commercial and non-commercial use is available on the university identity website at: https://www.unlv.edu/identity/licensing. The UNLV Licensing Program ensures the control and proper presentation of the UNLV brand and protects the appropriate use of those trademarks, service marks, logos, and insignias that have come to be associated with the university.
All applications developed or purchased for use at UNLV must be designed to protect the confidentiality, integrity, and availability of university data and the privacy of members of the university community as well as the users of the application.
A number of precautions must be taken to minimize the impact of the vulnerabilities associated with mobile applications. These include but are not limited to:
- Access to any potentially sensitive information requires authentication that meets UNLV password standards.
- All potentially sensitive, personal information must be encrypted in transit and when cached for use on the mobile device.
- Any downloaded data must be protected against access by other programs.
- No sensitive data should be stored on the mobile device once the application is terminated.
- Applications must not expose location information without the explicit consent of the user.
More information on the special security vulnerabilities mobile applications and the devices upon which they reside is available in the security section of the Procedures to Accompany the Mobile Application Implementation Policy.
To deploy an app through the Apple App Store, you must participate through the Apple Development Program. Details can be found in the App Distribution Guide.
UNLV does maintain an Apple Development Program membership. If you wish to use the UNLV ADP membership please contact the Mobile Applications Group at mobileappsgroup@unlv.edu.
For information about having your app listed on the UNLV Mobile App page, please contact the Mobile Applications Group at mobileappsgroup@unlv.edu.
This policy applies to you if you are planning to develop or procure a mobile application that meets any one of the following criteria:
- Accesses data from or pushes data to a UNLV enterprise system
- Accesses or collects data that is protected by federal or state laws/regulations, or NSHE/UNLV regulations or policies
- Requires infrastructure services managed by UNLV
- Will be branded as a UNLV product
The policy also applies to you if you are hiring a vendor to assist in the development of a mobile application that meets the criteria above.
An enterprise system is a large-scale application software package that supports business processes, information flows, reporting, and data analytics in complex organizations.
Examples at UNLV include but are not limited to: student information system, human resources system, finance system, learning management system, identity management system, space management system, etc.
“Accessing data from” means using or displaying data from a UNLV enterprise system.
For example, the mobile application is designed to list all students enrolled in a particular class (e.g., SOC 101 Section 1001). The data would be pulled from UNLV’s student information system (i.e., MyUNLV).
“Push data to” means adding new data to, updating existing data in, or deleting data from a UNLV enterprise system.
For example, the mobile application is designed to take attendance in a particular class (e.g., SOC 101 Section 1001) and transfer the data to the learning management system (i.e., WebCampus).
The data likely to be used in a mobile application is the same type of data used in many other environments on campus (e.g., web page, within an application, in a paper document). If the data being used in a mobile application must be protected in any other environment it must meet the same level of protection in the mobile application.
The type of data protected by federal or state laws/regulations, or NSHE UNLV regulations or policies includes sensitive, personal information which is defined as:
Any information about the individual maintained by the university, including the following: (a) Education, financial transactions, medical history, and criminal or employment history; and, (b) Information that can be used to distinguish or trace the individual’s identity, including name, social security number, date and place of birth, mother’s maiden name, or biometric records. [38 USCS § 5727(19)] Sensitive, personal information does not include publicly available directory information that may be lawfully disclosed (Definition taken from Breach of Information Notification Policy available at: https://it.unlv.edu/policies/breach-information-notification-policy).
Mobile application using the following types of services provided by UNLV would be using infrastructure services managed by UNLV:
- Authentication services (e.g., ACE, MyUNLV login services, etc.)
- Data storage
- Database
- File services
- Web and/or application servers
Information about logos, colors, and other graphic identity standards is available on the university identity website at: http://www.unlv.edu/identity/.
Information about UNLV’s Licensing Program for commercial and non-commercial use is available on the university identity website at: https://www.unlv.edu/identity/licensing. The UNLV Licensing Program ensures the control and proper presentation of the UNLV brand and protects the appropriate use of those trademarks, service marks, logos, and insignias that have come to be associated with the university.
All applications developed or purchased for use at UNLV must be designed to protect the confidentiality, integrity, and availability of university data and the privacy of members of the university community as well as the users of the application.
A number of precautions must be taken to minimize the impact of the vulnerabilities associated with mobile applications. These include but are not limited to:
- Access to any potentially sensitive information requires authentication that meets UNLV password standards.
- All potentially sensitive, personal information must be encrypted in transit and when cached for use on the mobile device.
- Any downloaded data must be protected against access by other programs.
- No sensitive data should be stored on the mobile device once the application is terminated.
- Applications must not expose location information without the explicit consent of the user.
More information on the special security vulnerabilities mobile applications and the devices upon which they reside is available in the security section of the Procedures to Accompany the Mobile Application Implementation Policy.
To deploy an app through the Apple App Store, you must participate through the Apple Development Program. Details can be found in the App Distribution Guide.
UNLV does maintain an Apple Development Program membership. If you wish to use the UNLV ADP membership please contact the Mobile Applications Group at mobileappsgroup@unlv.edu.
For information about having your app listed on the UNLV Mobile App page, please contact the Mobile Applications Group at mobileappsgroup@unlv.edu.