University of Delaware Mobile Developer Account Knowledge Base

Table of Contents:

Overview

Scope of Use

Restricted Use

Access Requests

Publishing and Maintenance 

Review and Updates

Responsibilities of a Lead Developer

Responsibilities of a Mobile Developer

Third Party Requirements

Contact

Overview

The University of Delaware maintains institutional developer accounts with Apple and Google to support the creation and maintenance of officially sponsored University mobile applications. These accounts are critical to ensuring compliance with branding, intellectual property, security, and platform terms of service.

This document references the standards for accessing and utilizing the University’s developer accounts, ensuring that app development efforts are aligned with the University’s mission and operational requirements.

Scope of Use

Access to the University's Apple and Google developer accounts is limited to official University applications that:

  • Are developed or maintained by university staff, faculty, or contracted vendors.

  • Are intended for broad and ongoing distribution to the University of Delaware community (students, faculty, staff, alumni, or the public).

  • Directly support the University’s academic, research, or administrative mission.

Restricted Use

The following activities are not permitted under the University's institutional developer accounts:

  • Publishing applications for coursework, Capstone projects, or student-led research that targets a limited or temporary audience.

  • Hosting apps that are experimental, short-lived, or specific to one class or study.

  • Use of accounts for personal, non-University purposes, or commercial apps.

To accomplish the above activities, students and student teams should use:

  • Personal Apple Developer Accounts (Apple Developer Program) - Annual fee applies.

  • Personal Google Play Developer Accounts (Google Play Console) - One-time registration fee.

Access Requests

Access to the University’s developer accounts may be granted to:

  • Full-time UD faculty and staff members with app development responsibilities.

  • Approved University vendors or contractors working on officially sponsored apps.

  • Departmental application teams through a Tech Request followed by a UDIT review.

To request access:

  1. Submit a technology request through TDX with the following information:

    1. Project description and purpose.

    2. Target audience.

    3. Sponsoring department.

    4. Duration of app lifecycle.

  2. UDIT and appropriate governance committees will evaluate:

    1. Alignment with UD’s mission.

    2. Branding and compliance requirements.

    3. Technical feasibility and security concerns.

    4. Contractual obligations, legal ramifications.

Publishing and Maintenance 

All apps published through UD accounts must:

  1. Meet requirements stipulated in the Institutional Mobile Development Standard.

  2. Be maintained to meet security and platform update requirements.

    1. Secure accounts with UD compliant authentication and authorization.

    2. Follow certificate and encryption management best practices.

      1. Apple

      2. Android

    3. Adhere to SDLC and secure coding best practices.

      1. Apple.

      2. Android

    4. Minimize permissions and data requested by the app.

  3. Use official UD branding consistent with university style guides.

  4. Adhere to accessibility and privacy policies.

  5. Be documented and tracked in a UDIT-maintained inventory.

  6. Engage necessary University stakeholders early and often. 

Review and Updates

  • To ensure applications are functional and up to date, Apple requires updates to applications every 90 days, and Android requires an annual update

  • Reflect changes to Apple and Google platform terms.

  • Adapt to emerging University needs and security practices.

  • Support responsible and sustainable mobile development.

Responsibilities of a Lead Developer

The responsibilities of a Lead developer include, but are not limited to:

  • Develop, implement, and maintain a system security plan (SSP) for all applications they are responsible for.

  • Implement application data environment protection. 

  • Maintain a change management process and document change management.

  • Ensure that applications that access the University’s network or university information document and receive authorization for application data access.

  • Meet all necessary application software security requirements in the DGSP.

Responsibilities of a Mobile Developer

The responsibilities of a mobile developer include, but are not limited to:

  • Attend all mandatory security training.

  • Continuously classify application data, and manage application data access.

  • Conduct peer code reviews.

  • Conduct change tests.

  • Implement data input validation.

  • Report all security events.

  • Comply with all applicable laws, UD and third party policies. 

Third Party Requirements

Codes of Conduct:

Apple: https://developer.apple.com/app-store/review/guidelines.

Google: https://play.google.com/about/developer-content-policy.

Contact

For questions or requests related to this KB or mobile application development, contact Information Security at it-grc@udel.edu.

Print Article