iOS App Store rejection: Privacy Policy URL - ios

My app (version 1.13) was rejected last night from the Apple review team.
The reason:
Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing
Your app accesses user data from the device but does not have the required precautions in place.
To clarify, since your app accesses user contact data from the device you must have a Privacy Policy URL in the metadata and ensure that the URL you provide directs users to your privacy policy.Additionally, when the contacts access prompt is displayed, the usage string in your access request should clearly inform the user why and how their device contacts information is used.
My app is 2 years old and I have had no problems with any of the previous 13 versions - from 1.00 to 1.12. The changes were fixes in the database, navigation and widget code, as well as some miscellaneous bug fixes. In the info.plist file there is a text value under Privacy - Contact Using Description. This has been the case from the outset, i.e., since ver.1.00.
Moreover - the Pro version of this app, with the same interface and info.plist file (but without Ads serving) was approved two days ago!
I don't have Privacy policy URL - either in the app or in the iTunes app page.
So, as I understand, I have to include a Privacy policy URL.
And maybe I have to revise my text under the Privacy - Contact Using Description key in the app info.plist.
My first question is: should there be a link (URL) for the Privacy policy besides in the iTunes app page, in the app itself (somewhere in "About" section or in "Settings")?
My second question is: how detailed the text be keyed in Privacy - Contact Using Description in the plist? This shows when user starts the app for the first time and there are two choices: Don't allow / Allow . The current message is
".. this apps requests permission to access your contacts. If you do not allow, you will not use some of the functionality of this application."
Should I add more details here?
Edit: I don't collect user contacts, I don't upload user contacts on my servers or other servers. The app just searching for matches in the names in the contact list. Nothing more.

Here's what my problem solved:
I've edited the description in info.plist of how I use the address book if the user agrees. Added all details there.
In addition, I added a very detailed privacy policy (URL for the policy) in the details in iTunes page of the app.
No URL to the privacy policy somewhere in my app.
A few minutes ago Apple review team approved the new build of my app.

Related

App Tracking Transparency privacy checkboxes and app store release rejection

I keep getting my iOS app submission rejected by apple with the following message:
Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing
The app privacy information you provided in App Store Connect still
indicates you collect data in order to track the user, including User
ID and Product Interaction. However, you do not use App Tracking
Transparency to request the user's permission before tracking their
activity.
Starting with iOS 14.5, apps on the App Store need to receive the
user’s permission through the AppTrackingTransparency framework before
collecting data used to track them. This requirement protects the
privacy of App Store users.
Next Steps
Here are two ways to resolve this issue:
If you do not currently track, or decide to stop tracking, update your app privacy information in App Store Connect. You must have the
Account Holder or Admin role to update app privacy information.
If you track users, you must implement App Tracking Transparency and request permission before collecting data used to track. When you
resubmit, indicate in the Review Notes where the permission request is
located.
Resources
Tracking is linking data collected from your app with third-party data for advertising purposes, or sharing the collected data with a
data broker. Learn more about tracking.
See Frequently Asked Questions about the new requirements for apps that track users.
Learn more about designing appropriate permission requests.
I already updated my app not to use any IDFA calls (including all the facebook and other SDKs) https://developer.apple.com/documentation/adsupport/asidentifiermanager/1614151-advertisingidentifier
When I try to set the checkboxes in App Privacy section of the app they can't be completely uncheck (i.e. at least one of the options has to be selected) so I can't state that my app is no using device id even though the codebase doesn't make advertisingidentifier at all.
Does App Tracking Transparency really mean that we can't track anything, even user clicks on buttons and screen views???? If so that's insane!
The main issue is that I want to have a better user experience for my users by not showing them an unnecessary ATT prompt.
You need to do the following 2 things:
Update the Data Types section to remove the Device Id. You can find it on the top of the privacy section, then hit Edit, navigate through till the last Nexts and uncheck the Device Id
Update the User ID and Product Interaction sections to uncheck - No, we do not track the user. You can find it at the end of the privacy section, then hit Edit, navigate through till the lastNexts and uncheck the above-mentioned box.
Submit the app again for review.
We were facing same issue when we removed Tracking from application and NSUserTrackingUsageDescription key from app.
Our app was already live on store with tracking enabled. In new version we faced this issue. When app was rejected we just replied them that we are not using this anymore in our application so we removed tracking authentication popup. We also told them that we were not able to update in App privacy because live version have tracking enabled.
After that reply they approved.
Sample Answer to apple when we removed from existing app:
"we have removed NSUserTrackingUsageDescription and tracking from this version, so we also removed Tracking Permission Popup from this version. We tried to remove it from App Privacy, but we could not change the Privacy data types in the Appstore connect because the current live version does use that permission. Please review our request and approve our application submission"

App rejected from app store due to Privacy - Data Collection and Storage

I have submitted an app on Appstore.
The app got rejected and here is the Apple Response
We noticed that your app requires users to register or log in to access features that are not account-based.
To resolve this issue, please revise your app to let users freely access your app’s non-account-based features.
Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law.
You should allow users to freely access your app’s non-account-based features. For example, an e-commerce app should let users browse store offerings and other features that are not account-based before being asked to register, or a restaurant app should allow users to explore the menu before placing an order. Registration must then only be required for account-specific features, such as saving items for future reference or placing an order.
Please guide me to overcome this issue
You need to change in your app flow. User can view all features(like stores, restaurants) without login. User will enter his personal details only when it is necessary for particular feature.

Is privacy policy url is necessary for uploading app to app store

I am going to upload my first app to the app store before i submit i have some to ask so that i can avoid my app from rejection. First my app is not using any data from user , no permission required so is privacy policy URL is necessary to upload my app . secondly is it necessary to add app icon on prepare for submission page .
finally any helpful guideline so that i can avoid app rejection.
You should ask these kind of questions in other communities of StackExchange. StackOverflow is just for programming questions.
Yes it should provided. Also you must have terms and conditions and privacy policy inside your app somewhere reachable or it will be rejected.
App icon in appstore connect is necessary for prepare for submission and actual app icon is a need for not getting rejected.

5. 1.1 Legal: Privacy - Data Collection and Storage- InAppPurchase

My app is a social networking app and it cannot be functional without a user account. I gave the user the options to login with Facebook or Custom SignUp, and my app contains InAppPurchase. Apple rejected the app and here is what they said:
5. 1.1 Legal: Privacy - Data Collection and Storage
We noticed that your app requires users to register with personal information to purchase non account-based in-app purchase products,
which does not comply with the App Store Review Guidelines.
Apps cannot require user registration prior to allowing access to app
content and features that are not associated specifically to the
user.
To resolve this issue, please make it clear to the user that
registering will enable them to access the content from any of their
iOS devices and provide them a way to register at any time, if they
wish to later extend access to additional iOS devices.
Please note that although guideline 3.1.2 of the App Store Review
Guidelines requires an app to make subscription content available to
all the iOS devices owned by a single user, it is not appropriate to
force user registration to meet this requirement; such user
registration must be made optional.
Please help me with the issue,
Thanks in advance.

User registration with mandatory Mobile Number

I'm creating an app that contains a registration form. If I make mobile number field mandatory then will there be any problem while uploading the app on the App Store or will there be any chances of app rejection? If yes, please explain why.
When you ask for any field mandatory. Then make sure that you are using that value in you app. If you are using that value for any purpose. Then there is no issue with apple Approval.
In my one of the app I have used mobile number in the same way you said(means for login of the user) that app get approved. But in another app where I get user's mobile number but not used any where in the app then that app get rejected. And I have to make that field as an optional.
I hope this will help you.
“Apple’s App Store Review Guidelines” clearly mentions that iOS apps that transmit personal information without consent and proper notification to users on how the information is used and where it will used will be rejected.
Privacy
17.1 Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used
17.2 Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
17.3 Apps may ask for date of birth (or use other age-gating mechanisms) only for the purpose of complying with applicable children’s privacy statutes, but must include some useful functionality or entertainment value regardless of the user’s age
17.4 Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must comply with applicable children’s privacy statutes, and must include a privacy policy
17.5 Apps that include account registration or access a user’s existing account must include a privacy policy or they will be rejected

Resources