I just finished a social app that has users create a username and password in order to have a friends list with very simple social features. In order for the user to see all the features of the app I do need the user to create an account (everything is free).
I don't require any personal information (email, address, etc.). So do I need to create a privacy policy, or a terms of use?
What is the minimum amount of legal stuff I need to do in order to get my app accepted by App review? Any advice or experience would be appreciated, thanks in advance.
It's required to have a Privacy Policy, when you are developing an app that deals with the following:
iOS apps targeted towards children under 13
Apps that link against HealthKit
Apps that link against HomeKit
Third party keyboards
Apple Pay
Subscriptions
login and registration
According to Apple's guidelines, you need a Privacy Policy if you want to access/use
User Data
Login/Signup
Apple Pay
HomeKit/HealthKit Framework
Keyboard Extensions
Contains auto-renewable/ Free Subscriptions
If your app appears in the Kids Category
You can find more details here.
For an app that requires an account you do need a privacy policy (see 17.5 below)
Depending on your features you should look at this rule from the iOS Store Review Guidelines:
Privacy
17.1 Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to
information about how and where the data will be used
17.2 Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
17.3 Apps may ask for date of birth (or use other age-gating mechanisms) only for the purpose of complying with applicable
children's privacy statutes, but must include some useful
functionality or entertainment value regardless of the user's age
17.4 Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos,
videos, drawings, the ability to chat, other personal data, or
persistent identifiers used in combination with any of the above) from
a minor must comply with applicable children's privacy statutes, and
must include a privacy policy
17.5 Apps that include account registration or access a user’s existing account must include a privacy policy or they will be
rejected
It seems at a minimum you could be collecting a list of the users friends and some unspecified social features. It can only help the user feel more secure to know that this information is either not collected or not shared…and if the user feels better than I imagine the app will be more successful. In fact, if you're not collecting any information then this is a potential selling point that you can highlight in a privacy policy.
Related
I have submitted an app on Appstore.
The app got rejected and here is the Apple Response
We noticed that your app requires users to register or log in to access features that are not account-based.
To resolve this issue, please revise your app to let users freely access your app’s non-account-based features.
Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law.
You should allow users to freely access your app’s non-account-based features. For example, an e-commerce app should let users browse store offerings and other features that are not account-based before being asked to register, or a restaurant app should allow users to explore the menu before placing an order. Registration must then only be required for account-specific features, such as saving items for future reference or placing an order.
Please guide me to overcome this issue
You need to change in your app flow. User can view all features(like stores, restaurants) without login. User will enter his personal details only when it is necessary for particular feature.
We use a third-party analytics library in our app. I'd like to automatically opt users out of these analytics if they have the Privacy > Analytics > Share With App Developers switch turned off.
I understand that this is only for opting users out of Apple forwarding on the analytics they collect, but I feel the intention is clear: that the user doesn't want the developer to receive analytics, no matter the source.
Is there an API to check for this setting or is the only option to re-prompt the user in the app as to whether they want to send analytics?
For that matter is there a way to detect if the user has opted out of all analytics? The intention is less clear here as the description specifically says "Help Apple improve" but again it feels a little weird to prompt the user to send analytics if they've opted out at this level.
Is there an API to check for this setting or is the only option to re-prompt the user in the app as to whether they want to send analytics?
No, Apple doesn't share any information related to user privacy.
Firstly I think that we, all the developers, need these Analytics, User Engagement & Crash Logs.
Having said that no App/Developer should ever violate the rights of user.
There comes Apple Privacy Policy to get user permission for Apple App Analytics to be sent to the App Developers enrolled in Apple Developer Program. But that's just Apple taking care of their legalities. As a developer, we should abide by the legal policies of our Company and abide by the App Store policies and policies of any third party libraries we are using in our app.
For example:
Your App/Company must have a Privacy Policy page & Terms & Condition Page which you give to Apple in the iTunesConnect before uploading the App. So, when the user is downloading the App, he/she has to agree to them.
You are using Crashlytics in your app. You should abide by https://firebase.google.com/terms/crashlytics.
Reference for more reading: How to make your App's privacy policy complaint to data protection and privacy laws
I'm creating an app that contains a registration form. If I make mobile number field mandatory then will there be any problem while uploading the app on the App Store or will there be any chances of app rejection? If yes, please explain why.
When you ask for any field mandatory. Then make sure that you are using that value in you app. If you are using that value for any purpose. Then there is no issue with apple Approval.
In my one of the app I have used mobile number in the same way you said(means for login of the user) that app get approved. But in another app where I get user's mobile number but not used any where in the app then that app get rejected. And I have to make that field as an optional.
I hope this will help you.
“Apple’s App Store Review Guidelines” clearly mentions that iOS apps that transmit personal information without consent and proper notification to users on how the information is used and where it will used will be rejected.
Privacy
17.1 Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used
17.2 Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
17.3 Apps may ask for date of birth (or use other age-gating mechanisms) only for the purpose of complying with applicable children’s privacy statutes, but must include some useful functionality or entertainment value regardless of the user’s age
17.4 Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must comply with applicable children’s privacy statutes, and must include a privacy policy
17.5 Apps that include account registration or access a user’s existing account must include a privacy policy or they will be rejected
Submitting my app soon and saw this in the guidelines:
17.4
Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must comply with applicable children's privacy statutes, and must include a privacy policy
17.5
Apps that include account registration or access a user’s existing account must include a privacy policy or they will be rejected
Sorry for posting this here, really not sure where else I can ask this but my app (a messaging app) asks users to select a username and a password and then the camera take a photograph of them to be used as a profile picture. It doesn't seem like I am really sharing personal information but I'm not sure after reading these guidelines...Do I need to include a privacy policy?
Without knowing more about your app, it sounds to me like you do need one.
17.4 implies that if you're collecting (e.g transmitting to a server) or sharing with other users that you need a privacy policy. For the photo if nothing else, edit I'm assuming the chat messages are stored on the server (at least temporarily) and transmitted also.
17.5 suggests any kind of registration (e.g for logging in to a server) also requires a privacy policy
edit
You're handling user's data - both chat messages and their profile photo, so I would interpret those rules as, yes you need one
EDIT : Regarding to comments on you question and my answer, you'll need one because you send the photo, and the photo can be face of the user.
Because of the photo, chat, and the user account, you must have a privacy policy. The minor stuff only matters if you're trying for a child rating.
A messaging app isn't going to be allowed a child rating anyway (content needs to be moderated), but let's pretend it could.
You'd have to ask the user their age in the app, and if they're underage, you'd have to use a parental gate in the app to limit access to features like uploading a photo. You simply cannot allow a minor to share a photo of themselves without parental consent.
The privacy policy can be in the store. It doesn't have to be in the app.
I'm developing iOS app, friends of mine suggested me to use some tracking system, to find out how "really" people are using my app, analyze result. And pivot if needed.
I decked to use Mixpanel system. Do I need to to ask user about permission ? I just wonder that somebody could be offended by tracking. On the other hand data is anonymous.
What Apple says about tracking ?
Can I easily disable Mixpanels's track method (https://mixpanel.com/site_media/doctyl/uploads/iPhone-spec/Classes/Mixpanel/index.html#//apple_ref/occ/instm/Mixpanel/track:properties:) or I need to check some flags myself ?
PS:
I also have some doubts about the fact, that my app don't use network connection at all (besides buying in app purchases). And I wonder that user could be not aware that I track his behaviour and send it to the serwer (using network conneciton)
According to the App Store Review Guidelines, you may not transmit data about a user without permission:
17.1 Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used
There is even a more specific guideline regarding collection information on minors:
17.4 Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must comply with applicable children's privacy statutes, and must include a privacy policy
I suspect this isn't the case here, but if you include location information, you must request permission for that, too:
4.1 Apps that do not notify and obtain user consent before collecting, transmitting, or using location data will be rejected
Whether you can collect non-identifying information (e.g. anonymous app usage information), is less clear. If you collect anything, though, your app should disclose its privacy policy regarding both identifying and non-identifying information.