iOS app using a user account, do I need a privacy policy? - ios

Submitting my app soon and saw this in the guidelines:
17.4
Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must comply with applicable children's privacy statutes, and must include a privacy policy
17.5
Apps that include account registration or access a user’s existing account must include a privacy policy or they will be rejected
Sorry for posting this here, really not sure where else I can ask this but my app (a messaging app) asks users to select a username and a password and then the camera take a photograph of them to be used as a profile picture. It doesn't seem like I am really sharing personal information but I'm not sure after reading these guidelines...Do I need to include a privacy policy?

Without knowing more about your app, it sounds to me like you do need one.
17.4 implies that if you're collecting (e.g transmitting to a server) or sharing with other users that you need a privacy policy. For the photo if nothing else, edit I'm assuming the chat messages are stored on the server (at least temporarily) and transmitted also.
17.5 suggests any kind of registration (e.g for logging in to a server) also requires a privacy policy
edit
You're handling user's data - both chat messages and their profile photo, so I would interpret those rules as, yes you need one

EDIT : Regarding to comments on you question and my answer, you'll need one because you send the photo, and the photo can be face of the user.

Because of the photo, chat, and the user account, you must have a privacy policy. The minor stuff only matters if you're trying for a child rating.
A messaging app isn't going to be allowed a child rating anyway (content needs to be moderated), but let's pretend it could.
You'd have to ask the user their age in the app, and if they're underage, you'd have to use a parental gate in the app to limit access to features like uploading a photo. You simply cannot allow a minor to share a photo of themselves without parental consent.
The privacy policy can be in the store. It doesn't have to be in the app.

Related

Apple contact usage policy

I am building a native social app in Android and iOS
I am using contacts from users phonebook to determine if his target friends are on our app or not and send the events accordingly
I recently came across this news that Apple is banning apps to send contacts to the server, which is the backbone of my app in order to function
How should I approach this problem? How do apps like WhatsApp which sync contacts (whole phonebook) to their server manage through this?
Do I need apple review of the app to access phonebook permission?
From This article I quote
But the phone maker didn’t publicly mention updated App Store Review
Guidelines that now bar developers from making databases of address
book information they gather from iPhone users. Sharing and selling
that database with third parties is also now forbidden. And an app
can’t get a user’s contact list, say it’s being used for one thing,
and then use it for something else -- unless the developer gets
consent again. Anyone caught breaking the rules may be banned.
Since the question is quite general let's dive into it a bit.
Looking into the App Store Review Guidelines there are three places mentioning that users' contacts should not be collected.
First and second, users should not be forced to provide their address book in exchange for app functionality (paying with contacts; highlights were added, a similar phrase is used for app subscriptions):
Apps should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, […]
Third, uploading and/or storing contacts to/on a server has an impact on users' privacy and is prohibited for the following use-cases:
Do not use information from Contacts, Photos, or other APIs that access user data to build a contact database for your own use or for sale/distribution to third parties, and don’t collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing.
This does not exclude using contacts for creating a social graph for the benefit of your users. However, collecting all contacts might violate the principle of data minimization. So Instead of just uploading all contacts, Apple recommends to use a contact picker (see ContactsUI), where the app only gets access to the contacts the user selected:
Data Minimization: Apps should only request access to data relevant to the core functionality of the app and should only collect and use data that is required to accomplish the relevant task. Where possible, use the out-of-process picker or a share sheet rather than requesting full access to protected resources like Photos or Contacts.
The Art. 32 of the GDPR requires you to take the
[…] the state of the art, the costs of implementation and the nature, scope, context and purposes of processing […]
into account.
I think that the process has to be made transparent (as in comprehensibly explained to the user):
The user should have control over which contacts are used for discovery. All would be a valid choice – selected contacts (through the contact picker) or manually entering contact information (phone number, email – whatever is used for your contact discovery process) would be valid choices as well.
The app should function even if the user denies access to the contacts. In that case you can still offer a contact picker, or manual entering.
You must describe the process, including what information is used and for what purpose, in your privacy policy.
You should at least hash the processed values, as you do not need the actual phone numbers or email addresses for contact discovery and hashing comes without much effort and cost. However, be aware that hashing of personally identifiable information is not sufficient for "anonymising" these values – which is a common misconception.
For more advanced protection, you can take a look at the blog post by the authors of the Signal app, where they describe technical details on how they protect their contact discovery process.

User registration with mandatory Mobile Number

I'm creating an app that contains a registration form. If I make mobile number field mandatory then will there be any problem while uploading the app on the App Store or will there be any chances of app rejection? If yes, please explain why.
When you ask for any field mandatory. Then make sure that you are using that value in you app. If you are using that value for any purpose. Then there is no issue with apple Approval.
In my one of the app I have used mobile number in the same way you said(means for login of the user) that app get approved. But in another app where I get user's mobile number but not used any where in the app then that app get rejected. And I have to make that field as an optional.
I hope this will help you.
“Apple’s App Store Review Guidelines” clearly mentions that iOS apps that transmit personal information without consent and proper notification to users on how the information is used and where it will used will be rejected.
Privacy
17.1 Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used
17.2 Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
17.3 Apps may ask for date of birth (or use other age-gating mechanisms) only for the purpose of complying with applicable children’s privacy statutes, but must include some useful functionality or entertainment value regardless of the user’s age
17.4 Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must comply with applicable children’s privacy statutes, and must include a privacy policy
17.5 Apps that include account registration or access a user’s existing account must include a privacy policy or they will be rejected

Do I need a privacy policy?

I just finished a social app that has users create a username and password in order to have a friends list with very simple social features. In order for the user to see all the features of the app I do need the user to create an account (everything is free).
I don't require any personal information (email, address, etc.). So do I need to create a privacy policy, or a terms of use?
What is the minimum amount of legal stuff I need to do in order to get my app accepted by App review? Any advice or experience would be appreciated, thanks in advance.
It's required to have a Privacy Policy, when you are developing an app that deals with the following:
iOS apps targeted towards children under 13
Apps that link against HealthKit
Apps that link against HomeKit
Third party keyboards
Apple Pay
Subscriptions
login and registration
According to Apple's guidelines, you need a Privacy Policy if you want to access/use
User Data
Login/Signup
Apple Pay
HomeKit/HealthKit Framework
Keyboard Extensions
Contains auto-renewable/ Free Subscriptions
If your app appears in the Kids Category
You can find more details here.
For an app that requires an account you do need a privacy policy (see 17.5 below)
Depending on your features you should look at this rule from the iOS Store Review Guidelines:
Privacy
17.1 Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to
information about how and where the data will be used
17.2 Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
17.3 Apps may ask for date of birth (or use other age-gating mechanisms) only for the purpose of complying with applicable
children's privacy statutes, but must include some useful
functionality or entertainment value regardless of the user's age
17.4 Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos,
videos, drawings, the ability to chat, other personal data, or
persistent identifiers used in combination with any of the above) from
a minor must comply with applicable children's privacy statutes, and
must include a privacy policy
17.5 Apps that include account registration or access a user’s existing account must include a privacy policy or they will be
rejected
It seems at a minimum you could be collecting a list of the users friends and some unspecified social features. It can only help the user feel more secure to know that this information is either not collected or not shared…and if the user feels better than I imagine the app will be more successful. In fact, if you're not collecting any information then this is a potential selling point that you can highlight in a privacy policy.

Will apple reject my app for telling that they can register to the site?

I got my app rejected because it had a registration form that required too much information that the app never used. The simplest solution would be be to remove the registration and just let the user login inside the app (it can also be used without login but with less functionalities). What I was thinking was to remove the registration button and just add an UILabel where I tell the users that if they want to register they can visit the site (I won't provide a link for registration).
Does anyone know if my app is going to get rejected again just for telling the user to register on the site?
This is the reason Apple review team gave me:
17.2 Details
We noticed that your app requires users to register with personal
information. Apps cannot require users to enter personal information
that is not relevant to the app features.
We've attached screenshot(s) for your reference.
The screenshot was of the registration form that required some informations that weren't used inside the app.
The message in App Store Review Guidlines is quite clear:
Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
which, of course does not stop you from asking for it while letting the user register, however - you MUST have a good reason for it, like:
Apps may ask for date of birth (or use other age-gating mechanisms) only for the purpose of complying with applicable children's privacy statutes, but must include some useful functionality or entertainment value regardless of the user's age
OR
Apps that include account registration or access a user’s existing account must include a privacy policy or they will be rejected
So my guess is that they think your registration is slightly fishy. I would suggest really making sure that the reasons for collecting that personal information are very visible to the Apple reviewers. They probably thought that your reasons for collecting a lot of info from the user is unnecessary for what your app does.
My recommendation is - take out what you don't really need and justify why you need what you're asking your users for and let Apple know in the notes for the reviewer.

Do I need to ask users whether or not I can track them with Mixpanel events - iOS

I'm developing iOS app, friends of mine suggested me to use some tracking system, to find out how "really" people are using my app, analyze result. And pivot if needed.
I decked to use Mixpanel system. Do I need to to ask user about permission ? I just wonder that somebody could be offended by tracking. On the other hand data is anonymous.
What Apple says about tracking ?
Can I easily disable Mixpanels's track method (https://mixpanel.com/site_media/doctyl/uploads/iPhone-spec/Classes/Mixpanel/index.html#//apple_ref/occ/instm/Mixpanel/track:properties:) or I need to check some flags myself ?
PS:
I also have some doubts about the fact, that my app don't use network connection at all (besides buying in app purchases). And I wonder that user could be not aware that I track his behaviour and send it to the serwer (using network conneciton)
According to the App Store Review Guidelines, you may not transmit data about a user without permission:
17.1 Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used
There is even a more specific guideline regarding collection information on minors:
17.4 Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must comply with applicable children's privacy statutes, and must include a privacy policy
I suspect this isn't the case here, but if you include location information, you must request permission for that, too:
4.1 Apps that do not notify and obtain user consent before collecting, transmitting, or using location data will be rejected
Whether you can collect non-identifying information (e.g. anonymous app usage information), is less clear. If you collect anything, though, your app should disclose its privacy policy regarding both identifying and non-identifying information.

Resources