In my IOS application i am using google analytics, is it necessary to tell the app users that we using google analytics.
Is it necessary to show the google analytics primary policy in App.
Please help me.
From the App Store Review Guidelines
3.12 Apps should have all included URLs fully functional when you submit it for review, such as support and privacy policy URLs
In section 3.12: It specify that when you submit your application than you must have to include privacy policy URL. That does not mean that you need to show a separate page in application to show privacy policies.
Personally as a mobile user I have never seen privacy policy page of any analytics in application so far.
Also from Google Analytics Protocol SDK Policy you have to take care of following points.
Measurement Protocol / SDK / User ID Policy
All applications using the Measurement Protocol / SDKs / User ID must adhere to the following policies:
You must make sure you have the full rights to use this service, to upload data, and to use it with your Google Analytics account.
You will give your end users proper notice about the implementations and features of Google Analytics you use (e.g. notice about what data you will collect via Google Analytics, and whether this data can be connected to other data you have about the end user). You will either get consent from your end users, or provide them with the opportunity to opt-out from the implementations and features you use.
If you use an SDK to implement any Google Analytics Advertising Features, such as Audience Reporting or Remarketing, you will abide by the Policy for Google Analytics Advertising Features, in addition to the Google Play Developer Program Policies, or any other applicable policy.
You will not upload any data that allows Google to personally identify an individual (such as certain names, Social Security Numbers, email addresses, or any similar data), or data that permanently identifies a particular device (such as a unique device identifier if such an identifier cannot be reset), even in hashed form.
If you upload any data that allows Google to personally identify an individual, your Google Analytics account can be terminated, and you may lose your Google Analytics data.
Related
My website is a service site, it is separated with Parent company website
I want to use GG calendar API, so i access to https://console.cloud.google.com/apis to set required link.
But after that, i received below email.
I did not create a privacy policy page (because it's involved to with Parent company website).
Can i use privacy policy page on Parent companies'website to reference?
Please note that Google API Service:User Data Policy requires the following:
Your Privacy policy must be visible to users, hosted within the domain of your website, and linked to the OAuth Consent Screen on APIs & Services
on Google Cloud Console.
Your privacy policy and in-product privacy notifications must thoroughly disclose the manner in which your application accesses, uses, stores, or shares Google user data. Your use of Google user data must be limited to the practices explicitly disclosed in your published privacy policy.
Please make appropriate changes to the privacy policy and/or your app and reply back to us to move forward with the approval process.
When you set up the OAuth 2.0 consent screen for your app, it will look something similar to this:
If you look closely, the 4th element is represented by the app's privacy policy.
Therefore, if you have the necessary access and permissions in order to use them for your own application, it shouldn't be a problem in this sense.
Moreover, since you mentioned you are making use of the Calendar API, you might want to check the Sensitive and restricted scopes of this article here.
Reference
OAuth API verification FAQs.
I've implemented the GoogleSignIn, Firebase and Facebook in my app and I'm uncertain what the upcoming iOS 14 Tracking Transparency changes will mean.
One of the points Apple considers as reason for asking permission to track is:
Placing a third-party SDK in your app that combines user data from your app with user data from other developers’ apps to target advertising or measure advertising efficiency, even if you don’t use the SDK for these purposes. For example, using an analytics SDK that repurposes the data it collects from your app to enable targeted advertising in other developers’ apps.
So, how do I find out if Google or Facebook is actually tracking anything within their SDK that's not in our control?
Basically I wanna know if I need to disable the social login if users don't give permission to track.
So, how do I find out if Google or Facebook is actually tracking anything within their SDK that's not in our control?
They kind of provided this type of information in their documentations:
Firebase
Facebook
GoogleSignIn
Basically I wanna know if I need to disable the social login if users don't give permission to track.
Not neccessary, I believe the developers for sure are aware of these changes and working to keep their products functional even when users don't grant permission for tracking.
For example in Facebook documentation there's a note regarding login types and which of them directly requires user's permission:
There are two scenarios for applications that use Facebook Login via the Facebook SDK: Authenticated Sign Up or Sign In, and User Data Access via Permissions. For authentication, a unique, app-specific identifier tied to a user’s Facebook Account enables the user to sign in to your app. For Data Access, a user must explicitly grant your app permission to access data.
However just below this they add the following:
Note: Since Facebook Login is part of the Facebook SDK, we may collect other information referenced here when you use Facebook Login, depending on your settings.
Thus I don't think there's a general answer for this question because it really depends on the data your app requests or operates with either directly or via third party.
I made an app using firebase and I have implemented Google account based logIn system to my app because I thought it would good and also helps me for Firebase Invites but my app got rejected by the apple app review team and they are telling that I have to implement "significant account-specific functionality from Google".
My app is like a social networking app something similar to Facebook. Users in the app can invite friends, share content with friends to achieve this I used the Firebase features like real-time database, Storage, Firebase Invites etc... I really don't know what else I should implement to eligible for "significant account-specific functionality from Google."
I have sent an email for help but they haven't responded yet.
Using firebase is perfectly fine in iOS.
1.1 LEGAL: PRIVACY - DATA COLLECTION AND STORAGE - significant account-based features
Read section ii) https://developer.apple.com/app-store/review/guidelines/#data-collection-and-storage
If your core app functionality is not related to a specific social
network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must
provide access without a login or via another mechanism.
Since your app is not using any specific social network feature ( facebook,twitter - which demands a login ) you must allow users to provide functionality without login.
You might want to appeal to Appeal board with explanation why user must login in order to use the app ( give examples and screenshots of specific functionality which cannot be used without login ).
If your appeal is rejected you don't have any option but to redesign the app to follow what apple is suggesting. What we have done in past is provide a basic flow without login but once it reaches point where login is must we force user to login ( something like anonymous user).
After 3-4 rejections I found the solution for this problem. I have have implemented a feature called Firebase Invites and for that they must sign in with their Google Account.
According to Appstore guidelines we even can't use third party login for sending invitations. In that situation, I have convinced them that "with this Firebase Invites I can able to see my friends in my Google Account and send them invitations personally". With that answer (they called me by phone) it seems they have convinced and accepted my app.
I had the same rejection this week because I have a Facebook login.
My app was already live, and this is rejection for an update.
There is a change in their guideline. This is new on Sep 1, 2016:
If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or inviting friends to use the app are not considered core app functionality.
In essence, they are killing many apps that simply use social networks for single sign on.
A solution right now is to implement your own login account mechanism.
I built a private/secure web app in Rails and have some beta users on it. I would like to use some type of analytics to track concurrent users on the site, time on site, frequency, and what features/parts of the app they are using.
Google Analytics would be great but I am hesitant to use it because I'm not sure how private the information is and if it would compromise the security of my web app - passwords and other sensitive information is submitted via forms, stored in the database, and viewed by the users.
I'm curious what are other private, web-based apps using.
Thanks.
If you need details on how Google Analytics handle your data you should read the Google Privacy Center page.
The short answer is that I wouldn't worry about using Google Analytics in your app.
Let me share my findings before asking the question.
Google Places API documentation says:
"Note: To use the Google Places API you must first request a Maps API
client ID and cryptographic key which you must use to sign your
request URLs. For information on signing URL requests, please see the
URL Authentication documentation within the Web Service APIs home
page."
The Google Places API is still in developer preview.
http://code.google.com/apis/maps/documentation/places/
We need a Client ID (required) and a Signature (required) to use
the Google Places API.
http://code.google.com/apis/maps/documentation/webservices/index.html#URLSigning
And, to get the Signature, we need a Google Adsense account to get
Adsense publisher id (required).
http://gmaps-ws-console.appspot.com/
You can find the requirements to use the Google Places API here.
http://code.google.com/apis/maps/documentation/places/index.html#Requirements
The Signup page for Google Maps API suggest that, "Your service
must be freely accessible to end users. To use Google mapping
technology in other types of applications, please use Google Maps API
Premier. See this FAQ for more information."
http://code.google.com/intl/it-IT/apis/maps/signup.html
Now, here's what i want to know.
I'm planning on using Google Places API in my iOS application. I don't
want to use Adsense. Can i still access the Google Places API for
free? How?
If i can't access the Google Places API for free, what are the costs
associated with using this service, and the available payment models?
I wasn't able to find any particular resources for this information.
Here's a specific scenario. What if my iOS application is free. The
free version uses Google Places API. But... my iOS application has
some additional features which are exposed using In-app Purchase (paid
features). The paid features do not use Google Places API. Is this
acceptable?
We opened up the Google Places API to all developers this week at Google I/O and simplified the Terms and authentication:
http://googlegeodevelopers.blogspot.com/2011/05/places-everybody-show-is-about-to-begin.html
You no longer need to sign your requests, but instead just use a key obtained using the Google APIs console. An AdSense ID is no longer required, but you will need to go though a credit card based identity check in order to upgrade from 1,000 to 100,000 request per day.
You can use the Places API in mobile apps that are free or sold online through a mobile app store such as the Apple App Store or Android Market. For fee desktop apps however will require a Maps API Premier license which will be offered once the Places API graduates from Google Code Labs.
For information on getting started, see the docs:
http://code.google.com/apis/maps/documentation/places/
HTH,
Thor