Here is what developers must share in Apple’s App privacy labels
Apple has published detailed notes detailing the privacy-related information it will require developers to share with potential customers in order to sell software via its App Stores.
App Privacy Nutrition Labels
Apple cares about privacy and is engaged in an international struggle against the practise of unconstrained surveillance capitalism. Within this struggle it is insisting developers provide detailed data concerning the information they take from customers and how they intend to make use of it.
It is calling the way it plans to share this info App Privacy ‘Nutrition Labels’. The concept is that anyone downloading an app should understand how that app manages their privacy before they install it.
What Apple says
“Later this year, the App Store will help users understand an app’s privacy practices before they download the app on any Apple platform. On each app’s product page, users can learn about some of the data types the app may collect and whether that data is linked to them or used to track them. You’ll need to provide information about your app’s privacy practices, including the practices of third-party partners whose code you integrate into your app, in App Store Connect. This information will be required to submit new apps and app updates to the App Store starting December 8, 2020.”
What information is required?
Apple’s newly-published list details all the information it permits developers to collect. It also describes the following purposes for the collection of such data.
Data use categories
Such as displaying third-party ads in your app, or sharing data with entities who display third-party ads
Developer’s Advertising or Marketing
Such as displaying first-party ads in your app, sending marketing communications directly to your users, or sharing data with entities who will display your ads
Using data to evaluate user behavior, including to understand the effectiveness of existing product features, plan new features, or measure audience size or characteristics
Customizing what the user sees, such as a list of recommended products, posts, or suggestions
Such as to authenticate the user, enable features, prevent fraud, implement security measures, ensure server up-time, minimize app crashes, improve scalability and performance, or perform customer support
Any other purposes not listed
Within the above parameters, Apple developers must assign each of the following data practises. The idea is that not only do you know what data is collected, but you also have some idea of how that information is going to be used.
Such as first or last name
Including but not limited to a hashed email address
Including but not limited to a hashed phone number
Such as home address, physical address, or mailing address
Other User Contact Info
Any other information that can be used to contact the user outside the app
Health and Fitness
Health Health and medical data, including but not limited to data from the Clinical Health Records API, HealthKit API, MovementDisorderAPIs, or health-related human subject research or any other user provided health or medical data
Fitness Fitness and exercise data, including but not limited to the Motion and Fitness API
Such as form of payment, payment card number, or bank account number. If your app uses a payment service, the payment information is entered outside your app, and you as the developer never have access to the payment information, it is not collected and does not need to be disclosed.
Such as credit score
Other Financial Info
Such as salary, income, assets, debts, or any other financial information
Information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places
Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services
Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data
Such as a list of contacts in the user’s phone, address book, or social graph
Emails or Text Messages
Including subject line, sender, recipients, and contents of the email or message
Photos or Videos
The user’s photos or videos
The user’s voice or sound recordings
Such as user-generated content in-game
Data generated by the user during a customer support request
Other User Content
Any other user-generated content
Information about content the user has viewed that is not part of the app, such as websites
Search History Information about searches performed in the app
User ID Such as screen name, handle, account ID, assigned user ID, customer number, or other user- or account-level ID that can be used to identify a particular user or account
Such as the device’s advertising identifier, or other device-level ID
An account’s or individual’s purchases or purchase tendencies
Such as app launches, taps, clicks, scrolling information, music listening data, video views, saved place in a game, video, or song, or other information about how the user interacts with the app
Such as information about the advertisements the user has seen
Other Usage Data
Any other data about user activity in the app
Such as crash logs
Such as launch time, hang rate, or energy use
Other Diagnostic Data
Any other data collected for the purposes of measuring technical diagnostics related to the app
Other Data Types
Any other data types not mentioned
If an app wants access to information that has nothing to do with the core usage of that app, don’t install it.