Following the launch of the new App Store privacy labels in December last year, Apple today published additional guidance for developers to better understand the information required for App Store privacy labels.
The new App Store privacy labels went live in December 2020, and the feature has been making some developers unhappy ever since, either because they don’t want to report the data they collect from users or because they don’t understand how to fill out the privacy report correctly.
With App Store privacy labels, developers are required to submit a full report on all the personal data they collect from users through an app, such as contacts, photos, financial information, location, browsing history, messages, and more. The feature is part of a number of privacy changes that came with iOS 14.
With today’s additional guidance, Apple clarifies for developers how they should fill out the privacy report if the app or game has web views, collects users’ IP addresses, or even offers multiplayer matches.
For example, apps with internal web views must declare all data that is collected via the web unless the app lets users browse the open internet. Apps that collect IP addresses are required to report what data they get from this information, such as precise location or device IDs. Apple also says that if an app only requests a specific data but does not store it or send it to third-party services, the developer doesn’t have to report that request.
According to a recent report from The Washington Post, there are several apps with false or inaccurate privacy report on the App Store. At the same time, Google has been avoiding updating its iOS apps after Apple began requiring App Store privacy labels, while Facebook has been criticizing Apple for imposing these and other guidelines on developers.
“Collect” refers to transmitting data off the device and storing it in a readable form for longer than the time it takes you and/or your third-party partners to service the request. For example, if an authentication token or IP address is sent on a server call and not retained, or if data is sent to your servers then immediately discarded after servicing the request, you do not need to disclose this in your answers in App Store Connect.
You can find the additional guide about App Store privacy labels on the Apple Developer website.