Privacy is a hot topic in the tech space. Users are slowly becoming vigilant about the use of their data for a whole host of reasons. This concern about user data has been bubbling up for many years now. Every major platform has faced pressure from users for greater transparency about data collection and sharing.
Creating websites was already easy with the likes of WordPress. With the help of tools like AppMySite, it is easy to create an iOS app as well using a free online app maker without coding. Development is thus no longer a challenge. Areas like data privacy are much more important for the long-term goals of a company.
The iOS 14 update made serious headway in addressing key privacy policy concerns of modern-day users. The rollout of nutrition labels on the Apple App Store this month marks a significant milestone in the move towards greater data transparency.
What are nutrition labels?
Nutrition labels are now a part of every app listing on the Apple App Store. These labels essentially tell users how an app will collect, store, and share their data.
The information about the usage and sharing of data will be provided by developers during iOS app submission.
Why is this important? Developers generally didn’t have to explicitly show their use of user data on the Apple App Store. This move forces developers to provide information about their data tracking, collection, and sharing while submitting their app on the App Store.
For example, if you have a WordPress app on the Apple App Store, you will now have to share information on all your data collection practices. This information would then be presented in the form of nutrition labels on your App Store listing.
There are three main labels Apple users will see on the App Store landing page of every iOS app. These labels are covered in the following sections.
#1 – Data used to track you
This label will point to the exact data points the app uses to track your movement across other websites and apps.
This data is generally collected from third-party websites and apps. Some of the personalized ads you see while using mobile apps and websites generally comes from this category.
Different apps use different data sets to track users.
#2 – Data linked to you
This label covers all the data sets linked to your profile and identity. This typically includes basic contact info provided by the user such as an email address and phone number or the device ID. Some apps may use a wide range of data sets to specifically link to a user such as search preferences and browsing history.
You will also have to provide info on all the data third-party services connected to your app collect. These data sets are directly linked to the specific identity of the user.
#3 – Data not linked to you
This label covers all the data that is not linked to your profile and identity. A mobile app can also add data sets to this label only if it strips away any identifier anonymizing data.
All data sets under this label are collected without any particular reference to a specific user. Since no identifier is used to track the data sets under this label, the information gathered cannot be linked to the identity of a user.
If an app lists a data set under this label, it has to remove any identifier in its iOS build.
How will iOS app submission change?
Information for these new nutrition labels will be provided by developers during the app submission process. Developers will have to answer a series of questions related to their usage of user data. Apple will automatically create nutrition labels based on the info provided by developers.
The main questions most app companies will have is this – what type of questions will they have to answer?
The pre-requisites
Before you start answering privacy related questions while submitting your app, here are some things to keep in mind –
- Identify all the data you collect. This also includes crucial data your third-party partners collect through your mobile app.
- Your privacy policy must meet the general privacy guidelines of the Apple App Store.
- You must provide accurate answers to the questions posed during your app submission.
While the second and third points are self-explanatory, the first point is much more far-reaching. Apple basically wants developers to do a full accounting of their data collection practices. This is not just restricted to iPhone data alone. Developers have to disclose the data they collect from all Apple devices such as iPads, iWatch, Mac, and more.
Many app companies use app analytics tools as well to track user behaviour. This is simply done to understand different cohorts of users on a deeper level. Many new features and updates we see come out every other month. These rollouts are a result of careful app analytics that dives deep into the preferences and pain points of app users in general.
Many of the analytics tools are third-party data trackers. Developers have to provide information about them as well.
How much information do apps have to disclose?
The spectrum of information app companies have to disclose is wide-ranging. This is why Apple first asks users to do a thorough audit of all the user data they collect.
It is easier to classify all data into two categories – data that has to be disclosed mandatorily and data that is optional to disclose.
Let’s first cover data covered under optional disclosure.
Optional disclosure
The following points cover all data that is optional to disclose-
- Any data that is not used for tracking purposes is optional to disclose. Data used for tracking purposes generally cookie data that is shared with third-party advertisers and data brokers. If your app doesn’t share information with third-party advertisers and data brokers, the information you collect is covered under optional disclosure.
- Any data collected infrequently that is not part of your app’s primary functioning. This generally covers customer service requests and feedback from users.
- Data that is provided by the user directly, generally through a submission form. This may include the user’s name and account ID. The user has to positively submit the data knowing the information being provided to the app.
- Data not used for third-party advertising and marketing.
App companies can skip over disclosing data sets that meet all the aforementioned criteria. If not, they have to disclose the data and how they use every speck of information collected.
There are other exceptions related to data disclosure as well. This includes data collected by apps providing regulated financial services or collecting data for health research studies. Apps do not need to disclose the data they collect in such exceptional cases.
Data types
During iOS app submission, developers will have to select the type of data they collect on their mobile apps. Apple has categorized app data into various different categories. These are listed in the table below –
|
Contact info |
|
|
Name |
Name of the user. |
|
Email ID |
The email ID of the user. Includes hashed email address as well |
|
Phone No. |
The contact number of the user. Includes hashed mobile number as well |
|
Address |
Can refer to home, office, or any other type of address the end user provides |
|
Other contact info |
Refers to other contact information collected from the user. |
|
Financial Data |
|
|
Payment details |
Covers the payment details users enter when using a mobile app. If you use a third-party payment gateway which enables users to enter payment info outside the app, you do not have to disclose any data. |
|
Credit information |
Refers to credit score and other associated data. |
|
Other financial info |
Refers to data regarding the income, financial assets, outstanding loans, and more. |
|
Health and Fitness |
|
|
Health |
Refers to health and medical data, including but not limited to Health Kit API, Clinical Health Records API, Movement Disorder APIs or research data related to a health study. |
|
Fitness |
Including but not limited to Motion and Fitness API |
|
Sensitive info |
|
|
Sensitive info |
Sensitive data of a user such as race, sexual orientation, disability, political choices, biometric data, and more. |
|
Location data |
|
|
Precise |
The location data of a user described with the same or greater precision than normal latitudes and longitudes within three decimal places or more. |
|
Coarse |
The location data of a user described with less precision than latitudes and longitudes. |
|
User content |
|
|
Email or text messages |
Info related to the subject title, sender, recipient, and the contents of an email or text message |
|
Photos or videos |
The photos and videos on the device of a user. |
|
Gameplay content |
The content a user generates while playing a game. |
|
Audio data |
The sound recording of a user. |
|
Customer support |
The content generated when a user when raising a support request. |
|
Other user content data |
Any other content users generate when using a mobile app. |
|
Contacts |
|
|
Contact data |
The contact list of the user. Also includes address book and social graphs. |
|
Search history |
|
|
Search history |
The searches a user triggers while using an app. |
|
Browsing history |
|
|
Browsing history |
The content a user views while not using the app. |
|
Identifiers |
|
|
User ID |
Can include profile ID, account name, handle, customer number, or a range of other designations used to anonymize a user. |
|
Device ID |
Info on device-specific identifiers such as advertising identifier and more. |
|
Usage data |
|
|
Advertising data |
The ads a user has seen while using the app. |
|
Product interaction |
The different ways a user interacts with the app. It covers simple actions like an app launch to more extensive data collection covering user scrolling data. |
|
Other usage data |
Info on other activities a user performs within the app. |
|
Purchases |
|
|
Purchase history |
The purchasing history and tendency of a user. |
|
Diagnostics |
|
|
Crash |
Refers chiefly to crash logs collected by developers. |
|
Performance |
Refers to launch speed, battery usage, hanging durations, and more. |
|
Other diagnostic data |
Other diagnostic data collected to measure the technical performance of the app. |
|
Other data |
|
|
Other forms of data collected |
Refers to other forms of data collected that are not accurately described in the table above. |
Users have to select the type of data they collect from the classifications covered above. When disclosing any type of data, developers have to additionally explain the specific purpose of collecting a given dataset.
Purpose of collecting data
Developers have to spell out why they’re collecting every type of data they disclose. The options a developer can select when specifying data use are listed in the following table.
|
Data use |
|
|
Developer’s advertising or marketing |
Displaying your own ads within the app, sending marketing information to your users, or sharing info with other parties responsible for running the app’s ad and marketing campaigns. |
|
Third-party advertising |
Displaying third-party ads in your app or sharing data with platforms that publish external ads on your app. |
|
Product personalization |
Customizing various parts of an app based on user preferences. |
|
App functionality |
Can include various app-related functions like user authentication, crash management, improving performance, and more. |
|
Analytics |
Analyzing user behaviour to study the performance and effectiveness of existing app features as well as the existence of new ones. |
|
Other purposes |
Other types of data use not covered in the table above. |
You will also have to specify which nutrition label it belongs to while selecting the data type. There are three nutrition labels you can list a data set under – data used to track you, data linked to you, and data not linked to you. The information you enter will essentially populate the nutrition labels that will be displayed on your App Store listing.
How should app companies approach this challenge?
This push for privacy won’t thrill every app company out there. Many companies depend on data collection to improve their app, run ads for monetization, and deploy app marketing campaigns. While Apple is not exactly stopping companies from collecting data, it is asking them to come clean.
Companies are right to feel nervous about losing users once they come clean on their data collection practices. There are two ways of dealing with this challenge. The first way is to disclose all the necessary information. You can furthermore speak to your users directly about why you collect data and cushion any possible app churn you get due to privacy concerns.
The second way is to remodel your app in a way that you don’t need to collect data intensively. This is much more challenging and naturally more desirable. If you can grow your app business without collecting copious amounts of data, you’re ready to thrive in the world of data transparency and trust.
How can you remodel your app to not depend on data collection? There is no one-fix solution to deal with this challenge. You will have to look at the benefit every speck of data collected brings to your mobile app. Then, look for alternatives for each. This will help you figure out a way to find app success without a lot of data collection.
In conclusion
Creating Android apps and iOS apps has been easy for many years now thanks to tools like AppMySite. Anyone can create an app from a website and bring a premium app to the market.
Development is thus no longer a challenge. Other areas that previously seemed unimportant are now crucial. App and data privacy is one of them.
This piece sheds light on the new nutrition labels on the Apple App Store. These labels will bring significant change to the way developers submit iOS apps. The best way to deal with this change is completing a full audit of all the data you collect on your app and classifying it based on type and use.
