apple-ios-logo-store

Apple intentionally designs their products to protect users’ privacy. They’re continually working on new ways to keep personal information safe. So, it’s no surprise that they have introduced a new requirement for developers with apps on the App Store: soon, you must provide information on your app’s data collection practices, including data sent to third-party partners integrated into your app.

Once provided by developers, users can view data linked to them or used to track them on the app’s product page:

app-privacy-settings-in-app-store

This information will be required to submit new apps and app updates to the App Store, starting on December 8, 2020. Since this deadline is close to the holidays and given the App Store shuts down around the holidays each year, the Ionic team recommends responding to the privacy questions and submitting a new app update as soon as possible.

Do I Need to Disclose My App’s Data Collection?

If your app collects data in any way, and it’s transmitted off of the device and stored somewhere for long-term access, you’ll likely need to disclose it. This includes third-party partners such as analytics tools, advertising networks, third-party SDKs, or other external vendors whose code you’ve added to your app.

There are some exceptions, but given the complexity of Apple’s privacy rules, it’s best to refer to the App Privacy Details page to make the right decision for your app.

Native Plugin Data Collection

In addition to reviewing the data collected from the web (user interface) portion of the code (forms that users fill out, for example), it’s essential to audit all native plugins in use.

Here’s a sampling of the types of data you need to report on and the relevant Capacitor/Cordova plugins. Please review this post for the complete list of data types that you need to report.

Data Type Description Plugin(s)
Heath and Fitness Health and medical data Health Kit, Health
Location The location of a user or device via longitude and latitude Geolocation
Contacts List of contacts in the user’s phone Enterprise Contacts, Community Contacts
User Content Photos, videos, audio recording Camera
Usage Data Production interaction such as app launches, taps/clicks, and advertising data. Admob, Google Analytics, Google Analytics for Firebase
Diagnostics Crash logs, performance data (launch time, energy use) Firebase Crashlytics, Sentry

How to answer app privacy questions

After reviewing your app’s code and data collection practices, specify the app’s privacy practices through the multi-step questionnaire in App Store Connect.

Sign in to App Store Connect, then select the app to view. In the sidebar, select App Privacy. In the Getting Started dialog that appears, indicate whether you collect data in the app. Naturally, if the answer is “no,” then there’s nothing more to do. If “yes,” there’s more to do.

privacy-data-collection

On the next screen, review each data type, toggling the ones that your app collects:

privacy-collection-details

Next, click into each data type you selected, then indicate how it’s used. This includes advertising, analytics, app functionality, and more:

privacy-precise-location

Next, indicate if the data collected is linked to the user’s identity (account, device, or details). If “yes,” then a Tracking questionnaire begins. “Tracking” is defined differently based on the data type, so read carefully then answer:

privacy-location-tracking

After you’ve finished answering all questions for each data type, a summary is displayed. Click Publish to publish your responses to your app’s product page.

privacy-product-page-preview

Set your app privacy settings now

Although the deadline is looming, it’s fortunate that explaining your data handling practices in App Store Connect is straightforward. Most of the work upfront involves reviewing your app’s code, tools, SDKs, and third-party integrations to determine how they collect user data. Once that’s done, periodically update the privacy settings as the app evolves over time. Your users will appreciate the increased transparency around how you’re collecting and using their data.

Set your app privacy settings within App Store Connect now.

Signup for the Ionic Newsletter to get the latest news and updates!

Notable Replies

  1. Hello Matt,

    Capacitor contains default code for location,
    I have an app that doesn’t use location, how can I delete this code? because I’m afraid Apple will reject my app due to the default description in the info.plist

  2. Capacitor 3 will move each core plugin into separate packages. For now, you can edit the info.plist to remove that permission.

Join the discussion on the Ionic Forum

1 more reply

Participants