Apple intentionally designs their products to protect users’ privacy. They’re continually working on new ways to keep personal information safe. So, it’s no surprise that they have introduced a new requirement for developers with apps on the App Store: soon, you must provide information on your app’s data collection practices, including data sent to third-party partners integrated into your app.
Once provided by developers, users can view data linked to them or used to track them on the app’s product page:
This information will be required to submit new apps and app updates to the App Store, starting on December 8, 2020. Since this deadline is close to the holidays and given the App Store shuts down around the holidays each year, the Ionic team recommends responding to the privacy questions and submitting a new app update as soon as possible.
Do I Need to Disclose My App’s Data Collection?
If your app collects data in any way, and it’s transmitted off of the device and stored somewhere for long-term access, you’ll likely need to disclose it. This includes third-party partners such as analytics tools, advertising networks, third-party SDKs, or other external vendors whose code you’ve added to your app.
There are some exceptions, but given the complexity of Apple’s privacy rules, it’s best to refer to the App Privacy Details page to make the right decision for your app.
Native Plugin Data Collection
In addition to reviewing the data collected from the web (user interface) portion of the code (forms that users fill out, for example), it’s essential to audit all native plugins in use.
Here’s a sampling of the types of data you need to report on and the relevant Capacitor/Cordova plugins. Please review this post for the complete list of data types that you need to report.
|Heath and Fitness||Health and medical data||Health Kit, Health|
|Location||The location of a user or device via longitude and latitude||Geolocation|
|Contacts||List of contacts in the user’s phone||Enterprise Contacts, Community Contacts|
|User Content||Photos, videos, audio recording||Camera|
|Usage Data||Production interaction such as app launches, taps/clicks, and advertising data.||Admob, Google Analytics, Google Analytics for Firebase|
|Diagnostics||Crash logs, performance data (launch time, energy use)||Firebase Crashlytics, Sentry|
How to answer app privacy questions
After reviewing your app’s code and data collection practices, specify the app’s privacy practices through the multi-step questionnaire in App Store Connect.
Sign in to App Store Connect, then select the app to view. In the sidebar, select App Privacy. In the Getting Started dialog that appears, indicate whether you collect data in the app. Naturally, if the answer is “no,” then there’s nothing more to do. If “yes,” there’s more to do.
On the next screen, review each data type, toggling the ones that your app collects:
Next, click into each data type you selected, then indicate how it’s used. This includes advertising, analytics, app functionality, and more:
Next, indicate if the data collected is linked to the user’s identity (account, device, or details). If “yes,” then a Tracking questionnaire begins. “Tracking” is defined differently based on the data type, so read carefully then answer:
After you’ve finished answering all questions for each data type, a summary is displayed. Click Publish to publish your responses to your app’s product page.
Set your app privacy settings now
Although the deadline is looming, it’s fortunate that explaining your data handling practices in App Store Connect is straightforward. Most of the work upfront involves reviewing your app’s code, tools, SDKs, and third-party integrations to determine how they collect user data. Once that’s done, periodically update the privacy settings as the app evolves over time. Your users will appreciate the increased transparency around how you’re collecting and using their data.
Set your app privacy settings within App Store Connect now.