Just how “nutritious” is your app, or those that you use?
If you’re an iOS developer you’ve likely been working on updating your app to become compliant with Apple’s new App Store Privacy Label requirements. These labels appear reminiscent of nutritional labels on food and aim to hold developers accountable for their data practices while giving consumers more information on how their data is used. They’ve been applauded by privacy advocates. On Monday, December 12th, the developer’s compliance prep period expired; Apple updated the App Store with the release of iOS 14.3 and began placing these labels. If you’re a consumer, policy expert, or non-iOS developer, however, what do they do?
What, Where, Who?
What Are These Labels?
Consumers have long decried the legalese of the “terms and conditions” required by businesses for use of the software or service. Much of the detail on what data an application collects, and how, is embedded there. Most users, however, don’t read them. Apple is looking to solve this conundrum by offering at-a-glance information on each app on its App Store listings.
When announced at Apple’s annual WWDC event in June 2020, the labels were originally described as “Nutrition Labels” for apps, and appear visually reminiscent of food nutrition labels. These labels will detail how an application collects and uses data gathered from the end-user. For most users, inputted data will fall along common-sense lines. The labels will also detail data that users may not have known was being collected or was disputed, however. More on both of these later.
Where Can I Find These Labels?
A primary label card is placed directly below the app’s download option in the App Store. Here is Zoom’s (because 2020) privacy label on the App Store.
Additionally, you can tap or click on that card for more information.
Who Must Submit A Privacy Label?
Every developer who publishes on any of Apple’s App Stores, watchOS, tvOS, macOS, iOS, or iPadOS, after December 8th must submit the correct information. Apple’s note:
“This reporting of privacy practices is part of the application submission process for all developers and the same question should be answered by every app developer, including Apple, worldwide.”
Some apps, however, collect no data, what about these? You may be surprised to learn that very few apps collect no data. Even so, they will be required to fill out the form, in order for Apple to provide a label. Like the aforementioned nutrition label analogy, every app will include a label, if only to champion that it does nothing.
Further Questions
Developers and geeks, we’ve noticed that some of your questions haven’t been covered as extensively in other outlets, so let’s answer some here.
What Is Data Anyways?
Not every business or government defines “data” in exactly the same way. Take a further in-depth look at the CCPA in California or GDPR in the European Union to see how governments have tried, and arguably failed, to define data and privacy, then to legislate around that definition. Apple is attempting to define data and privacy in a uniform way for iOS, primarily for consumer trust and benefit. Suffice to say, this is a lengthy and debated topic. The issue is that it is not only a debate for a more general definition of data but also many sub-debates, each dependent on the kind of data in the first place. User-inputted data, location services, health data, implied data, and much more. First, Apple lists three main categories for applications to detail in their label:
-
Data that is being used to track you.
-
Data associated with you.
-
Data not associated with you.
Apple then further breaks this down into eight additional kinds:
-
Contact
-
Health and Fitness
-
Financial
-
Purchase History
-
Location
-
Browsing History
-
Sensitive (sexual preferences, religion, political leanings, etc.)
-
Usage Statistics
Broadly speaking, these data types receive common-sense definitions from Apple and are consumer-friendly. If you’d like a further dissection of these categories, Gizmodo has a detailed breakdown of each type of data.
Do I Need To Disclose Data Collected By My Partners Or Services?
Yes. In Apple’s own words:
”You need to identify all of the data you or your third-party partners collect, unless the data meets all of the criteria for optional disclosure listed below.”
Data gathered by Apple that your application may have access to, however, is not required for disclosure. Neither is the optional data listed below.
Are Any Data Types Optional?
Yes. On its privacy page, Apple specifically notes several different types of data that are optional for disclosure.
-
Data that is not held after any service of function is completed.
-
Regulated Financial Services and Health Research do not necessarily need to disclose their collection of information.
-
Any data your app collects from Apple frameworks or services, such as MapKit, CloudKit, or App Analytics, Apple recommends you disclose what data you collect and how you use it. You do not, however, need to disclose any data collected by Apple.
-
Additionally, with data gathered from user-input fields, such as voice recordings, notes, etc, Apple recommends you use the “Other User Content” when submitting your app.
Does This Change iOS Privacy Rules?
Apple has stated that the privacy labels only serve a transparency and consumer awareness function. They don’t/won’t affect any of the current iOS or App Store privacy rules, at least not directly. It is likely safe to expect the labels to update as iOS standards change with each iteration.
The Honor System (And Noncompliance)
Apple has stated that the labels will rely primarily on self-reporting and that any detected inaccuracy however will not result in the immediate removal of your app. Apple has relayed this week that:
“We will rely on self-reporting, this works well for a number of things, like Age Ratings. If we come to hear or understand that there might be inaccuracy, we will reach out to that developer to try and understand if there is an inaccuracy.”
Apple then later clarified in an article with Gadgets 360 on whether any automated action would be taken against any determined inaccuracies. Non-compliance with the initial preparatory period or failure to rectify any inaccuracies will result in the removal of the app from the App Store.
Will Apple’s Apps Also Show Privacy Labels?
Yes. Any Apple-made app that is available from the App Store will include a label like any other. OS-level applications, such as Messages or Safari, will also receive privacy labels, however, these will live on Apple’s website.
Will The Google Play Store And Others Follow Suit?
While none of Apple’s competitors have commented, much less committed to doing so, Apple’s Craig Federigi did state during an interview with Fast Company that he hopes others will copy Apple’s approach.
“This is one category where if they want to copy some of our best ideas toward improving user privacy— we embrac
e that.”
Moving Forward
Developers, if you have been following consumer data best practices, these labels (and what’s in yours) likely won’t come as a surprise to you or your customers. We recommend that all developers closely read Apple’s updated Developer agreements and carefully consider how to most accurately represent your application’s functionality.
