Apps on the Apple App Store — including iPhone, iPad, and Mac — will have to display the data types they may collect, and whether that data is linked to users or used to track them, among other things, starting from December 8. App developers will also have to provide information about their app’s privacy practices, including the practices of third-party partners whose codes they use in their apps, according to Apple’s developer site. Both new apps and updates to pre-existing apps will have to conform to this.
Developers will have to follow a self-reporting mechanism, and will first have to answer basic privacy-related questions about their app on the App Store Connect, a web-based tool for managing apps on the App Store. The questions will be about the the types of data that an app or its third-party partners collect from the app before answering the questions in App Store Connect.
However, there is a catch — declaring an app’s privacy practises is solely controlled by the developer, and it isn’t clear whether Apple will verify if a developer has made honest disclosures. “You’re responsible for keeping your responses accurate and up to date. If your practices change, update your responses in App Store Connect. You may update your answers at any time, and you do not need to submit an app update in order to change your answers,” Apple said on its developers page. A number of misleading apps have often found their way to the App Store in the past.
Disclosures that have to be made by developers: Apple has labelled data sets depending on the types of data an app collects. For instance, if an app collects a person’s email, phone number, or physical address, then they have to disclose to the user on their App Store page itself that the app will collect their contact information. Similarly, if an app collects information such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data, then they will have to let a user know that the app will collect their sensitive data.
Developers will also need to identify whether each type of data collected by their app is linked to a user’s identity, either by their own app, or by their third-party partners. Apple said that data collected from an app is often linked to the user’s identity, unless specific privacy protections are put in place before collection to de-identify or anonymise.
From a visual perspective, after a developer makes these disclosures, their app’s home page on the App Store will show details like the data an app uses to track them, data that is linked to them, and even data that is not linked to them:
There are exceptions: If an app collects data that is not used for tracking purposes, or third-party advertising, among others, then it is up to the developer whether they want to disclose that to the user or not. “Examples of data that may not need to be disclosed include data collected in optional feedback forms or customer service requests that are unrelated to the primary purpose of the app and meet the other criteria above,” Apple said.
Apple delayed a privacy protecting feature on iOS 14 which had Facebook worried
This feature was originally announced as part of iOS 14, Apple’s operating system for 2020 for its iPhones and iPads. However, when the software update was rolled out to users, the feature wasn’t immediately available then. Apple had also said that with iOS 14, apps will have to seek explicit consent from users before they can track them across services — Facebook is particularly worried about this update, but Apple has delayed its implementation until next year.