What are App Store privacy labels and what are the key factors you need to know so you can check if an app is safe to use? In December, Apple mandated privacy labels for all apps on its App Store. These new labels look to bring more transparency on the type of data collection each app engages in. These new labels are now live under almost every listed app on the App Store under the section called App Privacy. It essentially gives you clarity on the kind of data i.e. purchases, location, contact info, search history, etc that the app may be handling.
What are privacy labels?
Apple updated App Store policies to help users better understand an app’s privacy practices before they download the app on any Apple platform. On each app’s product page, users can learn about some of the data types an app may collect, and whether that data is linked to them or used to track them. This information can be found on the every app listing under the App Privacy section. Data is categorised into purchases, location, contact info, contacts, user content, search history, identifiers, usage data, diagnostics, and more.
This section gives you clarity on why the data is collected. It lets you know whether the app is collecting data for third-party advertising, developer’s advertising or marketing, analytics, product personalisation, improve app functionality, or other purposes.
Where can you find the new feature?
Unfortunately, the App Store privacy labels are not very easy to discover. Users who aren’t aware of the change may not even notice it, as it sits below sections like Screenshots, Description, What’s New, and Ratings and Reviews.
However, it is helpful in a time when concerns around data collection have become increasingly important. And while Apple is taking these details from the developers and not checking them independently, it has said that developers who are reported by the community for not admitting to the data collected will face consequences.
What do these labels contain?
This new App Privacy section will contain the name of the developer and a list of all the data that may be collected or linked to you and the data that is used to track you. For instance, Facebook is listed to use your contact information like physical address, email address, name, phone number and identifiers like User ID and Device ID to track you across apps and websites owned by other companies.
Users can click on the ‘See Details‘ option in the corner of the App Privacy section to see a more detailed breakdown of all of the data that is used and collected by any app.
Types of data have been categorised below:
- Contact Info – name, email address, phone number, physical address, other user contact info.
- Health and fitness – Health and medical data, including but not limited to data from the Clinical Health Records API, HealthKit API, MovementDisorderAPIs, or health-related human subject research or any other user provided health or medical data. Fitness and exercise data, including but not limited to the Motion and Fitness API.
- Financial info – Payment information like payment card number or bank account number, credit score, salary, income, assets, debts, or any other financial information.
- Location – precise location and coarse location.
- Sensitive info – Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data.
- Contacts – Such as a list of contacts in the user’s phone, address book, or social graph.
- User Content – emails or text messages, photos or videos, audio data, gameplay content, customer support, other user content.
- Browsing History – Information about content the user has viewed that is not part of the app, such as websites.
- Search History – Information about searches performed in the app.
- Identifiers – User ID such as screen name, handle, account ID, assigned user ID, customer number, or other user- or account-level ID that can be used to identify a particular user or account. Device ID such as the device’s advertising identifier, or other device-level ID.
- Purchases – An account’s or individual’s purchases or purchase tendencies
- Usage Data – product interaction such as app launches, taps, clicks, scrolling information, music listening data, video views, saved place in a game, video, or song, or other information about how the user interacts with the app. Advertising data such as information about the advertisements the user has seen.
- Diagnostics – Crash data such as crash logs, performance data such as launch time, hang rate, or energy use, and other diagnostic data collected for the purposes of measuring technical diagnostics related to the app.
- Other Data Types – Any other data types not mentioned.
Data usage has been segmented into different purposes:
- Third-Party Advertising – Data used displaying third-party ads in your app, or sharing data with entities who display third-party ads.
- Developer’s Advertising or Marketing – Data used for displaying first-party ads in your app, sending marketing communications directly to your users, or sharing data with entities who will display your ads.
- Analytics – Using data to evaluate user behavior, including to understand the effectiveness of existing product features, plan new features, or measure audience size or characteristics.
- Product Personalisation – Customising what the user sees, such as a list of recommended products, posts, or suggestions.
- App Functionality – Data used to authenticate the user, enable features, prevent fraud, implement security measures, ensure server up-time, minimize app crashes, improve scalability and performance, or perform customer support.
- Other Purposes – Any other purposes not listed.
What do developers have to do?
Because of this new mandate, app developers are required to submit privacy information when submitting new apps or app updates to the App Store. Some data is optional to disclose if it meets specific criteria, such as certain data from health research apps and regulated financial services. If account holders and admins need help in entering these responses in App Store Connect, they can learn the basics from this Apple Support page.
A total breakdown on types of data to help developers compare them to the data collection practices in their app can be found here. Developers are also advised to share a public link of their privacy policy. Apple also notes that admins can update their answers at any time without resubmitting the app or going through App Review.