Privacy is an increasingly important concern for mobile device users who want to have control over their personal data security and how it’s used by the apps they install. That’s why both Apple and Google have recently implemented changes in their privacy policies that impact app developers and owners. Adapting to these changes is necessary to meet the new requirements and avoid potential penalties or revenue losses.
Here, we will explain how do these changes apps and what measures can be taken to adapt to them and provide a better user experience regarding privacy.
Data security in iOS: Changes in Apple privacy policy
Apple has been one of the most proactive companies in protecting user privacy and data security, and has introduced several measures to limit tracking and data collection by apps. Some of the measures for Apple privacy policy include:
App Tracking Transparency (ATT)
Apps must request user permission to access the IDFA for ads and tracking. Since iOS 14.5, non-compliant apps risk rejection or losing IDFA access.
Data security though App Store Privacy Information
This is a section displayed on App Store product pages that shows the types of data an app may collect and whether it’s linked to the user’s identity or used for tracking. This section was introduced in December 2020, and developers are required to provide this information mandatorily to publish or update their apps on the App Store.
Hide My Email
This feature allows users to conceal their real email address when registering or logging into an app, using instead a randomly generated address provided by Apple that forwards messages to the actual address. This feature was introduced with the iOS 15 software update in September 2021, and apps offering the option to log in with Apple are required to implement it.
These measures aim to provide users with more transparency and control over their data, but they also pose a challenge for developers and app owners who must adapt their privacy practices and monetization and marketing strategies.
Data security in Android: Changes in Google privacy policy?
Google has also announced changes in its privacy policy to enhance the protection of Android device users, although with a different focus than Apple. Some of these changes include:
Restriction of permissions to access sensitive data
It is a measure that restricts apps’ access to sensitive data such as call and text message history, background location, the Advertising ID (AAID), and the unique device identifier (IMEI). This measure was announced in May 2021, and since then, apps that want to access this data must justify their use and obtain Google’s approval, in addition to requesting user permission. Apps that do not comply with this measure may be removed from Google Play or lose access to this data.
New Security and Privacy Policy for Google Play
This is an update to the Google Play policy that introduces new requirements for apps regarding security and privacy. This update was announced in July 2021, and since then, apps must comply with the following requirements:
1. Provide a privacy policy that explains what data they collect, how they use it, and with whom they share it. This policy must be easily accessible from the Google Play product page and within the app.
2. Declare the permissions for accessing sensitive data they request and justify their use, as well as inform users about how they can revoke these permissions at any time.
3. Use the latest versions of Google Play Services libraries and Android APIs, which offer enhanced security and privacy compared to earlier versions.
4. Implement appropriate security measures to protect user data, including encryption, authentication, and two-factor verification.
5. Respect users’ rights to request access, rectification, deletion, or data portability, as well as the right to object or withdraw consent for data processing.
Apps that do not comply with this policy may be rejected by Google Play or face penalties.
New Consent Management Requirements for Ads
Starting from January 16, 2024, apps must work with a Consent Management Platform (CMP) certified by Google when displaying ads to users in the EEA (European Economic Area) or the UK. Google conducts this assessment according to the criteria set by the Transparency and Consent Framework (TCF) of IAB.
What measures can be taken to adapt to the new privacy policies?
The changes in the privacy policies of Apple and Google pose a challenge for app developers and owners, but they also present an opportunity to enhance user trust and satisfaction. Users increasingly value privacy as a decision-making factor when installing and using an app. Some of the measures that can be taken to adapt to the new privacy policies include:
1. Review and update the app’s privacy policy.
The privacy policy is the document that explains what data the app collects, how it is used, and with whom it is shared, and it must be available and accessible to users. It is important to review and update the app’s privacy policy to ensure it complies with the new requirements from Apple and Google and reflects the app’s current privacy practices. Additionally, it is advisable to use clear and simple language, avoiding legal or technical terms that may confuse or discourage users.
2. Requesting user permission to access their data
Both Apple and Google require apps to request user permission before accessing their data, especially when it involves sensitive data or is used for tracking or advertising purposes. It’s important to request user permission in a clear and transparent manner, explaining the reason and the benefit of accessing their data, and respecting their decision to accept or decline the permission. Additionally, it’s advisable to provide users with the ability to revoke permission at any time and to modify their privacy preferences within the app. An example of a permission request to access the IDFA can be found here.
3. Optimize the app’s monetization and marketing strategies
Apple and Google’s privacy changes impact app monetization and marketing, especially for personalized ads. Adapting strategies and finding privacy-friendly alternatives is essential. Some alternatives to explore include:
- Using monetization models that don’t rely on user data, such as in-app purchases, subscriptions, or sponsorship.
- Using advertising platforms that comply with Apple and Google’s privacy standards, offering solutions to display contextual or targeted ads without using IDFA or AAID.
- Using analytics tools that comply with Apple and Google’s privacy regulations, offering solutions for measuring app performance without compromising user privacy.
4. Managing advertising through certified CMPs
Starting from January 16, 2024, advertising spaces launched using these platforms must use a CMP (Content Management Platform) certified by Google, with the prerequisite of having integrated the TCF (Transparency and Consent Framework). Therefore, you must ensure that you work with a CMP, or alternatively, you will need to certify your own CMP or find a certified one.
Data security conclusions
Ensuring privacy in apps is not just a requirement but an opportunity to build trust and enhance the user experience. Adapting to Apple and Google’s new policies from the start will help you avoid issues and stand out from the competition.
If you need help ensuring your app complies with all privacy and security regulations, contact our app development team and we will guide you wisely.
