Privacy is an increasingly important concern for mobile device users who want to have control over their personal data and how it’s used by the apps they install. That’s why both Apple and Google have recently implemented changes in their privacy policies that impact app developers and owners. Adapting to these changes is necessary to meet the new requirements and avoid potential penalties or revenue losses.
In this post, we will explain what these changes entail, how they affect apps, and what measures can be taken to adapt to them and provide a better user experience in terms of privacy.
What changes has Apple introduced in its privacy policy?
Apple has been one of the most proactive companies in protecting user privacy and has introduced several measures to limit tracking and data collection by apps. Some of these measures include:
App Tracking Transparency (ATT)
This feature requires apps to request user permission before accessing the Identifier for Advertisers (IDFA) on their devices, which is used for displaying personalized ads and measuring campaign performance. This feature was launched with the iOS 14.5 software update in April 2021, and since then, apps that do not implement it can be rejected from the App Store or lose access to the IDFA.
App Store Privacy Information
This is a section displayed on App Store product pages that shows the types of data an app may collect and whether it’s linked to the user’s identity or used for tracking. This section was introduced in December 2020, and developers are required to provide this information mandatorily to publish or update their apps on the App Store.
Hide My Email
This feature allows users to conceal their real email address when registering or logging into an app, using instead a randomly generated address provided by Apple that forwards messages to the actual address. This feature was introduced with the iOS 15 software update in September 2021, and apps offering the option to log in with Apple are required to implement it.
These measures aim to provide users with more transparency and control over their data, but they also pose a challenge for developers and app owners who must adapt their privacy practices and monetization and marketing strategies.
What changes has Google introduced in its privacy policy?
Google has also announced changes in its privacy policy to enhance the protection of Android device users, although with a different focus than Apple. Some of these changes include:
Restriction of permissions to access sensitive data
It is a measure that restricts apps’ access to sensitive data such as call and text message history, background location, the Advertising ID (AAID), and the unique device identifier (IMEI). This measure was announced in May 2021, and since then, apps that want to access this data must justify their use and obtain Google’s approval, in addition to requesting user permission. Apps that do not comply with this measure may be removed from Google Play or lose access to this data.
New Security and Privacy Policy for Google Play
This is an update to the Google Play policy that introduces new requirements for apps regarding security and privacy. This update was announced in July 2021, and since then, apps must comply with the following requirements:
1. Provide a privacy policy that explains what data they collect, how they use it, and with whom they share it. This policy must be easily accessible from the Google Play product page and within the app.
2. Declare the permissions for accessing sensitive data they request and justify their use, as well as inform users about how they can revoke these permissions at any time.
3. Use the latest versions of Google Play Services libraries and Android APIs, which offer enhanced security and privacy compared to earlier versions.
4. Implement appropriate security measures to protect user data, including encryption, authentication, and two-factor verification.
5. Respect users’ rights to request access, rectification, deletion, or data portability, as well as the right to object or withdraw consent for data processing.
Apps that do not comply with this policy may be rejected by Google Play or face penalties.
New Consent Management Requirements for Ads
Starting from January 16, 2024, apps must work with a Consent Management Platform (CMP) certified by Google when displaying ads to users in the EEA (European Economic Area) or the UK. Google conducts this assessment according to the criteria set by the Transparency and Consent Framework (TCF) of IAB.
What measures can be taken to adapt to the new privacy policies?
The changes in the privacy policies of Apple and Google pose a challenge for app developers and owners, but they also present an opportunity to enhance user trust and satisfaction. Users increasingly value privacy as a decision-making factor when installing and using an app. Some of the measures that can be taken to adapt to the new privacy policies include:
1. Review and update the app’s privacy policy.
The privacy policy is the document that explains what data the app collects, how it is used, and with whom it is shared, and it must be available and accessible to users. It is important to review and update the app’s privacy policy to ensure it complies with the new requirements from Apple and Google and reflects the app’s current privacy practices. Additionally, it is advisable to use clear and simple language, avoiding legal or technical terms that may confuse or discourage users.
2. Requesting user permission to access their data
Both Apple and Google require apps to request user permission before accessing their data, especially when it involves sensitive data or is used for tracking or advertising purposes. It’s important to request user permission in a clear and transparent manner, explaining the reason and the benefit of accessing their data, and respecting their decision to accept or decline the permission. Additionally, it’s advisable to provide users with the ability to revoke permission at any time and to modify their privacy preferences within the app. An example of a permission request to access the IDFA can be found here.
3. Optimize the app’s monetization and marketing strategies
The changes in the privacy policies of Apple and Google can affect the app’s monetization and marketing strategies, especially if they rely on using user data to display personalized ads or measure campaign performance. It’s important to optimize the app’s monetization and marketing strategies to adapt to the new conditions and seek alternatives that respect users’ privacy and provide added value. Some alternatives to explore include:
- Using monetization models that don’t rely on user data, such as in-app purchases, subscriptions, or sponsorship.
- Using advertising platforms that comply with Apple and Google’s privacy standards, offering solutions to display contextual or targeted ads without using IDFA or AAID.
- Using analytics tools that comply with Apple and Google’s privacy regulations, offering solutions for measuring app performance without compromising user privacy.
4. Managing advertising through certified CMPs
Starting from January 16, 2024, advertising spaces launched using these platforms must use a CMP (Content Management Platform) certified by Google, with the prerequisite of having integrated the TCF (Transparency and Consent Framework). Therefore, you must ensure that you work with a CMP, or alternatively, you will need to certify your own CMP or find a certified one.
