The growing concern about privacy has led Apple to be the leader of data protection. Therefore in the app development we will have to take into account not only what the data protection legislation indicates in this regard, and specifically the RGPD, but also the new privacy policies included in iOS 14 that allow the user to have more knowledge than never about the apps that access your information.
1. Explain how the app uses the data that collects.
Before the end of 2020, the App Store has set out to help users understand the privacy practices of an app before it is downloaded. On the product page of each app, it must be public how the data is collected, if the user is tracked and if the information is linked to their identity or device.
For this purpose, when a new application is sent to Apple for review, it will ask us to complete a questionnaire with all the information we collect: if we use third-party code (such as advertising or analysis SDK), you must also describe what data that third-party code collects, how they can use your data and whether they are used to track users.
*Update 11/06/2020: Apple will make this practice mandatory on December 8. As of this date, both the new apps and those that must be updated must fill in this information so that the user can see it in the App Store.
2. Disclose if you track the user.
From now on, with iOS 14, iPadOS 14 and tvOS 14, you must receive the user’s permission through the AppTrackingTransparency framework to track them or access the advertising identifier of their device. Tracking refers to the act of linking the user or device data collected in the app with the user or device data collected from other applications, websites or offline companies for the purpose of measurement or targeted advertising. Tracking also refers to sharing user or device data with data brokers.
Examples of tracking that need permission under App Tracking Transparency:
- Show personalized ads thanks to user data collected by third parties.
- Share device location data or email lists with a data broker.
- Share a list of emails or advertising identifiers with a third party that uses that information to suggest other applications to those users or to find similar users.
- Integrate a third-party SDK into the application that combines the user data from the app with the user data from other developers’ applications to target advertising or measure advertising efficiency, even if we don’t use the SDK for these purposes.
You can track users without obtaining user permission through the AppTrackingTransparency framework:
- When the user or device’s data is linked to third-party data only on the user’s device and is not sent outside the device in a way that can identify the user or the device.
- When the data broker with whom you share data uses it only for fraud detection, fraud prevention or security, and only on your behalf.
3. Warns if the app is going to use the microphone or the camera.
With iOS 14, Apple introduces a new functionality that alerts us if the camera has been turned on although we are not aware of it thanks to a small light located in the status bar. Furthermore, apps that have recently used the camera or microphone will be displayed in the control center so that the user can review them.
Therefore, a good practice in this case will be to show a view in which the user has control of when to start recording and that shows what is being recorded. It will generate confidence because we do not execute actions in the background without warning in our app.
4. Requires exact location only if you need it.
Users will now have the option of providing the application with an approximate location, temporary access will allow the app to know the exact location of the user for the duration of the session.
To achieve a good usability of the app, we can first request the approximate location to show the user the establishments he requested the information about. At this time, if the user indicates her desire to obtain directions up to that point, request temporary access to her exact location. This way of acting not only responds to the principle of minimization of the RGPD data, but also makes it more likely that the user is willing to authorize access to his location when he has a utility. It will also increase the confidence in the way of treating your data because you know that we only ask you for the data strictly necessary to fulfill the purposes of the app.
5. Update access to your app with Sign in with Apple
Apple introduced Sign in with Apple last year last year and it is mandatory since iOS 13 for all apps that include identification with social networks.
The main feature of this form of identification is to prevent third-party services (social networks mainly) from obtaining information from users of our app.
Including this option in our application, even when we do not have a registration with social networks, will improve the perception that the iPhone´s user has about our platform. And you can even make them choose our app to the detriment of another that does not offer this option that preserves the user’s privacy.
Transparency is the only way
The only way to establish a long-term relationship with the user of our app and achieve their retention is to be transparent, take care of their data with respect and only require personal information when necessary. We are increasingly aware of the importance of our data thanks to the GDPR and we hear about applications whose purpose is to obtain information from users. For this reason, more than ever, we have to generate trust and be clear when explaining to the user why we need their data, offering them an appropriate user experience based on the permissions granted.
