App privacy in the App Store
As of December 8, 2020, Apple requires mobile app developers to report the data types collected by their app to the App Store.
Data type
See the list of data types below and compare them with the data collection methods used by your app:
|
Data type |
Description |
AppMetrica SDK data collection (default configuration) |
|
Contact info |
||
|
Name |
First or last name. |
No |
|
Email address |
Including the hashed email address. |
No |
|
Phone number |
Including the hashed phone number. |
No |
|
Physical address |
Home, physical, or postal address. |
No |
|
Other user contact info. |
Any other information that can be used to communicate with the user outside the app. |
No |
|
Health and fitness |
||
|
Health |
Health and medical data. |
No |
|
Fitness |
Data on physical condition and exercises. |
No |
|
Financial info |
||
|
Financial info |
For example, payment method, payment card number, or bank account number. If the app uses a payment service, payment information is entered outside the app, and the developer doesn't have access to it. That information isn't collected and doesn't need to be disclosed. |
No |
|
Credit info |
For example, credit rating. |
No |
|
Other financial info |
For example, income, assets, salary, debts, or any other financial information. |
No |
|
Location |
||
|
Precise location |
Information about the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places. |
Yes, if the |
|
Coarse location |
Information about the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places. For example, approximate location services. |
Yes, if the |
|
Sensitive info |
||
|
Sensitive info |
For example, racial or ethnic data, religious or philosophical beliefs, sexual orientation, trade union membership, political opinion, pregnancy or childbirth information, disabilities, genetic information, or biometric data. |
No |
|
Contacts |
||
|
Contacts |
For example, a list of contacts in the user's phone, an address book, or a social graph. |
No |
|
User content |
||
|
Emails or text messages |
Including the subject line, sender, recipients, and contents of the email or message. |
No |
|
Photos or videos |
The user's photos or videos. |
No |
|
Audio data |
The user's voice or sound recordings. |
No |
|
Gameplay content |
For example, multiplayer matching or gameplay logic, saved games, or user-generated in-game content. |
No |
|
Customer support |
Data received by the user during a customer support request. |
No |
|
Other user content |
Any other user-generated content. |
No |
|
Browsing history |
||
|
Browsing history |
Information about content the user has viewed that isn't part of the app. For example, websites. |
No |
|
Search history |
||
|
Search history |
Information about searches made through the app. |
No |
|
Identifiers |
||
|
User ID |
For example, username, handle, account ID, user ID, customer number, or another user- or account-level ID that can be used to identify a specific user or account. |
No The app developer can configure how that data is transmitted if necessary. |
|
Device ID |
For example, the user's advertising ID or another device-level ID. |
Yes, if the developer obtained the user's permission. Request for permission is implemented by the developer on their own. |
|
Purchases |
||
|
Purchase history |
An account's or individual user's purchases or purchase tendencies. |
Yes, starting from SDK version 4.0.0+. The app developer can disable transmission for that data using the |
|
Usage data |
||
|
Product interaction |
For example, information about app launches, taps, scrolls, music listening data, video views, or save locations in games, videos, or songs. It can also be any other information about how the user interacts with the app. |
Yes for launch events. No for the rest. The developer can completely disable |
|
Advertising data |
Information about the ads the user has seen. |
No The app developer can configure how that data is transmitted if necessary. |
|
Other usage data |
Any other data about user activity in the app. |
No |
|
Diagnostics |
||
|
Crash data |
For example, crash logs. |
No |
|
Performance data |
For example, launch time, hang rate, or energy usage. |
Yes AppMetrica can collect battery level data for crash analytics. |
|
Other diagnostic data |
Any other technical diagnostics data related to the app. |
No |
|
Other data |
||
|
Other data types |
Any data types not mentioned. |
Yes AppMetrica can collect additional data. For example, technical information about the device, including the OS version and screen type. |
Using the data
Select the categories that correspond to data usage in your app:
| Goal | Definition |
|---|---|
| Third-party advertising | Displaying third-party ads in your app or sharing data with organizations that display third-party ads. |
| Developer's advertising or marketing | Displaying your own ads in the app, sending marketing messages directly to your users, or sharing data with organizations that will display your ads. |
| Analytics | Using data to evaluate user behavior, understand the effectiveness of existing product features, plan new features, or measure audience size or characteristics. |
| Product personalization | Customizing what the user sees. For example, a list of recommended products, posts, or suggestions. |
| App functionality | For example, to authenticate the user, enable features, prevent fraud, implement security measures, ensure fault-free server operation, minimize app crashes, increase scalability and performance, or provide customer support. |
| Other purposes | Any purposes not mentioned. |
Data linked to the user
Note
Personal information and data are considered to be linked to the user.
Identify whether each data type is linked to the user's identity (via their account, device, or other details). Data collected through an app is often linked to the user's identity unless specific privacy protection measures are in place:
- Deleting any direct identifiers, such as the user's ID or name, before collection.
- Manipulating data to break the linkage and prevent re-linkage to real-world identifiers.
To ensure that the data isn't linked to a particular user's identity, avoid doing the following after collecting the data:
- Don't link the data to the user's identity.
- Don't tie the data to other datasets that could link it to a particular user's identity.
Tracking
Tracking refers to linking data collected in your app about a particular user or device, such as a user ID, device ID, or profile, with third-party data for the purpose of advertising or sharing data.
Examples include:
- Displaying targeted ads in your app based on user data collected from apps and websites belonging to other companies.
- Sharing device location data or email lists with a data broker.
- Sharing a list of emails, advertising IDs, or other IDs with a third-party advertising network for the purpose of serving targeted ads or attracting new users.
- Placing a third-party SDK in your app that combines user data from your app with user data from other developers' apps in order to target or measure the effectiveness of advertising (even if you don't use the SDK for those purposes). For example, using a login SDK that repurposes data collected from your app to enable targeted advertising in other developers' apps.
If you didn't find the answer you were looking for, you can use the feedback form to submit your question. Please describe the problem in as much detail as possible. Attach a screenshot if possible.