This article presents basic guidelines for understanding and meeting requirements for disclosing data collection within mobile apps. It is not legal advice; please consult a lawyer for direction on meeting compliance with legal requirements.
After investing significant effort into developing your new mobile app, the last thing you want is to realize that you neglected to disclose important data.
This can cause compliance and/or legal issues which can push back the launch of your product. From the start, you need to be mindful to document and prepare all of the “paperwork.”
Let’s talk about what you can do to be better prepared for the app store approval process for both iOS and Android.
When we speak of data privacy, what is it?
Many of us have an intuitive understanding of privacy in our personal lives, but how does that intersect with our data?
When I refer to data privacy, I mean the information that software collects, that servers transmit and store, and that third-parties receive when a user interacts with a business’s software.
Privacy has been quite the active topic in recent years, and individuals are becoming more concerned with what happens to their data. From the EU’s GDPR to California’s CCPA (and established or developing laws in other US jurisdictions), user privacy has grown into a legal concern as well. When building software, there are both user perception and legal compliance reasons to take data privacy seriously.
In recent years, the mobile app stores have moved to make data usage and tracking by apps more transparent. Beyond any text in a privacy policy or terms of use, Apple and Google now require app developers to list the kinds of data they use and what purposes they use it for. This allows for a quick overview of how your data will be used and whether you’ll be tracked by the developer.
The terminology is different (App Privacy for Apple, Data Safety for Google), but they provide similar insight into what kinds of data are collected and how they are used.
When publishing a new app to the stores (or a new version for an app that was originally submitted before these requirements), you’ll need to provide this list of data and report how each are used.
You’ll want to consider any kind of data the app gathers, either automatically (like diagnostics or usage data), by permission from the user (like location or contacts), or from a direct request from the user (uploads or user-created content). Depending on what data is used, you may not be required disclose it.
Apple allows for optional disclosure for some data usage, and Google considers some data not in scope as well. While the app stores do have exceptions for data that doesn’t need to be listed, you may want to consider whether it makes sense to describe your usage of that data anyway.
Beyond the kinds of data that an app collects, the app stores also differentiate how the data are used. Both platforms give a general list of categories for how information is employed.
Apple requires developers to describe which data can be linked to a user’s identity and used to track a user for advertising or other purposes. This appears differently within App Privacy than data collected anonymously (data not connected to a specific user)
Google requires developers to separately describe data collected by the app versus data shared to another provider (along with how each party uses the data).
Now that we have an idea of what data privacy is and how mobile apps must report their data usage, how can you best prepare for filling out the necessary forms?
For a recent app project at Headway, we needed to retroactively review the data usage in the app; how might we better approach this for a new application?
First, I’d suggest planning early in your app design process. Start a list of the data you collect right when you start designing the app. As screens and workflows are designed, keep track of what data the app will collect and how you will store and use it. What categories or kinds of data does your app need to function? Which are optional for the user to provide? For what purposes are you collecting the data? Are there any kinds of data that you can choose to intentionally not collect?
Second, as you begin to build the app, update your list of data as you add new features. Write down what users submit in forms, what you send to API endpoints, what permissions you request, and what information you share with external services. Continue to build on your overall picture of data usage as the app grows to avoid needing to review the codebase in full when submitting to the app stores.
Third, review each third-party service that you integrate with. Some collect additional data that you may not directly use or collect yourself. Even if your app doesn’t use this data, it must be reported. This may require looking through documentation, user forums, or privacy policies.
For example, RevenueCat provides a helpful guide for what data they collect and how to report it.
Finally, gather your notes and assemble your disclosures for the app stores. If you’ve kept notes while building your app, hopefully, this shouldn’t require too much additional research. Each app store has slightly different requirements, but your overall list should give you the starting point you need to fully disclose your data usage.
Now that you have an idea of the value of data privacy and what the app stores require, hopefully you’ll be more equipped for your next mobile project. As individuals grow more concerned with how their information is used, we can all help to create more of an environment of trust and safety online.
Download our free guide to begin implementing feedback loops in your organization.
By filling out this form, you agree to receive marketing emails from Headway.
In this free video series, learn how the best startup growth teams overcome common challenges and make impact.
In this free video series, learn how the best startup growth teams overcome common challenges and make impact.
In this free video series, learn proven tactics that will impact real business growth.
By filling out this form, you agree to receive marketing emails from Headway.
Dive deeper into the MoSCoW process to be more effective with your team.
By filling out this form, you agree to receive marketing emails from Headway.
In this free video series, learn the common mistakes we see and give yourself a greater chance for success.
By filling out this form, you agree to receive marketing emails from Headway.
Everything you need for a killer DIY audit on your product.
See all the ways we can help you grow through design, development, marketing, and more.
Level up your skills and develop a startup mindset.
Stay up to date with the latest content from the Headway team.