Yesterday was the big day for iDevice owners. iOS 8 was rolled out to devices across the globe.
Image based on Luis Abreu’s work published under CC license
A couple of weeks back I had already written about the implications iOS brings in the privacy realm. Apple has done some homework on privacy at large. Also, if you are a developer, do check out this presentation about “User Privacy on iOS and OS X” by members of the product security and privacy team. So what exactly are those changes I am talking about in terms of privacy policies?
In a nutshell iOS 8 was confirmed to incorporate requirements for privacy policies across the spectrum. This is what the aforementioned documentation says:
Important for all apps to have one, required for some app categories
• Apps that link against HealthKit
• Apps that link against HomeKit
• Third party keyboards
• Kids
Before iOS 8 only the kids category had an outspoken requirement for the privacy policy. This documentation has confirmed 4 categories before September, 9’s keynote.
Updated App Store Review Guidelines
So today, on iOS 8 day two, I am double checking the updates in the App Store Review Guidelines for you. And in it you can find the following rules for your privacy (policy):
3.12 (Metadata (name, descriptions, ratings, rankings, etc.))
Apps should have all included URLs fully functional when you submit it for review, such as support and privacy policy URLs
17 (Privacy)
-
Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used
-
17.2
Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
-
17.3
Apps may ask for date of birth (or use other age-gating mechanisms) only for the purpose of complying with applicable children’s privacy statutes, but must include some useful functionality or entertainment value regardless of the user’s age
-
17.4
Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must comply with applicable children’s privacy statutes, and must include a privacy policy
-
17.5
Apps that include account registration or access a user’s existing account must include a privacy policy or they will be rejected
24.1 (Kids Category)
Apps in the Kids Category must include a privacy policy and must comply with applicable children’s privacy statutes
25.7 (Keyboard Extensions)
Apps offering Keyboard extensions must have a primary category of Utilities and a privacy policy or they will be rejected
26.2 (HomeKit)
Apps using the HomeKit framework must indicate this usage in their marketing text and they must provide a privacy policy or they will be rejected
27.7 (HealthKit)
Apps using the HealthKit framework must provide a privacy policy or they will be rejected
29.4 (Apple Pay)
Apps using Apple Pay must provide a privacy policy or they will be rejected
Apple now requires 5 categories of apps to have a privacy policy
So, as not that much of a surprise, Apple has now added Apple Pay apps to the list of apps that are required by Apple to incorporate a privacy policy. Upping the number of categories to 5.
Of course, if you’ve come here and haven’t seen iubenda before, generating privacy policies for apps is what we do. In 6 languages, auto-updating, and we spit out a link to your privacy policy for you in the app store right after the generation.
Since you’re here…
You should probably read:
- Privacy policy for iOS apps – our guide and template
- WHERE does your privacy policy go?
- Check out our privacy policy generator for mobile apps:
- it gives you a link to add to the App Store;
- our policies are being updated automagically;
- our policies are being upkept in 6 languages to date and written by lawyers;