App privacy labels now live on the App Store

Wow, nice, since my app is focused on privacy, this could become a huge marketing bonus.<p>However, the questionaire seems quite complicated. I ask for the email adress and Apple wants to know if I connect the email address with the identity of a user. However, what does that even mean? I have no identity of a user except the email address.

They definitely need a special case for “no data collected”.<p>It should say something very direct like “This app does NOT collect any data.”. Instead, the App Store listing includes this extremely awkward set of phrases:<p><pre><code> “The developer, $DEVELOPER has indicated that the app’s privacy practices may include handling of data as described below: Data Not Collected The developer does not collect any data from this app.”</code></pre>

As a developer, if you do not collect information, compliance is trivial.<p>Go to AppStoreConnect for your App, see &quot;App Privacy&quot; on the sidebar, &quot;get started&quot;, tell it you don&#x27;t collect data. And you are done.<p>Edit: Doh! And also notice the blue &quot;Publish&quot; button in the upper right. Press that and get threatened. Then your data is ready. Otherwise when you go to push your update it will tell you to go fill in the App Privacy data.<p>The next time you upload you will have a label.

checked it out today when i saw this article. just recently got an apple watch and has been using for health tracking and was <i>very</i> pleased to see that two of my fav apps: + Work outdoors + Heart Analyzier<p>collect absolutely no data, everything stays on my watch. considering the plethora of personal information that something like garmin, strava or suunto collect, this is incredible, more people shoudl be cognizant of this.

These lists are a little “cookie warning” style and might be easily ignored.<p>I would like to see a mode in the phone itself where I can see a filtered list of apps based on features I opt <i>in</i> to.<p>Examples:<p>- “Show all apps that collect no data”: &lt;&lt;90% of my Home Screen icons fade out&gt;&gt;<p>- If you’re currently logged in to some account, a mode that shows you which apps “know” that you’re using this account.<p>I think a visual approach would make it clearer to users what features of their phone are applicable in each situation.

Will the app store listing for my Sudoku game warn me (as to its credit my iPhone started doing, before I deleted the app in horror) that it pastes from the clipboard on startup?

Looks like they treat &quot;opt in&quot; data collection the same way they treat silent collection that&#x27;s turned on by default?<p>This seems like a bad incentive, because there should be a benefit to being careful about opt-in.

I wish I could search by:<p>- Price.<p>-Has ads?<p>- User Ratings.<p>- In-app purchases.<p>Does anyone know if there is a search engine that will let me discover apps this way?<p>Like this, but for iOS - <a href="https:&#x2F;&#x2F;playsearch.kaki87.net&#x2F;" rel="nofollow">https:&#x2F;&#x2F;playsearch.kaki87.net&#x2F;</a>

The labels right now are just too pretty. They&#x27;re also so far down on the app listing, that I doubt they&#x27;ll be seen by much of anyone.<p>Hopefully these issues are just v1 and down the road the privacy screen will more prominent and maybe less blah blah blah looking.<p>Or maybe there&#x27;ll be filtering options in the App Store: &quot;hide apps that correlate offline user data&quot;, e.g.

It would be nice if I can filter apps based on these labels while browsing the App Store. Or even determine which of my existing apps fall under which label(s).

These things read like legal terms of service notices, so pretty much not digestible for anyone. I guess full disclosure is a decent enough start.<p>Really we need parental advisory ratings like we have for movies to easily know which apps sell data.

It&#x27;s impossible to download free apps on iOS (via the App Store) without giving Apple an email address, phone number, and street address.<p>Additionally, opening the App Store app on iOS sends your IP (coarse location) and device serial number to Apple. Logging in to download associates that serial with your email, street address, and phone number.<p>Every iOS device, and now every mac, connects to the Apple push server with a certificate tied to its serial number, and of course sends the client IP (and thus coarse device location).<p>Apple has your travel history, and the travel history of every iOS device by serial number. As of Big Sur, they have it for each and every mac, too.<p>On the mac, you can&#x27;t install a VPN app without providing your identification to Apple, because the NetworkExtension app entitlements to do that are only given out for App Store apps. This is why windows users can download wireguard from the wireguard website, but mac users cannot. App Store only!<p>I am not really that convinced that Apple cares that much about protecting consumer privacy.

One thing I&#x27;m confused by with this: an APNS token is, technically, a device identifier... so should every app that uses push notifications be electing under Device ID?<p>If so, I would _really_ appreciate it if there was some language stating &quot;for push notifications only&quot; or something, because as it sounds right now it comes across like something else.

What about app permissions ?<p>I frequently want to see, before installing, what permissions an iOS app requires, or will at least attempt to use.<p>AFAICT this information is not available anywhere in the app store even though it is known and could easily be listed.<p>Has that changed ?

That&#x27;s a nice start for Apple. But for now it indeed looks like a cookie request on any website nowadays. The real question is whether Apple is going to verify the information provided by the app developers. Will Apple do some kind of information flow control (IFC) through taint tracking on the app code, to make sure that the user name or location is not collected as the app description says?

Yep. I love this. If it encourages devs to think twice about incorporating some library from Facebook just for easy login or something then I’ll be happy. In fact I’m going to be looking at these labels and making buying&#x2F;subscribing decisions from them.

Apple&#x27;s labeling efforts do not appear to be requiring that apps that see&#x2F;log a user&#x27;s IP address disclose their collection of user location.<p>That seems like an oversight to me. IP addresses are coarse user location data.

I hope this makes a strong impact. Invasive tracking is a menace.

Need to upgrade to iOS 14.3 to see them.

Will this apply to their own apps as well?

Where did they live before?

This is so late to the game. I&#x27;ve been inspecting the traffic of iOS apps for a long time now, and have written to the developers asking them to remove these tracking beacons &#x2F; analytics scripts.<p>I created a wireless hotspot in Linux, connected my iDevice to it, and then opened Wireshark and was able to see all the traffic of the iDevice. I would encourage everyone to inspect the traffic of apps to gauge their privacy score.

This is LONG overdue and I hope it at least shows users as much info per app as Google Play does where you can inspect the permissions the app requests&#x2F;requires (though the distinction between request and require would be nice). It would also be nice to have persistent search filters in the app store search like &quot;don&#x27;t show me any apps which request access to my contacts or location&quot;... though I suspect it will take people dying because their stalkers found them through an app&#x27;s location info for this to happen.