The App Store (iOS) is Apple’s online application marketplace for the iPhone, iPad, and iPod Touch.  iOS app developers are subject to several privacy requirements in the iOS Developer Program License Agreement (last updated 09/12/12). The Agreement is not a public document; however, this page lists key privacy requirements for developers who wish to distribute their applications and services through the App Store.  Apple also provides App Store Review Guidelines to aid registered developers in understanding the App Store’s privacy requirements.

  •  Privacy Requirements
    • Privacy Policy:  You must provide clear and complete information to users regarding Your collection, us and disclosure of user or device data and disclosure of user or device data, e.g., a link to Your privacy policy on the App Store. Section 3.3.10
    • Consent and Use of Data: Developers and applications cannot collect user or device data without prior consent from the user. This data can only be used to provide a service or function that is directly relevant to the use of the application, or to serve advertising. You may not use analytics software in Your Application to collect and send device data to a third party. Section 3.3.9 
      • You must take appropriate steps to protect such data from unauthorized use, disclosure or access by third parties. If a user ceases to consent or affirmatively revokes consent for Your collection, use or disclosure of his or her user or device data, You (and any third party with whom you have contracted to serve advertising) must promptly cease all such use. Section 3.3.10
    • Location Data: Applications that offer location-based services or functionality must notify and obtain consent from users before the location data is collected, transmitted or otherwise used by the app. Section 3.3.14
      • Also, applications cannot “interfere with any Apple implemented system alerts, warnings, display panels, [and] consent panels,” including those that are “intended to notify the user that the user’s location data is being collected, transmitted, maintained, processed or used, or intended to obtain consent for such use. If consent is denied or withdrawn, Applications may not collect, transmit, maintain, process or utilize the user’s location data or perform any other actions for which the user’s consent has been denied or withdrawn.” Section 3.3.16
    • UDID: The unique Identifier is an alphanumeric string unique to each device based on various hardware details. Apple has instructed third-party app developers to stop tracking users by the unique identification number attributed to each of its devices.
      • Instead, developers should use the Advertising Identifier (see below), which is located in the device’s settings rather than in the hardware.
      • This shift in policy has significant implications for most mobile app developers and ad networks, who use UDID to tailor ads to targeted users. Read more about this change on our Unique identifier resource page
    • Advertising Identifier: You and Your Applications (and any third party with whom you have contracted to serve advertising) may use the Advertising Identifier, and any information obtained through the use of the Advertising Identifier, only for the purpose of serving advertising. Section 3.3.12
      • If a user resets the Advertising Identifier, then You agree not to combine, correlate, link or otherwise associate, either directly or indirectly, the prior Advertising Identifier and any derived information with the reset Advertising Identifier.  Further, You agree not to combine, correlate, link or otherwise associate, either directly or indirectly, any other permanent, device-based identifier with a user’s Advertising Identifier.
  • Advertising Preference: For Applications compiled for any iOS version providing access to the Ad support APIs:
      • You agree to check a user’s Advertising Preference prior to serving any advertising using the Advertising Identifier, and You agree to abide by  a user’s setting in the Advertising Preference.
      • If a user has set their Advertising Preference to limit ad tracking, You may use the Advertising Identifier, and any information obtained through the use of the Advertising Identifier, only for Limited Advertising Purposes.
      • The foregoing restrictions also apply to Your use of any other permanent, device-based identifiers for advertising, and any information obtained through the use of such identifiers.  Section 3.3.13


About
Contact
Supporters
Privacy Policy
Learn
Do / Tools
Showcase
Consumers
Rate and Review Applications
Blog