By creating a privacy policy for your mobile app or site, you’ve met app listing requirements and done right by your users. Now the question is how to give them easy access to this information if they want it. If at all possible, users should be able to get it from somewhere in your app (like a Settings menu) and from your own website. Maybe even more importantly, they should also be able to understand your privacy practices before they download and install the app. If you’re developing for iOS, this means linking to it from your listing in the App Store.
Unfortunately, Apple doesn’t make it very easy to link to your privacy policy in iTunes and the App Store. Here are three ways to give your users a privacy heads’ up, taking into account the limitations of Apple’s framework.
1. Mention privacy in your app Metadata
The text description of your app is part of your app’s Metadata; this is a long text entry that explains what your app is about. Most companies with privacy policies include their URL in the company description. The problem is that, for some inscrutable business or security reason, Apple does not allow these URLs to be clickable. Even worse, in the mobile App Store, you can’t even cut and paste the URL text into your mobile browser. At least they can know it exists, even if it isn’t easy to get to.
2. Link to Privacy in Company and Support
Below the app description, Apple has built in dedicated links to your company homepage (optional) and for app support (mandatory). These links are clickable on both the web and mobile App Stores.
As a developer, you’re prompted in the app uploading process to provide these during set-up:
Since users might go looking for privacy information through these links, it behooves you to put a link to your privacy policy prominently on your company and support pages. Those pages should be formatted for mobile users (and be user-agent aware), since most users find apps directly on their devices. Best practice would place the privacy policy link at the top of each of those pages.
3. Link to Privacy in your EULA (if you have one)
If you are the rare app that provides your own End User License Agreement (EULA), you there’s also a built-in link to the page where Apple hosts the EULA you enter in. EULA’s are about ownership of data, and don’t usually address privacy. To their credit, some app EULAs, like Zynga’s, link to their full privacy policy. Unlike the company descriptions, links here work both in the browser and App Store presentations. Remember, your privacy policy needs to be available (and readable!) both in the full version of the App Store (in iTunes) and also in the App Store that users see on their mobile devices (iPhone, iPad or Touch). (With Policymaker, we handle this for you.)
4. Wait for Apple to fix this (they will)
None of these approaches elegantly connects your users with your privacy notice. They’re not worthy of the privacy experience that you (or Apple) would want for your users. The quickest fix by Apple would be to offer a built-in privacy-policy link as they have done for Company and Support pages. It wouldn’t even be hard for them to scan existing app store listings for privacy policy links (they generally have the string “privacy” in the URL) and populate the new field automagically. Or maybe they’re re-thinking — as only Apple could — the entire mobile privacy experience? (Which reminds me of an old post.)
Until then, this is the best you can do in complying with Apple’s requirement that you provide a privacy policy. (Please add any other ideas in the comments.) Meanwhile, we’re at work on the same analysis for Android Market developers, which has challenges of its own.
Pingback: How to include App Privacy Policy in App Store Listing | Application Privacy
Pingback: Mobile App Privacy Enforcement: Who’s Responsible? | Application Privacy
Pingback: Windows Store has strong privacy disclosure requirements for app developers | PrivacyChoice Blog
Pingback: Developer Alert: Takeaways from the today’s FTC report on kid’s privacy disclosure in apps | PrivacyChoice Blog
Pingback: Developer Alert: App stores now must enforce privacy-policy requirements | PrivacyChoice Blog