Apple is focusing on users’ privacy, so must you.

By Pierre-Luc Simard
VP, Technologies

One of the stars of Apple's last WWDC conference was privacy and it's been covered extensively by the tech media. 

As it is custom with every WWDC, Apple updated its App Store Review Guidelines. These commandments, that must be followed by every app developer to publish an application on Apple's App Store, also received a privacy update. In a piece of news published on Apple’s developer website, Apple lists the changes to the rules that impact all applications in the store. One of the changes caught my eye:

Guideline 5.1.1(ii). Apps must get consent for data collection, even if the data is considered anonymous at the time of or immediately following collection.

Previously, data collected without personally identifiable information such as the user's name, email, phone number or any unique identifier linked to the user's identity were exempt from explicitly asking for permission under 5.1.1 (ii). It only required disclosing it as part of the terms of service and privacy policy.

With the change, Apple is telling app developers that data collection of any kind must be done with the user's consent. The need for user's consent now clearly includes any collection done through crash reporting (e.g. Firebase Crashlytics) or behaviour analytics (e.g. Google Analytics for Firebase, Mixpanel). 

Apple's own WWDC application is a good example of this new behaviour. When it first starts, the app asks the user if it can share usage data with Apple.

The message directs the user to the license agreement included in the application's section inside the Settings app where Apple also added a convenient toggle to grant or revoke consent.

Understandably, the first reflex of App developers was not to ask for consent. Allowing the user to decline sharing its anonymous usage data reduces the information we have to make informed product decisions. As of June 3, 2019, Apple has decided to force us to put the user's privacy first. 

They will reject any update to an existing application or any new application that does not ask for the user's permission before collecting anonymous data, leaving app developers forced to either ask for permission or remove all anonymous data collection from their application. 

It might be uncomfortable at first, but I feel good product focus on user needs and privacy is becoming a significant concern for our users.