Tag: App

Apple launched higher data protection standard

13. January 2021

Already announced in Apples Worldwide Developers Conference last June a new privacy feature for Apple’s App Store has now been launched with iOs 14.3 (we reported). Originally iOs 14 should have had these update, but based on critic of app developers and big tech giants the launch has been postponed to give the concerned persons and companies more time to be prepared for the changes.

The update requires the App providers to answer several questions regarding data privacy. The requirement to answer the questions only apply in case an app is uploaded to the App Store for the first time or in case an update is published by the App provider. So at this point, not many apps come up with this additional information. However, Apple’s own apps and for example the Facebook Messenger have already been updated regarding this information.

The process is as follows: In the course of uploading an app or update the provider must answer questions regarding inter alia which categories of personal data are collected by the app or third parties within the app, if the data is used to track the user and with which data sources and other data the obtained data is linked. The inserted information is afterwards displayed in the App Store below the rating of the app.

According to Apple, the goal is that the information in the App Store should make it easier for the user to know what the privacy status of an app is. However, it should be noted that the information is based solely on the (voluntary) information provided by the provider and is not verified by Apple.

Category: Data Protection
Tags: , , ,

Apple advises app developer to reveal or remove code for screen recording

12. February 2019

After TechCrunch initiated investigations that revealed that numerous apps were recording screen usage, Apple called on app developers to remove or at least disclose the screen recording code.

TechCrunch’s investigation revealed that many large companies commission Glassbox, a customer experience analytics firm, to be able to view their users’ screens and thus follow and track keyboard entries and understand in which way the user uses the app. It turned out that during the replay of the session some fields that should have been masked were not masked, so that certain sensitive data, like passport numbers and credit card numbers, could be seen. Furthermore, none of the apps examined informed their users that the screen was being recorded while using the app. Therefore, no specific consent was obtained nor was any reference made to screen recording in the apps’ privacy policy.

Based on these findings, Apple immediately asked the app developers to remove or properly disclose the analytics code that enables them to record screen usage. Apples App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity. In addition, Apple expressly prohibits the covert recording without the consent of the app users.

According to TechCrunch, Apple has already pointed out to some app developers that they have broken Apple’s rules. One was even explicitly asked to remove the code from the app, pointing to the Apple Store Guidelines. The developer was given less than a day to do so. Otherwise, Apple would remove the app from the App Store.

 

Google may remove millions of apps from its Play Store

14. February 2017

Last week Google contacted millions of app developers informing them about their apps’ violation of Google’s User Data policy.

According to this policy, apps which handle personal or sensitive user data must post a privacy policy in the designated field in the Play Developer Console, as well as within the app itself and handle the user data securely, for example by using cryptography for transmitting them.

Millions of apps handling with personal data do not have a privacy policy and thus do not contribute to providing a clear and transparent experience for Play Store users. Google set a time limit of 5 weeks, until March 15 this year for the apps to comply with the User Data policy. Either the developers shall include a link to a valid privacy policy or remove any requests for sensitive permissions or user data. Otherwise Google might limit the visibility of those apps or even remove them from its Google Play Store.