Why app analytics tools can get your app removed

Apple has recently started to crack down on developers that aren’t disclosing how they are capturing analytics from their users, as reported by Techcrunch and a few other sources. Analytics that includes everything from taps and swipes, to what screens users are on, length of time inside apps, and more. Some embedded SDK's developer use even record user sessions in real-time.

Capturing user analytics isn’t anything new Apple themselves do it. But what is being uncovered, or at least brought to light in 2019, is that most users are entirely unaware that the developer might record every move they make inside an app. And some of the data sets being recorded would be terrifying to app users when you consider platforms like Glassbox or Appsee, that can literally playback what a user did inside an app, tap by tap. Useful for the app marketer, but it can be bad for the user -even when you are just capturing analytics to help make the app better.

Apple knows analytics are important to developers and publishers, but they also put privacy first, especially in today's world of data leaks that usually stem from mobile use (eh hum, iOS Facetime bug..)

Follow the rules with in app analytics

The best course of action you as a developer can take is to always be transparent with anyone downloading, registering, or even anonymously using your games or apps. Make sure you have a good privacy policy in place and display it on the first load of the app, and then make it available from a menu somewhere else inside the app, like a setting screen if you have one.

If you don’t have a privacy policy, stop reading this and create one, then update your app asap.

In an email to TechCrunch, they reported an Apple spokesperson said:

“Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”

So ramifications of not letting users know you might be breaching their privacy goes far beyond an Apple slap on the wrist. You could even face criminal charges. The risks are just too high these days not to have a privacy policy in place.

Why do developers want to record users actions anyway?

The first reason is obvious, is anyone using my app? Just knowing people are using an app is gratifying to any startup. But the reasons go much deeper than app users realize. Oddly enough, most of the time, analytics are captured to understand users behavior and to make the software better. Knowing which buttons are the most used, what screens are the longest viewed, or even if a crash happened, all go into a bucket of information developers can use to improve things. 

Marketing automation is another big reason developers capture user analytics. Imagine a user goes into an app, browses around a bit then decides to upgrade to a premium account offered because of some added benefits. When they tap to subscribe to the app’s premium services, they see the price, then decide to bail, tapping the cancel button. The analytics bread-crumb trail will reveal this activity to a marketing automation engine, which could in-turn fire off a quick push alert, text alert, or email, reminding the user of the subscription benefits, and even potentially offering a discount.

In the end, most developers and publishers should want to get to know their users so they can make things better for them. Using the data for marketing purposes isn’t all bad either because it usually rewards the user with discounts or a better product because if the marketing turns into conversions, that fuels the software releases. There are publishers that capture analytics using 3rd party SDKs so the platform can buy the data back from the developer - but those are rarer.

Still, it’s essential for developers to understand that any 3rd party SDK, API, or software plugin they are using in their software could have this head-fake built in. I think sometimes developers themselves might not realize that the majority of platforms they are using, capture user analytics above their heads, yet it’s still the developer's responsibility to inform the user. so be mindful of any plugin you are using and know it's up to you to inform your users of what's going on.

In-app analytics privacy policies

Here are a few examples of privacy policies for popular SDK's you might have inside your app you can review.

Apple
https://www.apple.com/legal/privacy/

Google analytics
https://www.google.com/analytics/terms/us.html

Glassbox
https://www.glassboxdigital.com/privacy-policy/

AppsFlyer
https://www.appsflyer.com/privacy-policy/

AppAnnie
https://www.appannie.com/en/legal/privacy/

Tune
https://www.tune.com/resources/data-and-privacy/

Appsee
https://www.appsee.com/legal/privacypolicy

Localytics
https://www.localytics.com/privacy-policy/

AppDynamics
https://www.appdynamics.com/privacy-policy/

LeanPlum
https://www.leanplum.com/privacy/

Apptentive
https://www.apptentive.com/privacy/

Summary

Go ahead, capture and record taps, sessions, and swipes all day long. Just make sure you let the user know you are doing it, and tell them why. Don't hide your privacy policy in a screen somewhere with tiny font users can't get to either, put it up-front an center.

If you really want to go the extra mile, give users a way to opt-out altogether. It's not currently required by Apple to offer the "opt-out", with the onslaught of privacy breaches and marketing annoyances being abused, it wouldn't surprise me to see Apple take the step to enforce developers to do just that.

Keep your policy updated too. Many privacy policies I run across predate some serious vulnerabilities discovered over the past few years, which could cause users to shy away from using your app because they don't think it's safe. If you are wondering how long is "too long" before you update it, that would be now.