Why app analytics tools can get your app removed
|Richard Harris in iOS Friday, February 8, 2019|
Mobile app privacy policies are key to helping users understand why developers are collecting data about them with app analytics. Apple has recently started to warn developers about not informing users of an app's data collection. Here are some thoughts to help you avoid being removed from the app store over being too secretive about your app data collection.
Apple has recently started to crack down on developers that aren’t disclosing how they are capturing analytics from their users, as reported by Techcrunch and a few other sources. Analytics that includes everything from taps and swipes, to what screens users are on, length of time inside apps, and more. Some embedded SDK's developer use even record user sessions in real-time.
Capturing user analytics isn’t anything new Apple themselves do it. But what is being uncovered, or at least brought to light in 2019, is that most users are entirely unaware that the developer might record every move they make inside an app. And some of the data sets being recorded would be terrifying to app users when you consider platforms like Glassbox or Appsee, that can literally playback what a user did inside an app, tap by tap. Useful for the app marketer, but it can be bad for the user -even when you are just capturing analytics to help make the app better.
Apple knows analytics are important to developers and publishers, but they also put privacy first, especially in today's world of data leaks that usually stem from mobile use (eh hum, iOS Facetime bug..)
Follow the rules with in app analytics
In an email to TechCrunch, they reported an Apple spokesperson said:
“Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”
Why do developers want to record users actions anyway?
The first reason is obvious, is anyone using my app? Just knowing people are using an app is gratifying to any startup. But the reasons go much deeper than app users realize. Oddly enough, most of the time, analytics are captured to understand users behavior and to make the software better. Knowing which buttons are the most used, what screens are the longest viewed, or even if a crash happened, all go into a bucket of information developers can use to improve things.
Marketing automation is another big reason developers capture user analytics. Imagine a user goes into an app, browses around a bit then decides to upgrade to a premium account offered because of some added benefits. When they tap to subscribe to the app’s premium services, they see the price, then decide to bail, tapping the cancel button. The analytics bread-crumb trail will reveal this activity to a marketing automation engine, which could in-turn fire off a quick push alert, text alert, or email, reminding the user of the subscription benefits, and even potentially offering a discount.
In the end, most developers and publishers should want to get to know their users so they can make things better for them. Using the data for marketing purposes isn’t all bad either because it usually rewards the user with discounts or a better product because if the marketing turns into conversions, that fuels the software releases. There are publishers that capture analytics using 3rd party SDKs so the platform can buy the data back from the developer - but those are rarer.
Still, it’s essential for developers to understand that any 3rd party SDK, API, or software plugin they are using in their software could have this head-fake built in. I think sometimes developers themselves might not realize that the majority of platforms they are using, capture user analytics above their heads, yet it’s still the developer's responsibility to inform the user. so be mindful of any plugin you are using and know it's up to you to inform your users of what's going on.
In-app analytics privacy policies
Here are a few examples of privacy policies for popular SDK's you might have inside your app you can review.
If you really want to go the extra mile, give users a way to opt-out altogether. It's not currently required by Apple to offer the "opt-out", with the onslaught of privacy breaches and marketing annoyances being abused, it wouldn't surprise me to see Apple take the step to enforce developers to do just that.
Keep your policy updated too. Many privacy policies I run across predate some serious vulnerabilities discovered over the past few years, which could cause users to shy away from using your app because they don't think it's safe. If you are wondering how long is "too long" before you update it, that would be now.