How to read Apple's App privacy 'Nutrition Labels' and what they will do for users

Developers have to submit privacy policy details

If you want your app to stay on the App Store, you now have to provide a Privacy Policy. Except you don't. Although the deadline to submit this information was December 8, Apple has told developers that it won't remove existing apps for not having this information.

So far it seems to be an oddly half-hearted privacy rule from Apple, which may reflect how it's going to be hard to usefully enforce. Even if Apple does set a cut-off date and remove apps without this privacy information, it is still entirely reliant on developers telling the truth.

That's not to say that developers are untrustworthy. It is to say that any developer intent on being a bad agent is not going to get an attack of the conscience over this.

Hopefully Apple will do spot checks. Hopefully the App Store review team will now have a thorough checklist, and the tools to work through it, as they decide whether to allow new apps on or not.

It's likely that something of this sort will happen, because Apple has created an online form for developers. Even though the chief requirement is to provide a link to your Privacy Policy, developers have to click through a form specifying details for different types of data that their app may be using.

As these labels start to appear on the App Store, though, here's where to see them. Plus what they mean, and how they can help you decide which apps to use.

How to find the "nutrition label" for an app

1. Open the App Store on either iOS or macOS
2. Find any app
3. Scroll through its detail down to the Information section
4. Look for Privacy Policy
5. Tap to read it

Developers are required to include a Privacy Policy. It's a link rather than a description within the App Store, and Apple says it must be the "URL to your publicly accessible privacy policy."

So you can't bury the policy behind a paywall or require users to buy your app first. Apple also offers the option of adding a separate Privacy Choices link, though.

This again must be to a publicly-accessible site online, but in it developers are encouraged to present information — and allow users to edit it.

"For example, a webpage where users can access their data, request deletion, or make changes," says Apple in its developer documentation.

Apple has specific instructions for developers in that documentation about what they can say and what they must disclose. However, for the user, this extra privacy information comes down to that Privacy Policy link in the app's description.

It is highlighted more than the other details in that section, such as the Category, the Languages, and the Age Rating. However, you're not going to stumble on it by accident.

If you do want to know the privacy details, though, you will find them here. And they are expected to tell you a lot of information that could well affect your buying decision.

How to read the information in these "nutrition labels"

Including some catch-all terms such as "other usage data," Apple lists 34 different types of data whose handling may have to be disclosed. Broadly the issue is that if you collect data from a user — and then do something with it outside your app — you have to say what.

There are exceptions, and Apple allows developers to not reveal them. These include when the user data an app collects "is not used for tracking purposes," or it's clear to the user that they are choosing to offer this information to the developer.

The 34 types of data range from contact information, through health details, and on to what Apple calls "product interaction." It defines this as being "app launches, taps, clicks... or other information about how the user interacts with the app."

There are legitimate reasons for apps to want this data, such as a fitness app requesting access to your health records. What Apple is against is the taking of that data for any other purpose, such as passing to advertisers and marketing firms.

What you should see, and what you will get

Consequently, what you should see when you click Privacy Policy in an app description, is a list of types of data collected, and why. You should see if an app tracks your precise location, defined as being with "the same or greater resolution as a latitude and longitude with three or more decimal places."

In practice, though, what you're going to see may end up being no more useful, or perhaps even accurate, than you might glean now from a developer's website.

That's because as well as the issue over honesty, there is also the fact that this is an extra burden on developers. You can be sure that some will make one overall privacy policy web page and point all of their apps directly to it.

After all, that's what Microsoft does — and Apple, too. Check out their apps in the App Store and their Privacy Policy link takes to one of these generic pages.

Future improvements

WhatsApp has objected to Apple's labels, saying that they could put users off. The company claims that the labels are too broad, and therefore unfair.

"[For instance, while] WhatsApp cannot see people's messages or precise location, we're stuck using the same broad labels with apps that do," said a spokesperson.

This suggests that Apple intends to display more than a single link to a firm's Privacy Policy. And that suggests that these labels are going to become useful.

Even if Whatsapp's criticism is correct, any greater display of privacy information is a good thing. It may well inform your choice of apps to use, but it would definitely help educate us all to be actively aware of these issues.

So long as the submitted information is correct.

Keep up with AppleInsider by downloading the AppleInsider app for iOS, and follow us on YouTube, Twitter @appleinsider and Facebook for live, late-breaking coverage. You can also check out our official Instagram account for exclusive photos.