Users must grant permission for an app to access personal information, including the current location, calendar, contact information, reminders, and photos. Although people appreciate the convenience of using an app that has access to this information, they also expect to have control over their private data. For example, people like being able to automatically tag photos with their physical location or find nearby friends, but they also want the option to disable such features.
Request personal data only when your app clearly needs it. It’s natural to be suspicious of a request for personal information, especially if there’s no obvious need for it. Make sure permission requests occur only when people are using features that clearly need personal data. For example, an app might only request access to the current location when activating a location tracking feature.
Explain why your app needs the information. Provide custom text (known as a purpose string or usage description string) for display in the system's permission request alert, and include an example. Keep the text short and specific, use sentence case, and be polite so people don't feel pressured. There’s no need to include your app name—the system already identifies your app. For developer guidance, see Protecting the User's Privacy.
|Example purpose strings|
|The app records you during the night to detect snoring sounds.|
|Microphone access needed for a better experience.|
|Turn on microphone access.|
Request permission at launch only when necessary for your app to function. Users won’t be bothered by this request if it’s obvious that your app depends on their personal information to operate.
Don’t request location information unnecessarily. Before accessing location information, check the system to see whether Location Services is enabled. With this knowledge, you can delay the alert until a feature truly requires it, or perhaps avoid the alert altogether. To learn how to implement location features, see MapKit and Location and Maps Programming Guide.
Use the system-provided alert. You can customize text in the standard permission alert, but avoid adding custom prompts that replicate the standard alert’s behavior or appearance.