Article

Protecting the User's Privacy

Protect user privacy by securing personal data and respecting the user's wishes with how data is used.

Overview

Designing for user privacy is important. Most Apple devices contain personal data that the user might not want to expose to apps or to external entities. If your app accesses or uses data inappropriately, the user might stop using your app or even delete it from their device.

Access user or device data only with the user’s informed consent obtained in accordance with applicable law. In addition, take appropriate steps to protect user and device data and be transparent about how you use it. Here are some best practices that you can follow:

  • Review guidelines from government or industry sources, including the following documents:

  • Request access to sensitive user or device data, which is protected by the iOS system authorization settings, at the time your app needs the data. You must supply a purpose string (sometimes called a usage description string) in your app’s Info.plist file explaining why your app needs the data or resource you are attempting to access. Data protected by iOS system authorization settings includes location, contacts, calendar events, reminders, photos, media, and many other types as well. Provide reasonable fallback behavior in situations where the user does not grant access to the requested data.

  • Be transparent with users about how their data is going to be used. For example, when you submit your app to the App Store, specify a URL for your privacy policy or statement as part of your App Store Connect metadata. You might also want to summarize that policy or statement in your app description.

  • Give the user control over their user or device data. Provide settings so that the user can disable access to certain types of sensitive information as needed.

  • Request and use the minimum amount of user or device data needed to accomplish a given task. Do not seek access to or collect data for non obvious reasons, for unnecessary reasons, or because you think it might be useful later.

  • Take reasonable steps to protect the user and device data that you collect in your apps. When storing such information locally, try to use the iOS data protection feature (described in Protecting Data Using On-Disk Encryption) to store it in an encrypted format. Use App Transport Security (as described in NSAppTransportSecurity) when sending user or device data over the network.

  • If your app uses the ASIdentifierManager class, you must respect the value of its isAdvertisingTrackingEnabled property. And if that property is set to a NO/a by the user, then use the ASIdentifierManager class only for Limited Advertising Purposes. “Limited Advertising Purposes” means frequency capping, attribution, conversion events, estimating the number of unique users, advertising fraud detection, debugging for advertising purposes only, and other uses for advertising that may be permitted by Apple in Documentation for the Ad Support APIs.

  • If you must identify users persistently, use the identifierForVendor property of the UIDevice class or the advertisingIdentifier property of the ASIdentifierManager class.

  • If your app supports audio input, configure your audio session for recording only at the point where you actually plan to begin recording. Do not configure your audio session for recording at launch time if you do not plan to record right away. The system alerts users when apps configure their audio session for recording and gives the user the option to disable recording for your app.

Requesting Authorization to Use System Features

For some protected data and resources, iOS frameworks provide dedicated API for checking and requesting authorization. When using these features, you must request and receive authorization before using the corresponding feature. Attempting to use a feature for which you do not have authorization is a programmer error.

Table 1 lists the data and resources protected by system authorization settings. The purpose string associated with each entry is the key that you must add to your app's Info.plist file with a description of how you intend to use the data. Use the specified APIs to request authorization to use the data or resource.

Table 1

Data and resources protected by system authorization settings

Data or resource

Purpose string

System APIs

Bluetooth peripherals

NSBluetoothPeripheralUsageDescription

Use the state property of the CBCentralManager class to check system-authorization status for using Bluetooth peripherals.

Calendar data

NSCalendarsUsageDescription

Use the authorizationStatus(for:) method of the EKEventStore class to check system-authorization status for accessing calendar data.

Camera

NSCameraUsageDescription

Use the deviceInputWithDevice:error: method of the AVCaptureDeviceInput class to check system-authorization status for using device cameras.

Contacts

NSContactsUsageDescription

Use the authorizationStatus(for:) method of the CNContactStore class to check system-authorization status for accessing contact data.

Health sharing

NSHealthShareUsageDescription

Use the authorizationStatus(for:) method of the HKHealthStore class to check system-authorization status for accessing health data. To request authorization, call the requestAuthorization(toShare:read:completion:) method.

Health updating

NSHealthUpdateUsageDescription

Use the authorizationStatus(for:) method of the HKHealthStore class to check system-authorization status for accessing health data. To request authorization, use the requestAuthorization(toShare:read:completion:) method.

HomeKit

NSHomeKitUsageDescription

When your app first attempts to access a property of the HMHomeManager class, the system presents an authorization request to the user.

Location

NSLocationWhenInUseUsageDescription, NSLocationAlwaysUsageDescription, NSLocationAlwaysAndWhenInUsageDescription

Use the authorizationStatus() method of the CLLocationManager class to check system-authorization status for accessing location data. To request authorization, use the requestWhenInUseAuthorization() or the requestAlwaysAuthorization() method.

Microphone

NSMicrophoneUsageDescription

Use the recordPermission method of the AVAudioSession class to check system-authorization status for using device microphones. To request authorization, use the requestRecordPermission(_:) method.

Motion

NSMotionUsageDescription

Check for a CMErrorNotAuthorized error from the queryActivityStarting(from:to:to:withHandler:) method of the CMMotionActivityManager class to check system-authorization status for accelerometer access.

Music and the media library

NSAppleMusicUsageDescription

Use the authorizationStatus() method of the ALAssetsLibrary class to check system-authorization status for accessing media assets.

Photos

NSPhotoLibraryUsageDescription

Use the authorizationStatus() method of the PHPhotoLibrary class to check system-authorization status for accessing the photo library.

Reminders

NSRemindersUsageDescription

Use the authorizationStatus(for:) method of the EKEventStore class to check system-authorization status for accessing reminder data.

Siri

NSSiriUsageDescription

Use the siriAuthorizationStatus() method of the INPreferences class to check system-authorization status for using Siri. To request authorization for your app to use SiriKit, use the requestSiriAuthorization(_:) method.

Speech recognition

NSSpeechRecognitionUsageDescription

Use the authorizationStatus() method of the SFSpeechRecognizer class to check system-authorization status for using speech recognition. To request authorization for your app to use speech recognition, use the requestAuthorization(_:) method

TV provider

NSVideoSubscriberAccountUsageDescription

Use the checkAccessStatus(options:completionHandler:) method of the VSAccountManager class to check system-authorization status for accessing the user’s video service subscription information. To request authorization, use the enqueue(_:completionHandler:) method.

Because a user can change authorization at any time by using Settings, check the authorization status of a feature before accessing it. (Some features, notably motion and HomeKit, do not provide dedicated API for checking system authorization status.)

Topics

Supporting Privacy

Encrypting Your App's Files

Protect the user's data by encrypting it on disk.

See Also

Data Management

protocol UIDataSourceModelAssociation

A set of methods that defines an interface for providing persistent references to data objects in your app.