Microsoft AppCenter - Ask the user for permission?

If you record anything in the session of user (what he/she is typing, screenshots…), you SHOULD ask and make it explicit.

If it is hard to explain that also means it will be hard for customer to accept without understanding.

I don't know if the data you send to Analytics fall into this category, but you'd better check.

Read the recent news about request from Apple to large corporations:

h ttps://www.macrumors.com/2019/02/07/apple-makes-devs-remove-screen-recording-code/

and Apple requirement published in press release:

"Protecting user privacy is paramount in the Apple ecosystem. Our AppStore Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity."

"We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary," the spokesperson added.

At least one developer has already been told to remove the code that recorded app activities. From an email to the developer:

"Your app uses analytics software to collect and send user or device data to a third party without the user's consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity."

No the data records don't fall into any of those categories. The app just makes logs which function is called with which parameters (but only string / numeric values, no binary data involved so also no pictures). It's more like a "function xy(1, 2, 3) called" style with also logging of exception messages / stack traces. User input is only logged if it has no sensitive data (or anything that is able to identify the user). So search queries within the app are tracked.

I know the article and that is why I was thinking if this kind of analytics also falls into such a category even if it is not possible to use the data for anything else or identify the user. And it is hard to explain because most users won't understand that bug fixing and error tracking needs those kinds of logs (or at least are much much easier with them).

Also I think privacy is a important part of the digital life but does something like this really counts if it is unuseable except for bug fixing (and of course keep track which portions of the app are more frequently used over the whole user base)?

See Section 5 Legal / Privacy / Data Collection and Storage in the ASRGs.

The problem for you is in asking app review to trust what you say about what you do...they tend to side w/the user, so be ready for pushback if your scheme seems at all questionable.

As soon as you send some strings to analytics, those strings can encompass a lot of inormation.

So, I think you will have to give very serious evidence that nothing "malicious" can occur. Given the context, I fear it will be a hard time.

Good luck anyway.