App Tracking Transparency: what Data do Apps Collect and why?

App Tracking Transparency: what Data do Apps Collect and why?

The fact that apps collect users’ data brings up privacy concerns and makes us question our online safety.

To provide users more control over their data, in April 2021 Apple issued an app tracking transparency policy. Now, starting from the 14.5 iOS version, it’s mandatory to ask permission to track any data from other company’s apps or websites. The user should also be informed about what data or access to the device functionality is required by the application and what it is used for. 

You can set your online tracking preferences upon the app installation. It’s possible to review and change them later by going to Settings=>Privacy, and enable or disable tracking for all or some chosen apps. Tracking is disabled by default when Apple ID belongs to children under 18 years old, educational institutions, or if it was created not longer than 3 days ago.

Let's get in touch!

Remove any software development uncertainties through a qualified IT consultation.
Michel Rokosh
 

 

What do apps collect users’ data for?           

Why do apps collect data? And what data do apps collect?

The three main reasons for collecting or tracking users’ personal data are

  • enabling user authentication (may require name or login, e-mail address, biometrics, etc.)
  • proper app functioning, e.g.
    • messaging apps or social networks need access to the contacts list, as well as to the phone camera and microphone (for video- and voice calls and messages), to photos and documents (to be able to send them), etc. 
    • delivery and taxi apps track geolocation or require entering one’s address manually to make sure a package or a passenger arrives to their destination
    • online marketplaces ask for banking information to complete purchases 
  • data tracking by third-party services across the other apps, e.g. for adverts targeting. (Ever noticed checking out an item at an online store, and then seeing an ad with the very same item pop up on, let’s say, a news website? Yes, that’s how your tracked data was used for ad targeting to offer you exactly what you were looking for.) Apple describes more ways the tracked data can be used by third parties without users’ awareness in their pamphlet A Day in the Life of Your Data.

Besides, analytical data is often tracked to gain insights on the app performance and crash logs. Autofill hints are also based on previously collected user information.

With Apple tracking transparency, apps provide complete lists of data they collect and explain what they require it for as a part of their deployment process to the App Store. The user must be notified about third-party tracking outside the particular app and can choose if they allow it or not.

Is there any data tracking transparency for Android users?

Although Play Store hasn’t introduced its own app tracking policy, they do have certain regulations when it comes to the online safety and privacy of Android apps users.

The app developers must fill in the Google Play Data safety form at the deployment stage.

 
 

If a third-party SDK or library in your app collects or shares user data, you must reflect this collection and share in the Data safety form.

Source developer.android.com  

The recent documentation updates state that app users will be informed about how apps collect, handle, and (when applicable) share their data.

 
 

By April 2022, all developers must declare how they collect and handle user data for the apps they publish on Google Play, and provide details about how they protect this data through security practices like encryption. This includes data collected and handled through any third-party libraries or SDKs used in their apps.

Source support.google.com 

What data do the apps developed at Apiko collect and how are these data used?

examples of online tracking

Online tracking example: An emergency alert app 

An emergency alert app that we have been working on is a bright example of when access to users’ data is absolutely necessary for the app to function properly. (The name of this application cannot be mentioned here yet since it’s under NDA agreement.) I will briefly describe how it works and why it took us longer to deploy it due to app tracking transparency requirements.

The application is built around a programmable Flic smart button which is a small portable device with a height of just 8.5mm and diameter of 30mm. When a person feels or/and is in danger there may be no time to use a cell phone to call the police. That’s why we have developed an app to send immediate emergency alerts just by pressing the button. 

This simple gesture automatically triggers the mobile app to send alerts to

  1. the previously selected contacts: they receive a text message with a URL, where they can see the live status of the button holder’s location; 
  2. the previously selected contacts and the professional security service: the security service receives real-time user’s coordinates and listens to an audio stream from the button holder’s phone. Thus, in case of emergency, they are able to immediately send police to that location. 

Such an alert system allows the security service to take urgent actions and may turn out to be a life-saving solution. You can find a more detailed description of the app’s functionality in our article Emergency Alert App Development: How to Build an App With a Portable Panic Button [Case Study].

However, to make all the magic happen after pressing the button, the application needs access to user’s 

  • location (GPS coordinates)
  • microphone
  • device ID for collecting analytical data about users’ experience to further improve the app. 

And this is when the first app release was claimed not to conform to Apple's tracking transparency policy. No, the app didn’t break any laws and was totally legal. However, it was not clear to Apple why access to the data mentioned above was necessary, as it seemed to be too invasive for users’ privacy.

Our team recorded a demo video explaining how the app works, in particular, how it uses the collected user data. We had to go through the deployment process to the App Store once more, and the second time was successful.

The first release for Android users was delayed as well since Play Store limits the data the app can track when it’s used by children. As long as this emergency alert app is developed for users of all age categories, including kids, it had to be rebuilt to omit access to the device ID. As a result, now we can’t identify a user by their device number, however, the rest of the functionality works flawlessly.

Currency app

Minfin Currency app 

The main app features include

  • access to multiple currencies’ exchange rates at different banks countrywide, including cryptocurrency rates
  • currency converter
  • ability to find the location of bank departments and currency exchange services, and check their working hours
  • ability to find the nearest to the user’s location bank departments and currency exchange offices.

To begin their experience with the Minfin Currency app, the user has to agree to the app’s terms and conditions where it is stated that their in-app activity may be monitored only for Minfin’s inner purpose of improving user experience. No users’ data is tracked outside the app.

The application also asks for the user's permission to access their current location. If declined, but the user would like to e.g. find the nearest bank department, they can manually enter their current address.

Analytical data about the app user journeys is collected mostly to optimize the following application release. Information about which currencies a person was interested in, the banks they checked out, etc. may be utilized to send relevant notifications e.g. about beneficial currency exchange rate. 

You can check out the summary based on the analytical data Minfin collected last year in their blog post [originally in Ukrainian and Russian] Who shows their interest in currency and how they do it within the app. The  article features the most popular app languages, cities the app was accessed from, currencies, and banks. 

Financial apps can become popular only if they have users’ trust. It’s a good example of when the business takes time to increase trust by additionally explaining how the users’ data were used and sharing the results of their analytical research.

Let’s wrap it up

Considering all said above, app tracking transparency influences app users, app developers, and businesses behind the apps. Let’s summarise its impact from their different perspectives. 

Online tracking transparency for app users

  • spreads the awareness that their data can be collected across different applications
  • provides a possibility to block (prevent) data tracking
  • giving people more control over their data, it makes online environment a safer place

App developers are mostly going through their usual routine. Here are a couple of tips to eliminate any unforeseen complications because of app tracking transparency policy. 

  • Provide a detailed explanation of why the app requires access to certain data or device functionality
  • Demo videos are great to prove the data tracking necessity and may eventually save client’s time and money by preventing app rejection from App Store or Play Store

It’s more controversial for businesses behind the apps.

  • Those who get revenue from tracking users’ data outside their application or/and providing it to third parties find Apple's privacy policy threatening for their income (e.g. according to the Financial Times Facebook, YouTube, Twitter, and Snap have already lost about $10bn after the app tracking transparency was introduced) 
  • It may be high time to think about less invasive and more loyal ways of ads targeting
  • Explaining what the data is used for can lay a firm foundation of trusting relationships with app users

All in all, app tracking transparency is a step towards protecting privacy and online safety. What do you think about it? Let us know your opinion in the comments and feel free to contact us :)