BLOG記事

ブログ記事

bFaaaP Pager自動譜めくりアプリが発売されました。

このアプリの審査過程でAppleのreviewerからの要求についてご紹介したいと思います。

特に、bFaaaP Pagerの審査で問題となったのは「Privacy Policy」でした。iOSのアプリの40%はこの「Privacy Policy」等の法的用件でリジェクトされているそうですね。

bFaaaP Pagerでは、AR(Augmented Reality)機能を使って、顔の角度を検出して譜めくりをします。今回Appleはこの顔認識機能(TrueDepth API)を使用するアプリのPrivacy Policyを強化した様です。つまり、顔の個人識別情報のPrivacyをPrivacy Policyに盛り込む必要が今後TrueDepth APIを使用する全てのアプリに適用されるのでしょうね。AppleのReviewerからのresponseの一部です。

2. 1 Performance: App Completeness

5. 1.1 Legal: Privacy – Data Collection and Storage

Guideline 2.1 – Information Needed

We have started the review of your app, but we are not able to continue because we need additional information about how your app uses information collected by the TrueDepth API.

Next Steps

To help us proceed with the review of your app, please provide complete and detailed information to the following questions.

• What information is your app collecting using the TrueDepth API?

• For what purposes are you collecting this information? Please provide a complete and clear explanation of all planned uses of this data.

• Will the data be shared with any third parties? Where will this information be stored?

Once you reply to this message in Resolution Center with the requested information, we can proceed with your review.

Guideline 5.1.1 – Legal – Privacy – Data Collection and Storage

Your app uses TrueDepth APIs but the provided privacy policy does not include all of the information required by Guideline 5.1.1 of the App Store Review Guidelines and Section 3.3.10 of the Apple Developer Program License Agreement.

Next Steps

To resolve this issue, please update the Privacy Policy URL section of App Store Connect to link to your privacy policy and ensure it includes all of the requisite information.

If your privacy policy includes this information, please respond to this message in Resolution Center with the relevant sections quoted in your reply.

最初の情報提供の部分は各アプリごとに詳細な情報を提供することでクリアーできると思います。

問題はこのPrivacy Policyにどう対応するかですね。私の対応をご紹介いたします(一応審査は通ったのでベストではないにしろ審査はパスできたものです)。

まず、Guideline 5.1.1 of the App Store Review Guidelinesです。Linkをクリックしてください(日本語はこちらです)。

次に、Section 3.3.10 of the Apple Developer Program License Agreementです(Developerとして Sign-インする必要があります)。以下抜粋です。

3.3.10 You must provide clear and complete information to users regarding Your collection, use and disclosure of user or device data, e.g., a description of Your use of user and device data in the App Description on the App Store. Furthermore, You must take appropriate steps to protect such data from unauthorized use, disclosure or access by third parties. If a user ceases to consent or affirmatively revokes consent for Your collection, use or disclosure of his or her user or device data, You (and any third party with whom You have contracted to serve advertising) must promptly cease all such use. You must provide a privacy policy in Your Application, on the App Store, and/or on Your website explaining Your collection, use, disclosure, sharing, retention, and deletion of user or device data. You agree to notify Your users, in accordance with applicable law, in the event of a data breach in which user data collected from Your Application is compromised (e.g., You will send an email notifying Your users if there has been an unintentional disclosure or misuse of their user data).

では、このReviewerからの要求への私のresponseです。このような項目ごとに全て対応するには英語で言う(point-by-point response)の手法で英作文すると良いと思います。

Dear Reviewer,

Thank you very much for your time and advice.  Please find attached the following responses.

Here, I have provided point-by-point responses regarding Guideline 5.1.1 of the App Store Review Guidelines and Section 3.3.10 of the Apple Developer Program License Agreement.

First, please find a new Privacy Policy corresponding to each item of Guideline 5.1.1 of the App Store Review Guidelines and Section 3.3.10 of the Apple Developer Program License Agreement as follows:

” Regarding the Apps (bFaaaP Pager)

Data Collection and Storage

(i) Privacy Policy

1. What data the App collects, how it collects that data, and all uses of that data

The App uses TrueDepth APIs and collects the user’s face angle information.  This data is temporarily stored and used to turn pages of PDF file.

2. Third party with whom the data is shared.

The data is temporarily stored in your device and is not shared with any third party unless you have a prior notice.   If the data is shared with any third party, the data is provided with the same or equal protection as stated in this privacy policy and required by the Apple’s guidelines.

3. Data retention/deletion policies and how a user can revoke consent and/or request deletion of the user’s data.

Regarding our collection, use, disclosure, sharing, retention, and deletion of user or device data, we take appropriate steps to protect such data from unauthorized use, disclosure or access by third parties. If a user ceases to consent or affirmatively revokes consent for our collection, use or disclosure of his or her user or device data, we (and any third party with whom we have contracted to serve advertising) will promptly cease all such use. You can contact us at this website contact mail form.

(ii) Permission

The App temporarily collects the user’s face angle data by using the TrueDepth APIs to turn pages of PDF file on the App. If you withdraw consent or do not give a permission to use the App, delete the App from your device and all the data is deleted. The App does not collect data for a legitimate interest.

(iii) Data Minimization

The data collected by the TrueDepth APIs involves and is limited to the user’s face angle information.

(iv) Access

If you do not permit the collection of the user’s face angle data, you can touch buttons on the screen to turn pages without collecting the data.

(v) Account Sign-In

The App doesn’t include significant account-based features. You do not have to enter your personal information to sign-in.

(vi to ix)

The App doesn’t obtain passwords or private data. The SafariViewController is used to visibly present information to users.  The App doesn’t track users without their knowledge and consent. The App doesn’t compile personal information from any source that is not directly from the user or without the user’s explicit consent.  The App doesn’t provide services in highly-regulated fields (such as banking and financial services, healthcare, and air travel) or that require sensitive user information

(x) In the Event of Data Breach

We will notify our users if there has been an unintentional disclosure or misuse of their user data”.

Our Privacy Policy is provided as a link in the App and on the App Store and/or our Website explaining our collection, use, disclosure, sharing, retention, and deletion of user or device data.”

https://bfaaap.com/bfaaapについて/privacy-policy/

I hope these changes are sufficient for your review.  If there are any other issues, please let me know.

Thank you for your assistance.

Tomo

現在、Appleの全てのアプリは「Privacy Policy」がホームページ上で公開されていることが必要条件になっています。個人や会社がアプリ開発してAppleStoreでアプリを公開販売するためには、サイトを運用するかして「Privacy Policy」を作成する法的処置が必要です(また基本的に英語を含む場合は英語で公開する必要があります)。スクールに通っている生徒さんがどのようにアプリを公開するか知りませんが、スクールが法的責任を取ってアカウントと「Privacy Policy」のリンク先を使用させるのでしょうかね?無料のゲームアプリなどの運用はそれとも甘いのでしょうかね?

次回の「エンジョイSwiftUIプログラミング」は、どうしても避けて通れない「SwiftUIと英語」について感じることを書いてみますね。

関連記事一覧