App Store Connect - App Privacy Section

Hello Expo Team and fellow Expo app developers,

I was hoping someone could impart some wisdom in regards to the new App Privacy section in App Store Connect.

I’ve looked through all of the related guides provided on the Expo website and searched the forums but, I find the information provided is incomplete.

The section about App Privacy Questions on the Expo website explains some of the details that Apple request, however, it leaves out the section that comes up after you’ve selected Device ID as your data type.

Once you select Device ID, you are then required to set up the Device ID under the identifiers section. This section then spawns a new battery of questions that I haven’t seen before. I was unable to find information on how to approach these questions as a developer using the Expo managed workflow. My app works offline and it does not request or store any user data so my question pertains to the modules that are always included/built-in to an app that has been created via Expo managed workflow.

It would be nice to perhaps extend the App Privacy part on the Expo website to provide more guidance on this part of the process of publishing an Expo app to the App Store. For me, this is the part I’m most insecure about and, therefore, it would be the part where guidance would be most appreciated.

I’d love to hear comments from the Expo team and other developers - how have you tackled this section of App Store Connect?

subscribing, I have exactly the same question!

Hi!

This was discussed a little bit in the PR for those docs, but I can share my response here as well.

We can’t really specify answers to the additional questions because it depends on your app and how you use these libraries, which is why we include

Note: Supplement the above guidance with additional disclosures based on the data your particular app and the third-party services you use collect.

at the bottom of that section.

For instance, for expo-facebook and expo-ads-facebook, (from Facebook’s docs):

The Facebook SDK for iOS only accesses IDFAs in the following scenarios: 1) if your app serves ads within the app through Facebook’s Audience Network, or 2) if your app logs app installs or other mobile App Events in order to attribute those events to your ad campaigns.

Which means you’d select third party advertising, analytics, & app functionality if you do both 1 and 2.

If you use expo-notifications, select Device ID

Check the box for app functionality if you use expo-notifications

Hi @charliecruzan, I really appreciate your reply.

Your response reveals the root of the problem and the reason why is wanted to create a post about this originally.

If building an Expo app using the managed workflow, we are advised to:

  • Select Yes, we collect data from this app . Click Next .
  • Select Device ID
    • Managed standalone apps include the Facebook, Facebook Ads, and Google AdMob SDKs, which still access the IDFA.

And then we are requested to clarify how the Device ID is used but, we can’t because we don’t know.

Currently, I’m advised to declare that Device ID is accessed but, then in the follow up questionnaire I can’t find anything that seems to match my case.

If the above is true and my app isn’t doing either of those two things. Then why do I need to specify that Device ID is being accessed if don’t do anything that uses the Facebook SDK? Is it a case of, it is always being accessed but Facebook won’t get it until run some ads? Is it then necessary to declare it? There seems to be some nuance here that I’m not understanding.

I appreciate the Expo framework a lot and I’m posing these questions to simply undestand better. I’m not a very experienced app builder.

Thank you,
Thomas

The section you quoted above regarding the Facebook SDK (if your app serves ads within the app through Facebook’s Audience Network, or 2) if your app logs app installs or other mobile App Events in order to attribute those events to your ad campaigns.) is an example of when you would select third party advertising, analytics, & app functionality.

What libraries from Expo are you using? My guess here is that you should select “App functionality” since the Device IDs are used in expo-constants and expo-notifications for example, and those libraries are included by default in Classic Build (however once EAS Build supports managed apps, only the libraries you actually use will be included in your standalone builds, which will make this section a whole lot easier :grinning_face_with_smiling_eyes: )

Hi there! Could you please specify which ticks should I choose for the empty managed expo app?

1 Like