App Store Rejection - Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing

Question

I use Firebase for user authentication, I just resubmitted my app and got the following rejection:

Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing

We noticed you do not use App Tracking Transparency to request the user's permission before tracking their activity across apps and websites. The app privacy information you provided in App Store Connect indicates you collect data in order to track the user, including Other Diagnostic Data, Audio Data, Performance Data, Crash Data, Product Interaction, Phone Number, User ID, Emails or Text Messages, Photos or Videos, and Search History.

Starting with iOS 14.5, apps on the App Store need to receive the user’s permission through the AppTrackingTransparency framework before collecting data used to track them. This requirement protects the privacy of App Store users.

Next Steps

Here are two ways to resolve this issue:

• You can remove the tracking functionality from your app and update your app privacy information in App Store Connect.
• If you decide to continue tracking users, you must implement App Tracking Transparency and request permission before collecting data used to track the user or device.

My app has no ads but I have to track users throughout the app using their userID so that I know what post belongs to which user etc etc.

If the user declines the prompt AppTrackingTransparency isn't that basically saying that I can no longer track them? I have no idea what to do here.

Here are the Privacy checkboxes that I filled out. Apparently i can change something but I don't know what to change.

Answer 1

I resubmitted my app and it got approved. Seems the key is to make sure it is only Used for App Functionality.

To make that happen I made these changes to the App Policy page in App Store Connect.

1. I clicked the blue Edit button next to each policy. Of the 10 policies, here are 4 red arrows next to 4 of the Edit buttons. Click each one for the same results for steps two, three, and four.

2. After clicking the Edit button, you will be presented with a screen with a bunch of selections, for that screen all I did was check App Functionality:

3. For the 2nd screen, I selected No, user IDs collected from this app are not linked to the user's identity.

4. For the 3rd screen I selected No, we do not use phone numbers for tracking purposes. Notice on the 3rd screen, under Definitions and Examples, it says:

Tracking does not apply in the following situations:

• When the data broker uses the data shared with them solely for fraud detection or prevention or security purposes

Here is a screen shot with it in purple underline:

5. Here are how all of my Privacy Policies look now:

5. Here is the email approval: