This week, I am writing a blog post series explaining the most common certification errors when submitting an app to the Windows Store. I began the series with some general guidance and overall tips & tricks. Now I’m going through the specific requirements that fail most often, and we already covered 1.2 Fully Functional and 3.8 Performance.
Today, we will examine certification requirement 4.1: “Your app must comply with the following privacy-related requirements: Your app must have a privacy statement if it is network-capable, and your app must obtain opt-in or equivalent consent to share personal information”. Here is the description of this requirement from the certification requirements page:
“4.1 Your app must comply with the following privacy-related requirements:
4.1.1 Your app must have a privacy statement if it is network-capable
If your app has the technical ability to transmit any user's personal information, you must maintain a privacy policy. You must provide access to your privacy policy in the Description page of your app, as well as in the app’s settings as displayed in the Windows Settings charm.
App capability declarations that make your app network-capable include: internetClient, internetClientServer and privateNetworkClientServer.
Your privacy policy must inform users of the personal information transmitted by your app and how that information is used, stored, secured and disclosed, and describe the controls that users have over the use and sharing of their information, how they may access their information, and it must comply with applicable laws and regulations.
4.1.2 Your app must obtain opt-in or equivalent consent to share personal information
Your app can publish a customer’s personal information to a service or other person only after obtaining opt-in consent.
Opt-in consent means the customer gives their express permission for the requested activity, after you have:
a) Described to the customer how the information will be used or shared; and
b) Provided the customer a mechanism through which they can later rescind this permission and opt-out, while continuing to use the app.
If your app publishes a person’s personal information, but that person is not a customer, you must obtain express written consent to publish that personal information, and you must permit the person whose information is shared to withdraw that consent at any time. If your app allows a customer to access another person’s personal information, this requirement would also apply.
Personal information includes all information or data that could reasonably be used to identify a person. Examples of personal information include: contacts, photos, phone number, audio & video recordings, location, SMS or other text communication, images of the computer’s desktop or screen shots, unique identifiers based on the computer's hardware, and in some cases, combined browsing history.”
This is summarized nicely here: “If your app connects to the Internet, uses the device's camera, accesses any of the user's libraries, or collects any type of personally identifiable information (PII), you must make sure your app includes a privacy statement in your app's metadata. Customers must also be able to access the privacy statement from the Settings charm when they open your app.”
This is an extremely common reason for Windows Store submission failure. The “Internet (Client)” capability is enabled by default in the Visual Studio templates, so by default if you haven’t changed your manifest, you do have to provide a privacy policy. The capabilities are found in your Package.appxmanifest file, under the Capabilities tab:
So you have two options:
1. If you are not using the Internet, uncheck the Internet capability. I wrote a small game in which all of the images and resources are packaged locally; it doesn’t need to reach out to the Internet at all. Therefore, I don’t need the Internet capability or a privacy policy. No user data is collected.
2. If you are using the Internet, camera, user libraries, etc., provide a privacy policy. A privacy policy explains to your users what data you collect and what you are doing with it.
Your privacy policy needs to live online somewhere. It does need to be online rather than packaged into your app, because a user shouldn’t have to download and install your app to read your privacy policy. It should be available to read before download, so that a user can make an informed decision on whether he/she wants your app.
So, this could be as simple as a blog post entitled “Privacy Policy for <Name of Your App>”. (If you don’t have a blog, you can get one for free at WordPress or Blogger.) Now, what should the privacy policy include? From http://msdn.microsoft.com/en-us/library/windows/apps/hh921583.aspx:
“In general, an acceptable privacy policy is one that:
- Informs users of the personal information collected by your app
- Informs users how that information is used, stored, secured, and disclosed
- Describes the controls that users have over the use and sharing of their information
- Describes how users can access their information
- Complies with applicable laws and regulations
Beyond these general guidelines, we do not provide a sample or a template for a privacy policy.
If you do not actually collect or store personal info from users, say so in your privacy policy.”
The last bit is important – if your app accesses the internet but doesn’t transmit any user data, you still need a privacy policy just to state that you aren’t collecting, transmitting, or storing anything.
Next, after you have written and posted your privacy policy online, you need to surface it to the user in two places. First of all, the URL is requested in the “Description” section of the Store submission process, and will be displayed in your app’s listing page in the Windows Store.
Secondly, you must provide a link to the privacy policy in the settings of your application (accessed through the Settings charm). Here is an example in one of my favorite games, Wordament:
If you are unfamiliar with how to code integration with the Settings charm in Windows 8, here are some resources to help you:
- App settings sample on MSDN. This sample demonstrates how to use the ApplicationSettings API and settings flyouts to integrate an app's settings UI with the Settings charm. It is available in C#, JavaScript, C++, and VB.NET.
- Contoso Cookbook demo: This is a hands-on lab that you can download as part of the Windows 8 Camp in a Box. There are two downloads available: choose Win8CS.Setup.exe to get the hands-on labs in C# and XAML, or choose Win8JS.Setup.exe to get them in JavaScript and HTML. Specifically, Lab 6 deals with developing a settings pane that is invoked through the Settings charm.
- Callisto: This is a XAML toolkit for Windows Store apps created by Tim Heuer. It contains support for a SettingsFlyout class in XAML.
Finally, requirement 4.1.2 says that if you do collect personal information, the user has to give consent to share this information. Your application can fail certification if it appears to share personal information without explicit consent. Remember that “personal information” covers a wide variety of data that could be used to later identify the user, like email address, photos, location, etc. Lastly, don’t forget to provide a way for the users to opt-out later too, if they change their minds.
Tomorrow, we will discuss the last major certification failure: localization.