コベリンの id:takkumattsu です。
今回は自分たちがリリースしたiOSアプリでリジェクトをくらったのでその内容と対応方法を展開します。
概要
とある顔認識を利用したアプリをストア申請した際、顔データを利用しているがそのプライバシポリシーがないということを理由にリジェクトされました。
抵触したガイドラインは以下です
- App Store Review Guidelines
Guideline 2.1 - Information NeededGuideline 5.1.1 - Legal - Privacy - Data Collection and Storage
- Apple Developer Program License Agreement
3.3.10 You must provide clear and complete information to users regarding Your collection, use and disclosure of user or device data
実際のリジェクトされた時の内容
Guideline 2.1 - Information Needed We have started the review of your app, but we are not able to continue because we need additional information about how your app uses face data. Next Steps To help us proceed with the review of your app, please provide complete and detailed responses to the following questions. • What face data is your app collecting? • For what purposes are you collecting this information? Please provide a complete and clear explanation of all planned uses of this data. • Will the data be shared with any third parties? Where will this information be stored? • Which are the relevant sections of your privacy policy that explain collection, use, disclosure, sharing, and retention of face data? • Please quote the specific language in your privacy policy that concerns face data. Once you reply to this message in Resolution Center with the requested information, we can proceed with your app's review. Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage Your app includes a facial manipulation feature but the provided privacy policy does not include all of the information required by Guideline 5.1.1 of the App Store Review Guidelines and Section 3.3.10 of the Apple Developer Program License Agreement. Next Steps To resolve this issue, please update the Privacy Policy URL section of App Store Connect to link to your privacy policy and ensure it includes all of the requisite information. If your privacy policy includes this information, please respond to this message in Resolution Center with the relevant sections quoted in your reply. Resources For your convenience, we’ve included Section 3.3.10 of the Apple Developer Program License Agreement below: 3.3.10 You must provide clear and complete information to users regarding Your collection, use and disclosure of user or device data, e.g., a description of Your use of user and device data in the App Description on the App Store. Furthermore, You must take appropriate steps to protect such data from unauthorized use, disclosure or access by third parties. If a user ceases to consent or affirmatively revokes consent for Your collection, use or disclosure of his or her user or device data, You (and any third party with whom You have contracted to serve advertising) must promptly cease all such use. You must provide a privacy policy in Your Application, on the App Store, and/or on Your website explaining Your collection, use, disclosure, sharing, retention, and deletion of user or device data. Since your App Store Connect status is Metadata Rejected, we do NOT require a new binary. To revise the metadata, visit App Store Connect to select your app and revise the desired metadata values. Once you’ve completed all changes, reply to this message in Resolution Center and we will continue the review.
結論
アプリで顔データを利用している場合はプライバシポリシーに以下を記載する必要があります。
- 利用用途
- 共有、保存、第三者への提供の有無等
今回のアプリの場合以下をプライバシポリシーに追記して返信しました。
顔認識について 1. 顔認識データの利用目的 - 顔(目、鼻、口のデータ)を認識して顔を装飾するために利用しています。 2. 顔認識のデータの取り扱いについて -顔認識データは、特定の個人を識別するために使用することはできず、開示、共有、保存は一切行っておりません。
実際の文言とは違いますがざっくりこんな感じの内容です。 上記を追記して返信した結果、レビューが通り無事リリースできました🎉
補足
補足として今回のアプリがどんなアプリかというと顔の特徴点を利用して顔を装飾するアプリです。
こういうタイプのアプリをリリースする際はプライバシポリシーに顔データの利用用途と共有、保存、第三者への提供の有無を記載しないといけないみたいなので気をつけましょう!
内容的には↓のQiitaと同じになります。
