
用户必须授予应用访问个人信息的权限,包括当前位置,日历,联系信息,提醒和照片。虽然人们很欣赏使用可以访问此信息的应用程序的便利性,但他们也希望能够控制其私有数据。例如,人们喜欢能够使用自己的实际位置自动标 记照片或找到附近的朋友,但他们也希望选择禁用此类功能。


仅在您的应用明确需要时才会请求个人数据。对个人信息的请求持怀疑态度是 很自然的,特别是在没有明显需要的情况下。确保仅在人们使用明确需要个人 数据的功能时才会发出权限请求。例如,应用可能仅在激活位置跟踪功能时请 求访问当前位置。

解释您的应用需要信息的原因。提供自定义文本(称为目的字符串或用法说明 字符串)以显示在系统的权限请求警报中,并包含一个示例。保持文字简短和 具体,使用句子,并礼貌,所以人们不会感到压力。无需包含您的应用名称- 系统已标识您的应用。有关开发人员指导,请参阅<u>保护用户的隐私</u>



不要不必要地请求位置信息。在访问位置信息之前,请检查系统以查看是否已 启用位置服务。有了这些知识,您可以延迟警报,直到功能真正需要它,或者 完全避免警报。要了解如何实现位置功能,请参阅MapKit位置和地图编程指南


Protecting the User’s Privacy

Secure personal data, and respect user preferences for how data is used.



Designing for user privacy is important. Most Apple devices contain personal data that the user doesn’t want to expose to apps or to external entities. If your app accesses or uses data inappropriately, the user might stop using your app and even delete it from their device.

Access user or device data only with the user’s informed consent obtained in accordance with applicable law. In addition, take appropriate steps to protect user and device data, and be transparent about how you use it.



Review Guidelines from Government and Industry Sources

Consult these documents:

  • [Mobile Privacy Disclosures: Building Trust Through Transparency]. The Federal Trade Commission’s report on mobile privacy.

  • [Opinion 02/2013 on Apps on Smart Devices]. The EU Data Protection Commissioners’ opinion on data protection for mobile apps.

  • [Privacy on the Go: Recommendations for the Mobile Ecosystem]. The California State Attorney General’s recommendations for mobile privacy.

  • Smartphone Privacy Initiative (2012) in [English] or [Japanese] and Smartphone Privacy Initiative II (2013) in [English] or [Japanese]. The Japanese Ministry of Internal Affairs and Communications’ Smartphone Privacy Initiatives.



  • 移动隐私披露:通过透明度建立信任。联邦贸易委员会关于移动隐私的报告。
  • 关于智能设备上的应用程序的意见02/2013。欧盟数据保护专员对移动应用程序数据保护的意见。
  • 旅途中的隐私:有关移动生态系统的建议。加利福尼亚州总检察长对移动隐私的建议。
  • 智能手机隐私倡议(2012)在英国或日本在和Smartphone的隐私倡议II(2013)英语或日语。日本内务和通信省的“智能手机隐私权倡议”。

Request Access Only When Your App Needs the Data

Request access to sensitive user or device data—like location, contacts, and photos—at the time your app needs the data. Supply a purpose string (sometimes called a usage description string) in your app’s Info.plist file that the system can present to a user explaining why your app needs access. Provide reasonable fallback behavior in situations where the user doesn’t grant access to the requested data. For more details, see [Requesting Access to Protected Resources].



Be Transparent About How Data Will Be Used

For example, when you submit your app to the App Store, specify a URL for your privacy policy or statement as part of your App Store Connect metadata. You can also summarize that policy or statement in your app description.


例如,当您将应用程序提交到App Store时,请为您的隐私权政策或声明指定URL,作为App Store Connect元数据的一部分。您还可以在应用说明中总结该政策或声明。

Give the User Control Over Data and Protect Data You Collect

Respect the user’s preferences, and take reasonable steps to protect the data that you collect in your apps:

  • Provide settings that allow the user to disable access to sensitive information. The operating system does this automatically for protected system resources—like location, contacts, and health data—through the Privacy menu of the Settings app. Extend this behavior to any data you cache from these sources or collect directly. For example, if your users build a social media profile containing personal information, offer them a way to delete the data (including any server copies you have).

  • When storing files in iOS, use the strongest data protection level that works for your app, as described in [Encrypting Your App’s Files . Use App Transport Security when sending user or device data over the network, as described in [NSAppTransportSecurity]

  • If your app uses theclass, respect the value of its Advertising Tracking property. If the user sets that property to false, then use the class only for limited advertising purposes, like frequency capping, attribution, conversion events, estimating the number of unique users, advertising fraud detection, and debugging. See the AdSupport framework for additional information.

  • If you must identify users persistently, use the Fo property of the class or the property of theclass.



  • 提供允许用户禁用对敏感信息的访问的设置。操作系统通过“设置”应用程序的“隐私”菜单自动为受保护的系统资源(例如位置,联系人和健康数据)执行此操作。将此行为扩展到您从这些来源缓存或直接收集的任何数据。例如,如果您的用户构建了包含个人信息的社交媒体配置文件,请向他们提供一种删除数据(包括您拥有的任何服务器副本)的方法。

  • 在iOS中存储文件时,请使用适用于您的应用程序的最强数据保护级别,如加密应用程序的文件中所述。如NSAppTransportSecurity中所述,在通过网络发送用户或设备数据时使用App Transport Security 。

  • 如果您的应用程序使用该类,请尊重其属性的值。如果用户将该属性设置为false,则该类仅用于有限的广告目的,例如频次上限,归因,转化事件,估算唯一用户的数量,广告欺诈检测和调试。有关其他信息,请参见AdSupport框架。ASIdentifierManagerisAdvertisingTrackingEnabledASIdentifierManager

  • 如果你必须识别用户坚持,使用的财产类或对财产类。identifierForVendorUIDeviceadvertisingIdentifierASIdentifierManager

Use the Minimum Amount of Data Required

Request and use the minimum amount of user or device data needed to accomplish a given task. Don’t seek access to or collect data for unnecessary or non-obvious reasons, or because you think it might be useful later.

If your app supports audio input, configure your audio session for recording only at the point where you actually plan to begin recording. Don’t configure your audio session for recording at launch time if you don’t plan to record right away. The system alerts users when apps configure their audio session for recording and gives the user the option to disable recording for your app.





