GWUSEC Privacy Label Observatory Wiki

After 2021, Apple Store required apps updating or being put on the app store for the first time to specify privacy labels. The various choices made by developers of apps are reflected here, whether it be underreporting data or reporting well, and the reasons behind each.

We collected snapshots of the privacy labels of 1.6+ million apps.

Initially, these runs were collected once a week. However, once sufficient data had been collected, the data has been scraped at a monthly pace.

Additional Resources

For more information on Privacy Labels and the research behind the conception of the Observatory, peruse the following at your leisure:

How to Use this Website

Dashboard: As the name states, it's a dashboard for all statistical data that has been done on the apps that have been collected from the Apple Store, from longitudinal data to more specific distinctions across categories.

Search: At your perusal, feel free to search our database of apps that we've collected. View the privacy data of your app in a new way, or select apps that other users are searching for.

App: Once you find the app that you would like to view, choose to either view a condensed view of data that your app has access to, or expand to view extensive details about what permissions your app has access to. Additionally, travel through the history of the app and view what permissions have changed over time.

But what are privacy labels?

Privacy labels are basically nutrition labels, where the app must indicate what data is collected and used compactly.

Data Used to Track YouData collected may be used to track users across apps and websites owned by other companies, including sharing data with third-party advertising networks and data brokers.Data Linked to YouData is collected and is linked to the user’s identity.Data Not Linked to YouData is collected but is de-identified or anonymized and is therefore not linked to the user’s identity.Data Not CollectedWhen an app has a label with the Data Not Collected Privacy Type, it implies that it does not collect any data from the user, and therefore does not include other Privacy Types.

Apple's Data Categories

Contact Info
  • Name: Such as first or last name
  • Email Address: Including but not limited to a hashed email address
  • Phone Number: Including but not limited to a hashed phone number
  • Physical Address: Such as home address, physical address, or mailing address
  • Other User Contact Info: Any other information that can be used to contact the user outside the app
Health & Fitness
  • Health: Health and medical data, including but not limited to data from the Clinical Health Records API, HealthKit API, Movement Disorder API, or health-related human subject research or any other user-provided health or medical data
  • Fitness: Fitness and exercise data, including but not limited to the Motion and Fitness API
Financial Info
  • Payment Info: Such as form of payment, payment card number, or bank account number. If your app uses a payment service, the payment information is entered outside your app, and you as the developer never have access to the payment information, it is not collected and does not need to be disclosed.
  • Credit Info: Such as credit score
  • Other Financial Info: Such as salary, income, assets, debts, or any other financial information
Location
  • Precise Location: Information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places
  • Coarse Location: Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services
Sensitive Info
  • Sensitive Info: Information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places
Contacts
  • Contacts: Such as a list of contacts in the user’s phone, address book, or social graph
User Content
  • Emails or Text Messages: Including subject line, sender, recipients, and contents of the email or message
  • Photos or Videos: The user’s photos or videos
  • Audio Data: The user’s voice or sound recordings
  • Gameplay Content: Such as saved games, multiplayer matching or gameplay logic, or user-generated content in-game
  • Customer Support: Data generated by the user during a customer support request
  • Other User Content: Any other user-generated content
Browsing History
  • Browsing History:Information about content the user has viewed that is not part of the app, such as websites
Search History
  • Search History: Information about searches performed in the app
Identifiers
  • User ID: Such as screen name, handle, account ID, assigned user ID, customer number, or other user- or account-level ID that can be used to identify a particular user or account
  • Device ID: Such as the device’s advertising identifier, or other device-level ID
Purchases
  • Purchase History: An account’s or individual’s purchases or purchase tendencies
Usage Data
  • Product Interaction: Such as app launches, taps, clicks, scrolling information, music listening data, video views, saved place in a game, video, or song, or other information about how the user interacts with the app
  • Advertising Data: Such as information about the advertisements the user has seen
  • Other Usage Data: Any other data about user activity in the app
Diagnostics
  • Crash Data: Such as crash logs
  • Performance Data: Such as launch time, hang rate, or energy use
  • Other Diagnostic Data: Any other data collected for the purposes of measuring technical diagnostics related to the app
Surroundings
  • Environment Scanning: Such as mesh, planes, scene classification, and/or image detection of the user’s surroundings
Body
  • Hands: The user’s hand structure and hand movements
  • Head: The user’s head movement
Other Data
  • Other Data Types: Any other data types not mentioned