You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Dropbox API and Apples App privacy details on the App Store
Apple requires to provide app privacy details (see https://developer.apple.com/app-store/app-privacy-details/ )
While an iOS app uses dropbox to store/read a user's data, it can provide the details for this interaction.
But for how dropbox (company) handles said data is hard to denote in the privacy details.
Probably other devs already went on the journey to collect and provide the required info on app submission to Apple App Store.
It would be great to have some info/support from dropbox to advise on how answer the questions (which might be a subset of the dropbox iOS app privacy details).
Thanks for sharing any info.
Marcus
The team has written up guidance on this for the SDKs, which you can find at the following links:
- Greg-DB
Dropbox Staff
We don't have documentation specifically for the official Dropbox iOS SDKs in particular with regard to the new Apple privacy detail requirements, but you can find Dropbox's privacy information in general here:
https://help.dropbox.com/accounts-billing/security/privacy-policy-faq
The official Dropbox SDKs don't do anything other than process API calls and app authorization flows but I'll ask the team write up some documentation for this specifically. The official Dropbox iOS SDKs are open source so they can be inspected if desired though:
Greg-DB Thanks for the reply and outlook. It would be great to get some advise on this. I am also not sure, if there is a difference in the privacy notes, if the iOS app showing the authentication dialog as part of the app (as e.g. the objc SDK does if the Dropbox App is not installed) or if it uses external Safari redirection.
- Greg-DB
Thanks for following up. This is open with the team as a request for detailed documentation for this for the SDKs in particular. I'll follow up here with any updates on that.
Thank you for addressing this. It's not only the SDKs themselves that matter here, but also what the servers do with that data. I'm sure that not only we, but all other App Store devs would appreciate it if you can provide an authoritative set of answers for Apple's data collection and tracking questions for apps that use a Dropbox SDK. This would obviously be limited to just the Dropbox interface part and may have to be extended for each individual app, but it would be a valuable baseline to start from.
Your link to Dropbox' general privacy policy is but a tiny step in that direction. This is basically telling tens of thousands of devs to all perform the same arduous task, filtering and interpreting the pages upon pages of legalese in your privacy policy into Apple's categories and terms, where your legal team could do that just once in an authoritative manner. It is also impossible for devs to discern if all the generic collection and tracking provisions detailed in the privacy policy even apply for SDK interfacing, or only when Dropbox' website or own app is being used.
At face value, it would seem that any app would have to declare the privacy provisions of the Dropbox official app as a bare minimum, which includes user tracking and other sensitive topics. That's a tough proposition for apps that strive to present themselves as respecting user privacy in the best possible way.
The delay in the response denotes Dropbox's lack of transparency. Please note that developers are responsible for the information collected by the application, including third party libraries. Even Gmail has already informed you of its privacy policy. Unfortunately if nothing is cleared up in the next few days I will be forced to remove the Dropbox integration.
Hi,
I tried to check the Dropbox App's App Privacy notes itself and see what would make sense for the App Privacy setting in the Apple App Store for an App using the SDK.
As the SDK is limited, the option to have it render an Webview to login exposes the whole Dropbox Frontend and its interaction and therefore makes this aspect a part of your own App. If you would rely on login via the installed Dropbox App, some of the elemtents below would not be needed.
Currently my selection is as follows. I added some remarks in brackets () from my interpretation.
The selection below does not reflect any of my own App's data privacy, but only the ones inherited by integrating Dropbox SDK.Also for the Data Types and content - there is a set of User Content which very much differs on your use case. My use case is "Other User Content" only, not having video/audio/photos and such.
# Data Types
7 data types collected from this app: Name, Email Address, Other User Content, User ID, Device ID, Product Interaction, Other Diagnostic Data (User Content types depend on your app's data)
# Contact Info
## Name
- Used for App Functionality (you can login to dp via webview in your app, showing names)
- Linked to the user's identity (you can login to dp via webview in your app)## Email Address
- Used for App Functionality (you can login to dp via webview in your app, showing names)
- Linked to the user's identity (you can login to dp via webview in your app, showing names)
- Used for tracking purposes (dp might use this for tracking as the main dp app does mention it)
# User Content
## Other User Content
- Used for App Functionality
- Linked to the user's identity# Identifiers
## User ID
- Used for Developer’s Advertising or Marketing, and App Functionality (guessing as dp during Login or API calls could use the data and the main dp app is listing this - e.g. bound in the access token)
- Linked to the user's identity
## DeviceID
- Used for Analytics, Developer’s Advertising or Marketing, and App Functionality (guessing as dp during Login or API calls could use the data and the main dp app is listing this - e.g. bound in the access token)
- Linked to the user's identity
- Used for tracking purposes# Usage Data
## Product Interaction
- Used for Developer’s Advertising or Marketing, App Functionality, and Analytics (guessing that API calls might be used, login also)
- Linked to the user's identity# Diagnostics
## Other Diagnostic Data
- Used for App Functionality (not sure)
- Linked to the user's identity (not sure)
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
