★ TouchArcade needs your help. Click here to support us on Patreon.

Collecting non-personal information without disclaimer - Legal or not?

04-25-2011, 06:49 PM
#1
Joined: Mar 2011
Posts: 50
Collecting non-personal information without disclaimer - Legal or not?

Hi Everyone,

I was wondering if it's legal to collect player's behavior information anonymously with in a game. For example, if the developer could know how many percentage of player and how much time they would spend on successfully control the main character jump to a certain place to collect a big coin, it could be helpful for the developer to tune the game better according to the behavior of real players.

And also, if you implement in-app purchase, to keep the purchase history on customized server might also be helpful if you want to push the downloaded content to player immediately after the app was installed on another device. In this case player might not have to click "Buy" and get the feedback from Apple to tell you the player have already purchased the content before downloading the content.

In the game industry, most of the big companies already implemented something similar. But they usually make a long-and-tedious-and-no-one-read-it disclaimer text which containing the data collection behavior somewhere. For small indie developers, we may not have that in our game. So, would that still be "legally" right if the game collects non-personal player behavior anonymously, but provides an option for player to turn off it, without a formal disclaimer?
04-27-2011, 03:31 PM
#2
Joined: Nov 2010
Location: alea iacta est
Posts: 1,368
Jailbroken, I can see what apps connect to the internet. And nearly every app, even extremely simple games or flashlight apps, connects to the developers website.

I don't see any problem sending out game statistics like that. The problem becomes when apps send out UDIDs, phone numbers, aurora feint would even upload your entire contact book...

04-27-2011, 03:42 PM
#3
Joined: Nov 2008
Location: Munich, Germany
Posts: 754
Send a message via Skype™ to mobile1up
Quote:
Originally Posted by w162 View Post
I was wondering if it's legal to collect player's behavior information anonymously with in a game. For example, if the developer could know how many percentage of player and how much time they would spend on successfully control the main character jump to a certain place to collect a big coin, it could be helpful for the developer to tune the game better according to the behavior of real players.
apple used to scan the app for network traffic and if you made a request over the Internet; you would have to inform the user that your application is about to make a connection over the Internet. i was just trying to find the old "rejection" email - but no avail. i think apple may have gone a bit lax on this concept with the introduction of advertising etc.. without a connection; half that stuff doesn't work.

// Aaron Ardiri
Mobile 1UP is a proud indie developer - support us!
developer of Caveman / Caveman HD and GW Series
04-27-2011, 03:49 PM
#4
Joined: Nov 2008
Location: Munich, Germany
Posts: 754
Send a message via Skype™ to mobile1up
found it..

Quote:
Dear Aaron,

Your application, xxxxxx, cannot be posted to the App Store because it violates section 3.3.6 of the iPhone SDK Agreement:

"Any form of user or device data collection, or image, picture or voice capture or recording performed by the Application (collectively “Recordings”), and any form of user data, content or information uploading, syncing, or transmission performed by the Application (collectively "Transmissions") must comply with all applicable privacy laws and regulations as well as any Apple program requirements related to such aspects, including but not limited to any notice or consent requirements. In particular, a reasonably conspicuous visual indicator must be displayed to the user as part of the Application to indicate that a Recording is taking place."

Please make it clear to the user that their personal user data is being uploaded to your server by way of an alert upon first launch or a text label before the score submission. In order for your application to be reconsidered for the App Store, please resolve this issue and upload your new binary to iTunes Connect.

Regards,
iPhone Developer Program
we were only sending over the UDID and the jailbroken status - what type of "non personal" information are you talking about? UDID is officially, unique and personal

// Aaron Ardiri
Mobile 1UP is a proud indie developer - support us!
developer of Caveman / Caveman HD and GW Series
04-27-2011, 04:17 PM
#5
Joined: Mar 2011
Posts: 50
Quote:
Originally Posted by mobile1up View Post
found it..

we were only sending over the UDID and the jailbroken status - what type of "non personal" information are you talking about? UDID is officially, unique and personal
Emm... I guess although UDID itself is not that personal, it could be still considered "personal" in some situation, since it reveals information with the device. I would suggest you sending the hash code (SHA-1 or even CRC32) of the UDID instead of the UDID itself. Nobody can decode the UDID from its hash code. Even somebody else intercepts the hash code in the transmission, they could not do any thing with that.

And other "non-personal" information I mentioned was the game progress information, like which level a player was playing, and how much time s/he spent on that, etc.

I am really curious about that - how do you know if the device is jailbroken or not?

Last edited by w162; 04-27-2011 at 04:19 PM.
04-27-2011, 04:25 PM
#6
Joined: Sep 2008
Location: Canada
Posts: 2,799
Are you using Apple's standard EULA? If so, you have your disclaimer:


Quote:
Originally Posted by LICENSED APPLICATION END USER LICENSE AGREEMENT
Consent to Use of Data: You agree that Application Provider may collect and use technical data and related information, including but not limited to technical information about Your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to You (if any) related to the Licensed Application. Application Provider may use this information, as long as it is in a form that does not personally identify You, to improve its products or to provide services or technologies to You.

 /l、
(゚、 。 7
 l、 ~ヽ
 じしf_, )ノ
04-27-2011, 07:32 PM
#7
Joined: Mar 2011
Posts: 50
Quote:
Originally Posted by starjimstar View Post
Are you using Apple's standard EULA? If so, you have your disclaimer:
Wow, that's exactly what I tried to find! Thank you so much!
04-27-2011, 08:13 PM
#8
Joined: Nov 2008
Location: Munich, Germany
Posts: 754
Send a message via Skype™ to mobile1up
Quote:
Originally Posted by w162 View Post
Emm... I guess although UDID itself is not that personal, it could be still considered "personal" in some situation, since it reveals information with the device. I would suggest you sending the hash code (SHA-1 or even CRC32) of the UDID instead of the UDID itself. Nobody can decode the UDID from its hash code. Even somebody else intercepts the hash code in the transmission, they could not do any thing with that.
even hashed; it is still unique

Quote:
Originally Posted by w162 View Post
I am really curious about that - how do you know if the device is jailbroken or not?
well; think about what happens when you jailbreak - look for a specific program (Cydia et al) and you'll be able to know for sure.

// Aaron Ardiri
Mobile 1UP is a proud indie developer - support us!
developer of Caveman / Caveman HD and GW Series