12.03.2020
Data Theorem, Inc., a leading provider of modern application security, today announced its new application privacy solutions that streamline app publishers’ process to comply with Apple’s recently announced data privacy disclosure requirements for apps being distributed and sold on the Apple App Store.
Apple’s data disclosure requirements go into effect Dec. 8, with the goal of helping users understand an app’s privacy practices before they download on any Apple platform such as iPhone, iPad, MacBook, etc. The aim is for users to learn about the data types an app collects, and whether that data is shared to third party SDKs. This new requirement can be described as Apple’s privacy “nutrition labels” to be showcased in the App Store prior to downloading the app. With this change, app publishers and developers will need to provide information about their app’s privacy practices on each app’s product page, including the practices of third-party partners whose code and Software Development Kits (SDKs) are integrated into their app.
These new privacy transparency disclosures however create significant technical and potentially legal challenges for any organization which builds apps on Apple platforms and distributes through the Apple App Store. Most app publishers are not aware of which third-party SDKs are used, how many are used on a per application basis, nor what data is shared; thus, they are at risk of mistakenly misrepresenting their app data privacy disclosures required by Apple starting next week. These new requirements can lead to fines, lawsuits and significant brand damage if it’s learned a company underreported user tracking and data security concerns for apps they are selling on the Apple App Store.
“There is a significant new burden added to security and developer teams for every new application launch or update going through the Apple App Store and Mac Store,” said Doug Dooley, Data Theorem COO. “The necessary level of data tracking and reporting of an application is not there for most companies. Data Theorem has new solutions to help customers with these changes. If we can pull together as an industry, consumers of apps will be the biggest winners without hurting app publishers for improper disclosure around data privacy.”
Data Theorem helps organizations comply with Apple’s new data privacy requirements by identifying all collected data types, open source libraries, software development kits (SDKs), and embedded APIs to most accurately report an app’s data privacy requirements. Data Theorem’s Analyzer Engine has unique insights into data leaks across API services for first-party and third-party data transmissions based on the application itself. In addition, new capabilities, such as the “Privacy Toolkit” and “Data Leaks Dashboard,” make it easier to automate the discovery and inspection of third-party SDK/OS libraries so data privacy practices per application are easier to monitor and fully disclose.
All organizations publishing iOS applications are encouraged to sign up for their own customized Answer Key to help them quickly address Apple’s new data privacy disclosure requirements. For more information, see https://www.datatheorem.com/learning-center/data-privacy-answer-key.
Data Theorem’s broad AppSec portfolio protects organizations from data breaches with application security testing and protection for modern web frameworks, API-driven microservices and cloud resources. Its solutions are powered by its award-winning Analyzer Engine, which leverages a new type of dynamic and run-time analysis that is fully integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation. Data Theorem’s AppSec portfolio secures mobile apps, cloud-driven APIs, and modern web applications.