Your app does not follow the App Store Review Guidelines - Bugsnag

I just got this mail below today from App Store.
I like to know if it is a standard message to everyone. Or because I get the user name and address for a order to send invoice after purchase. I store this data in firebase. I also via api get som information about invoices from the financial Accounting.

Subject:
Your app, Pyntecover, does not follow the App Store Review Guidelines.
Message:

Dear Martin,

Your app, Pyntecover, app Apple ID: xxxxxxx, does not follow one or more of the App Store Review Guidelines.

For details, or to contact App Store Review, visit Resolution Center in App Store Connect.

Best regards,
App Store Review

Hello,

When you submitted your app, you answered questions about your app’s privacy practices in App Store Connect. There are possible issues with the information you gave. You indicated that your app does not collect or track device or user data. However, your app integrates code from or communicates with third-parties that appear to collect and track this data, including, but not limited to, Bugsnag.

You need to provide accurate information about your app’s privacy practices, including the practices of all the third-party partners your app interfaces with, like ad networks, analytics tools, and SDKs. Doing so will help you avoid rejections on future submissions. If you don’t know what data your third-party partners collect or if they track your users, please contact them or refer to the documentation they’ve made available.

We have not rejected your submission, but this message will remain in Resolution Center for your reference. You do not need to reply after making the appropriate changes. We appreciate your efforts to comply with our
Best regards,

App Store Review

i received notification from apple that my app is collecting data. I am not collecting any data. It states that a third party app called bugsnag is collecting data so i need to update my privacy information to let users know what is being collected. Can anyone help with what this is, can i remove it or what data is being collected so i can let users know? Thanks.

Following.
I received an email from Apple stating the same thing.

Hi all,

I got the same message from apple, saying that my privacy statement is not correct (I have two apps in the App Store, every app must provide a privacy statement). They say I collect data by bugsnag, I think this is a library automatically included by thunkable in the process of building an app.

So, is there a way to get more information, so I can update my privacy practices, or is there a way to get rid of bugsnag, whatever it does for me?

Oh oh! I just searched for “BugSnag” in my app’s APK and found multiple references to it. If it is collecting information without us knowing then we are subject to lawsuits since our apps Privacy Policies do not mention BugSnag as a personal data processor, something which is extremely dangerous in the European Union where the GDPR applies. I think Thunkable should explain what is going on here.

Also: bugsnag at DuckDuckGo

“Error Monitoring & App Stability Management”

I just got it too.

I believe Thunkable has to be 100% clear about all this!

i confirme this too

got it also

That happens to me too.

I have 2 active applications in the app store and in both of them I received the statement. I would like to know what happens.

Ditto. I’m pissed about this. I can’t take much more of this BS. This is absurd.

Mar 9, 2021 at 1:42 PM

From Apple

• Issues with your app privacy details on the App Store

Hello,

When you submitted your app, you answered questions about your app’s privacy practices in App Store Connect. There are possible issues with the information you gave. You indicated that your app does not collect or track device or user data. However, your app integrates code from or communicates with third-parties that appear to collect and track this data, including, but not limited to, Bugsnag.

You need to provide accurate information about your app’s privacy practices, including the practices of all the third-party partners your app interfaces with, like ad networks, analytics tools, and SDKs. Doing so will help you avoid rejections on future submissions. If you don’t know what data your third-party partners collect or if they track your users, please contact them or refer to the documentation they’ve made available.

We have not rejected your submission, but this message will remain in Resolution Center for your reference. You do not need to reply after making the appropriate changes. We appreciate your efforts to comply with our guidelines and look forward to reviewing your future submissions to the App Store.

Learn more about app privacy details on the App Store and how to update privacy information in App Store Connect.

Best regards,

App Store Review

@jane @domhnallohanlon @Steven

This seems big. Perhaps not in reality but maybe you guys can shed some light on this?

Has anyone experienced this? I did not use anything outside of thunkabel. Is there a privacy suggestion or documentation?

When you submitted your app, you answered questions about your app’s privacy practices in App Store Connect. There are possible issues with the information you gave. You indicated that your app does not collect or track device or user data. However, your app integrates code from or communicates with third-parties that appear to collect and track this data, including, but not limited to, Bugsnag.

You need to provide accurate information about your app’s privacy practices, including the practices of all the third-party partners your app interfaces with, like ad networks, analytics tools, and SDKs. Doing so will help you avoid rejections on future submissions. If you don’t know what data your third-party partners collect or if they track your users, please contact them or refer to the documentation they’ve made available.

We have not rejected your submission, but this message will remain in Resolution Center for your reference. You do not need to reply after making the appropriate changes. We appreciate your efforts to comply with our guidelines and look forward to reviewing your future submissions to the App Store.

This message has also been sent to me

I got the same message wondering if was my privacy policy but now that i see others got the same message i dont know

Received the same today. Grateful for a quick answer.

Thanks for getting in touch about this folks - sounds like quite a few of you got a bit of a surprise from Apple today.

Since we’re also app publishers ourselves (Thunkable Live in the App Store) we can definitely relate to what it’s like to get a notification like this.

To be fair to Apple, they are fantastic advocates for the privacy of their users and as I’m sure everyone is aware by now, are rolling out several privacy related updates across their software.

Thankfully this seems to be a case of “no harm, no foul” as they mention in their email.

If you’re on a tight deadline please add a link to the Bugsnag privacy policy to your own privacy policy:
https://docs.bugsnag.com/legal/privacy-policy/

If you can bear with us for another day or so we’ll be able to provide a fuller list and hopefully some further guidance on the requirements as we get caught up with this latest update.

Personally, I don’t want a “full list”. I want it removed. I don’t want ANY tracking.

Ok, let’s examine how “no harm, no foul” this situation is:

(tl;dr: We may be in deeeeeep trouble)

According to Recital 61 of the General Data Protection Regulation (the GDPR):

“The information in relation to the processing of personal data relating to the data subject should be given to him or her at the time of collection from the data subject”

In plain English: We cannot inform our users AFTER we have processed their personal information. If we now add a reference to BugSnag’s privacy policy in our app’s privacy policy we are in fact admitting to have violated the GDPR for every single person who has already used our app. Not adding it just means that we are violating it anyway but just not advertising it. It is as simple as that.

Reading BugSnag’s privacy policy, I understand that BugSnag is the Data Processor and does not control what personal information is processed. This is done by the Data Controller which I guess is Thunkable. According to paragraph 3.2 of the BugSnag privacy policy:

“Bugsnag itself does not collect this end user Personal Information provided with Event Data and Bugsnag has no direct relationship with these individuals. For example, a Customer may direct Bugsnag to log certain software application’s end user information associated with Event Data, such as the end user’s device ID, email and name. Bugsnag is a data processor and follows the instructions of the Customer in these cases.”

So the question to Thunkable is: What personal information is collected through BugSnag as a result of adding it to every single app we have published? How have you configured BugSnag on that aspect? We need to know! You need to be 100% transparent on this. If it is IMEI, IP address, Device Brand, Model, Location… We need to have the full list.

After we get an answer on the above, we will request additional information to assess the damage, if any.

It helps to get the information about what is collected, but can you also explain what it is and what it does. I think we should understand that something like this is going on. Thanks.

I could not agree more with this. There must be a clear distinction between our relationship with Thunkable and Thunkable’s relationship with the individuals which use our apps (which should be ‘no relationship at all’). I read Thunkable’s privacy policy and it is only addressed to “you” or “your data” (meaning, the person reading the privacy policy) which is us, the users of the Thunkable platform. There is no reference to Thunkable being the controller of personal information relating to the individuals who use our apps! I am curious to read Thunkable’s response with the complete list of our users data collected through our apps without us knowing but definitely, I would like to see BugSnag being completely removed from any apps we develop moving forward.