none
"Your app doesn't meet requirement 4.1" (Privacy) RRS feed

Answers

  • During my App Excellence Lab reviews they stated that anything that accesses the internet capability needs to have a privacy policy. You need to include it in the your App Settings section and have it in you store submission details as well. Also your settings pages should now be branded as well.

    I included a oneliner in both locations saying i don't ask for, collect, store or transmit any personal information and passed certification today.

     

    • Edited by giantveggie Friday, August 17, 2012 6:30 PM
    • Marked as answer by cs-developer Friday, August 17, 2012 6:46 PM
    Friday, August 17, 2012 6:28 PM

All replies

  • Hi,

    Without knowing the specifics of your app, I would guess that a possible place to look is how your app allows the user to log into Windows Azure CDN--i.e. does it transmit a user identity or authenticator to Windows Azure CDN?  Depending on what your app does, you may have other places where you need to consider privacy-related actions the app could be taking (even if your app's goal is not really about information sharing per-se).

    The two requirements listed under 4.1 cover privacy more comprehensively than just collecting information about a user; section 4.1.2 covers the use of information that may already be on the device, such as contacts, pictures, location, etc (all are spelled out).

    I hope this helps!

    Dan Ruder, Microsoft

    Thursday, August 16, 2012 9:53 PM
    Moderator
  • Thanks for the quick reply. The app does not logon, it accesses a public file. This is a calculator with some conversion functionality, and it needs to fetch some updated conversion tables every now and then.

    I also cannot think of anything that the app may collect.

    As you noted, the few words we received back, "Your app doesn't meet requirement 4.1", are as short as they are potentially broad. Is there a way to interact with the reviewers?

    P.S.: I resubmitted the app with a note to the testers. I don't know if this feedback can be useful to improve the store, but I only added a text note, with no other changes to the uploaded package, and it still went through "Pre-processing... Usually done within 1 hour... Security tests... Usually done within 3 hours... Technical compliance... Usually done within 6 hours..." Isn't this unnecessary, since nothing changed?

    Friday, August 17, 2012 2:11 AM
  • There are a couple of ways to fix this issue:

    1) Remove the internet capability from your app.  IP address apparently is considered PII

    If you can't do the above then

    2 a) You must host a web page with a privacy policy on a website (enter URL on the description page), AND

       b) You must list the privacy statement (or URL) in the settings page inside of your app.

    Friday, August 17, 2012 7:19 AM
  • IP address apparently is considered PII

    Yes I too think that must be it. I had read the part about the IP address, but from the perspective of a "Privacy Policy" I thought it wouldn't apply because there is no collection. However, the certification requirements write "If your app collects or transmits any user’s personal information, including an IP address".

    So will add a privacy policy (a one-liner saying that nothing is collected? we shall see) and let you know how it goes.

    Friday, August 17, 2012 1:07 PM
  • During my App Excellence Lab reviews they stated that anything that accesses the internet capability needs to have a privacy policy. You need to include it in the your App Settings section and have it in you store submission details as well. Also your settings pages should now be branded as well.

    I included a oneliner in both locations saying i don't ask for, collect, store or transmit any personal information and passed certification today.

     

    • Edited by giantveggie Friday, August 17, 2012 6:30 PM
    • Marked as answer by cs-developer Friday, August 17, 2012 6:46 PM
    Friday, August 17, 2012 6:28 PM
  • Thank you, that is the explicit and direct answer I was looking for, and your one-liner solution is similar to the one I had in mind.

    What do you mean by "your settings pages should now be branded as well"?

    Friday, August 17, 2012 6:46 PM
  • Hello cs-developer,

    Ben Grover is correct. If your app goes out to an external site for any information at all, then the user's PC can be identified by IP or MAC address. Therefore, you must include a privacy policy for this action. You must also include in your permissions that the app has permission to use the customer's internet connection. I hope this helps, let us know if you need additional information.

    Thanks,

    Jesse

    Friday, August 17, 2012 6:52 PM
  • Meaning they should reflect the style and color scheme of your app, perhaps include a logo as well so the user is comfortable and clear on which app the settings being changed belong to.

    Here is what I had done to my voice settings page after my App Excellence review

    https://skydrive.live.com/#cid=CE89993AAC5BF3C5&id=CE89993AAC5BF3C5%211954

    In contrast to the default white/black/grey default from the samples.

    -jason

    Friday, August 17, 2012 8:04 PM
  • Meaning they should reflect the style and color scheme of your app.

    I see what you mean, thanks. We always had that. The only thing that slipped through the App Excellence Lab session was the apparent need of a privacy policy.
    Friday, August 17, 2012 10:50 PM
  • At this time, there isn't a direct way to communicate with the reviewers. 

    Once you make a change to an app, however small, it goes through the full certification test.  It is necessary to test the full application in it's present state to verify there were no other changes and that the text you supplied represents the product accurately.  While it may seem redundant, our intent is to make sure that the certification process is as beneficial to you as it is to your consumers by verifying requirements that they will come to expect.  Hopefully they will enjoy your app and give you good reviews.

    Sincerely,

    Dan Ruder, Microsoft

    Saturday, August 18, 2012 12:25 AM
    Moderator
  • During my App Excellence Lab reviews they stated that anything that accesses the internet capability needs to have a privacy policy.

    Well I failed 4.1 and my app has no internet access so there's obviously more to it than that. I double checked the manifest and it is definitely not selected. I do collect trivial personal details to personalise the app and store it using the inbuilt roaming settings however...
    Tuesday, September 11, 2012 6:50 AM
  • Tuesday, September 11, 2012 2:36 PM
  • Hi Jared,

    Declaring Internet capabilities is one thing which requires a privacy policy, but it isn't the only one. It is specifically called out because it is easy to miss.

    Take a look a the Resolving certification errors documentation for suggestions of other types of information that require a privacy policy if they are collected. My guess is that your personalization information (such as the user's name) will fall in this category, so you will need to provide a policy explaining to the user how that will be used.

    --Rob

    Tuesday, September 11, 2012 7:33 PM
  • I had the same problem.

    Its fairly straightforward to add the privacy statement in the settings bar.

    		void privacy()
    		{
        SettingsPane::GetForCurrentView()->CommandsRequested += ref new TypedEventHandler<SettingsPane^,SettingsPaneCommandsRequestedEventArgs^>(
        [=](SettingsPane^ sender, SettingsPaneCommandsRequestedEventArgs^ args)
        {
            using namespace Windows::UI::Popups;
            args->Request->ApplicationCommands->Append(
                ref new SettingsCommand(
                    "MPS 2012",
                    "Privacy Statement",
                    ref new UICommandInvokedHandler(
                        [=](IUICommand^ command)
                        {
            
    auto boxOK =
            ref new Windows::UI::Popups::MessageDialog("Murton-Pike Systems Privacy Statement. \n Murton-Pike Systems Ltd. apps do not use any of your personal information.\n Murton-Pike Systems Ltd. apps do not connect to the internet to send or receive any personal information. ");
        boxOK->ShowAsync();						
                        })
                    )
                );
        });
    		}
    


    n.Wright

    • Proposed as answer by nigelwright7557 Thursday, September 27, 2012 12:34 PM
    Tuesday, September 11, 2012 11:29 PM
  • There are a couple of ways to fix this issue:

    1) Remove the internet capability from your app.  IP address apparently is considered PII

    If you can't do the above then

    2 a) You must host a web page with a privacy policy on a website (enter URL on the description page), AND

       b) You must list the privacy statement (or URL) in the settings page inside of your app.


    If I'm reading this correctly, the fact that I have ads in my app and the ads require internet capability, so this means that I have to provide one, though I have no control over what the ads SDK is doing?  Am I understanding this correctly?

    Why not give a little to [url=http://www.justgiving.com/teams/BBQGames]charity[/url]?

    Tuesday, September 18, 2012 1:03 PM
  • This seems to be a very common issue. The real problem is not the documentation, requirement or the testers, The real problem seems to be the removal of the Tasks API used under WP7.

    Mine and many similar problems are caused by the same kind of code. Basic Store/App functionality like Buy and Email us. This was handled with "Tasks" under WP7 which made the job easy - and there was no need for a "Privacy Policy". Now that we have to roll our own "Task" we need a "Privacy Policy" even if we don't. The new model is a PIA to code for no benefit and the added "Compliance with 4.1" nightmare.

    MS team, fix this.

    I've got the same damn frustration because of this type of code:

            async System.Threading.Tasks.Task EmailUs()
            {

                //EmailComposeTask ect = new EmailComposeTask();
                //ect.To = "rock.hound@live.com";
                //ect.Subject = (string)String.Format(Application.Current.Resources["AppName"] + ", " + (string)Application.Current.Resources["VersionText"]);
                //ect.Show();

                 string subject = (string)String.Format(Application.Current.Resources["AppName"] + ", " + (string)Application.Current.Resources["VersionText"]);
                 string body = "Regarding" + (string)String.Format(Application.Current.Resources["AppName"] + ", " + (string)Application.Current.Resources["VersionText"]);
                 var mailto = new Uri("mailto:?to= rock.hound@live.com&subject=" + subject + "&body=" + body);
                 await Windows.System.Launcher.LaunchUriAsync(mailto);
           }


    • Edited by j longo Monday, May 20, 2013 8:12 PM edit
    Monday, May 20, 2013 8:11 PM