If you're developing an app that requests camera access, you're asking your users to place a lot of trust in you.
You also enter into some perilous territory regarding privacy law and your agreements with service providers that make your app function.
When requesting such sensitive access to a user's device, you must ensure you do everything right to respect their privacy and fulfill your legal obligations.
One of our many testimonials:
- 2.1. Disclosing Your Use of Camera Access
- 2.2. Additional Information Required By Apple and Google
- 2.2.1. Types of User Data You Collect
- 2.2.2. How You Collect User Data
- 2.2.3. How You Use the User Data You Collect
- 2.2.4. How You Share User Data
- 2.2.5. How Long You Retain User Data
- 2.2.6. How Users Can Access or Delete Their Data
- 2.3. Additional Information Required By Privacy Law
- 3. Getting Consent for Camera Access
- 3.1. Getting Consent on iOS
- 3.2. Getting Consent On Android
- 5. Summary
There are two main reasons for this: privacy law, and the terms of your mobile platform provider.
- United Kingdom (UK): Despite Brexit, the GDPR still applies in the UK, along with the Privacy in Electronic Communications Regulations (PECRs) (which regulate device access) and the Data Protection Act 2018.
There are many other locations with similar privacy laws. For more information, see our article: Privacy Laws By Country.
This rule now forms part of Apple's App Store Review Guidelines:
- First, we'll explain how you should disclose to users how and why your app uses camera access
- Second, we'll explain the other information you need to include under your agreements with Apple and/or Google
Disclosing Your Use of Camera Access
- A disclosure of the fact that your app requests camera access
- An explanation of your purposes for requesting camera access
- An explanation that you request consent for camera access
- Information about revoking consent, and what might happen if consent is withdrawn
- If you have users in the EU, European Economic Area, or the UK: Your "lawful basis" for requesting camera access (which must be "consent," under Apple and Google's terms)
Here's how Snap, maker of Snapchat, discloses its use of camera access, explains its purposes for requesting camera access, and what will happen if consent is withdrawn or refused:
These examples demonstrate how some Privacy Policies refer to camera access, but camera data is likely to appear in a list of many other types of data your app collects, as we'll see below.
Additional Information Required By Apple and Google
You must meet these requirements in order to use these companies' APIs or have your app hosted on their distribution platforms (the Apple App Store and the Google Play Store).
Types of User Data You Collect
Data from the user's camera is one of many types of user data your app probably collects.
Note, however, that you should only collect the user data you need for a specific purpose. Don't collect excessive or unnecessary data.
- IP address
- Operating system
- Device ID
- Any information volunteered by the user, including name, alias, email address, login details, payment info
All of the above types of user data are considered "personal information" under many privacy laws, including the CCPA and the GDPR.
Here's how Life360 lists the types of user data its app collects, which includes the user's camera roll:
How You Collect User Data
You must explain how your app collects data from the user's device.
Broadly speaking, there are two ways in which an app might collect data from the user:
- Automatically (e.g. by using cookies and other technologies)
- Voluntarily (e.g. when the user creates an account)
Many Privacy Policies combine this section with the section above, explaining what types of user data the app collects, and how each type of data is collected.
Here's an example from Contently:
How you draft these clauses is up to you, so long as you include the relevant and required information.
How You Use the User Data You Collect
Just as you have explained your purposes for accessing the user's camera, you must also explain how you use all the various types of user data you collect.
Here's how Flipboard does this:
Note that in addition to the broad categories of uses of information we've underlined in this excerpt, Flipboard also goes into detail about the implications for its users.
How You Share User Data
You probably share user data with third parties such as analytics and advertising providers, payment processors, and cloud storage companies.
Some service providers, including Apple and Google, require you to name their services specifically, and even to include certain information about how they will process the user data they receive.
For example, here's how ResApp Health explains it shares data with Google Analytics for Firebase:
If you're developing an iOS app, Apple has a somewhat complicated additional requirement here, detailed in its App Store Review Guidelines:
Above, Apple requires that you:
- Adhere to Apple's requirements when collecting, using, and storing user data
- Require all third-party recipients of user data to offer equally good protection to any user data you share with them
Here's how Crazy Labs does this:
Again, it's best to take a conservative approach in this area. If you can store user data on the user's device, do not transfer it to a third party unless it's necessary for a specific, legitimate purpose.
How Long You Retain User Data
You should explain how long you will store user data.
You should only store user data for as long as you need it to fulfil a specific purpose. This might not be determined in months or years, but instead by reference to a given event (e.g. "we will erase your account data when you delete your account").
Here's how FaceApp explains its data retention period for camera data:
Note that in addition to stating the time period for which photo data will be retained, FaceApp also explains why it stores photo data for that period.
How Users Can Access or Delete Their Data
You should explain how users can access or delete the data you hold on them.
Many apps provide controls in the "Settings" menu, allowing users to access and erase their personal information, or withdraw consent for certain activities (such as marketing).
Here's how Spotify explains the various ways in which users can exercise control over their personal information:
Apple only requires you to explain how the user can access their data if you provide a means for them to do so.
However, in the spirit of transparency and good customer service, we'd advise you to comply with data access requests even if you don't "need" to.
Additional Information Required By Privacy Law
We've covered the basic information required for iOS and Android apps under your agreements with Apple and/or Google.
Return to our earlier section on privacy law compliance to check which privacy laws apply to your app. We have guidance on creating Privacy Policies that comply with many major markets.
Getting Consent for Camera Access
As noted above, access to a device's camera is, rightly, considered a sensitive permission by both Apple and Google. Therefore, you cannot access the device camera without requesting consent.
We're now going to briefly look at how to do this.
Getting Consent on iOS
The following guidance from Apple confirms that explicit consent is required to access a device's camera and/or microphone:
Note that you will only need to request consent the first time your app accesses the camera.
The first step to integrate a consent mechanism into your iOS app is to include the NSCameraUsageDescription key in your Info.plist file:
Note that you must include a message explaining the purposes for which your app requires camera access. This is consistent with the GDPR's principle of transparency, and the CCPA's "notice at collection" requirement.
Your app must verify the user's authorization (consent) status before capturing images via the camera, using the AVCaptureDevice authorizationStatus(for:) method.
If the user invokes a function of your app that requires camera access, but they have not authorized this permission request, their status will be AVAuthorizationStatus.notDetermined. Use the requestAccess(for:completionHandler:) to request consent again.
Note that saving media to the device requires a separate permission:
Getting Consent On Android
Google provides some basic principles when requesting app permissions:
Note that principles two and three are closely linked to the GDPR's model of consent. Consent must be "freely given." Unnecessarily withdrawing all usage of your app if a user refuses consent would violate this principle.
Requesting camera permission on Android requires that you place a
<uses-permission/> element in your app manifest. Camera access is a "dangerous permission" and thus you must obtain explicit consent before accessing it.
Because you only require consent the first time your app accesses the camera, your app must also check the permission status whenever it accesses the camera:
You must also implement an educational UI to explain why you require camera access:
Explaining why you need a permission makes it more likely that the user will consent, according to research from Carnegie Mellon University.
Explaining why you're collecting personal information is also a legal requirement under certain privacy laws, such as the GDPR and the CCPA.
And here's how the link appears in the Gumtree app:
- Describe the types of data your app collects, including that it requests camera permission
- Explain how your app collects user data, including via the camera
- Explain how you use the data your app collects
- Explain how you share the data your app collects
- Disclose how long you retain the data your app collects
- Explain how users can access and/or delete the data your app collects
- Check which privacy laws you must comply with, and include any additional information required