Prepare for Apple's App Store data disclosure requirements

Apple requires developers publishing apps on the App Store to disclose certain information regarding their apps’ data use. Apple has announced that these disclosures are required for new apps and app updates starting December 8, 2020. This document contains Firebase iOS library behaviors that could require disclosure according to Apple's guidelines.

If you are using any optional product features that involve additional data or participating in any tests of new product features that involve additional data, be sure to check if those features or tests require additional data disclosures.

To ensure your app's disclosures are accurate, we recommend that you always use the latest version of each Firebase SDK.

Firebase user agent

The Firebase user agent is a bundle of information collected from most Firebase SDKs and includes the following: device, OS, app bundle ID, and developer platform. The user agent is never linked to a user or device identifier and is used by the Firebase team to determine platform and version adoption in order to better inform Firebase feature decisions.

Core

FirebaseCore

  • Does not collect data.

FirebaseCoreDiagnostics

Always collected

GoogleUtilities

  • Does not collect data, but includes networking utilities which may be used by other SDKs to collect data.

GoogleDataTransport

Includes networking utilities which may be used by other SDKs to collect data.

Always collected

A/B Testing

FirebaseABTesting

A/B Testing does not collect data, but uses data collected from Google Analytics to create and administer experiment groups. See the Analytics page for more details.

Google Analytics

Google Analytics data collection information can be found in this support article.

App Check

FirebaseAppCheck

Always collected

App Distribution

The App Distribution SDK is intended for beta testing usage only. Do not include the App Distribution SDK in your application when submitting to the App Store.

Authentication

FirebaseAuthentication

Always collected

  • Generates and stores identifiers for user authentication purposes.

Usage-dependent

  • Collects a display name, if the developer provides a display name for the user.
  • Collects users' email addresses as provided by the developer when using email password or email link authentication, or as contained in the response from a federated provider if the developer uses a federated identity.
  • Collects users' phone numbers as provided by the developer when using phone auth or if the user's phone number is added as an authentication method. Also collected during SMS-as-second-factor authentication flows.
  • Collects contact information related to third-party authentication providers if the developer uses a third-party authentication provider with Firebase Authentication. For example, a user's identifier may be linked to their Facebook profile if the developer uses Facebook authentication, depending on the scopes granted. Refer to the authentication provider's documentation for more information.
  • Stores the user's Game Center ID if the app is linked to the Game Center.

Crashlytics

FirebaseCrashlytics

Always collected

  • Collects stack traces and relevant application state when an application crashes.
  • Collects device and OS information to assist with debugging crashes.

Usage-dependent

  • Collects any custom keys, logs, and free-text user IDs that developers attach to crash reports. Also collects any developer-defined non-fatal events with custom stack traces.
  • Collects "breadcrumb" logs if Crashlytics is used together with Google Analytics. These logs identify user actions immediately before a crash along with crash counts.

Realtime Database

FirebaseDatabase

Always collected

Always collected

  • Temporarily collects device data, including the device's screen dimensions, language, OS version, bundle ID, IP address, and Firebase SDK version for deferred-deep links (deep-link post app install).

Collected by default

  • Automatically logs link interaction events via Google Analytics if the FirebaseAnalytics framework is present. To disable automatic event logging, remove FirebaseAnalytics from the app.
  • Temporarily collects the dynamic link URL in the device pasteboard, if available, on first app launch. Developers can disable the use of Pasteboard by setting the FirebaseDeepLinkPasteboardRetrievalEnabled property to NO in the app's Info.plist file.

Cloud Firestore

FirebaseFirestore

Always collected

Cloud Functions

FirebaseFunctions

Always collected

  • Collects function invocation metadata, including the function name and IP address of the function caller.

In-App Messaging

FirebaseInAppMessaging

Always collected

  • Records interactions with in-app messages. These interactions (impressions, clicks, dismissals) are recorded via Google Analytics. Interactions are also recorded by Firebase to help developers evaluate the effectiveness of messaging campaigns.

Firebase installations

FirebaseInstallations

Always collected

  • Generates per-installation identifiers that do not uniquely identify a user or physical device.
  • Collects the Firebase user agent.
  • Collects network request sender IP addresses, which may be used for debugging purposes. Collected IP addresses are retained temporarily.

InstanceID

Always collected

  • Generates per-installation identifiers that do not uniquely identify a user or physical device.
  • Generates and collects the FCM registration token, an app instance ID used by FirebaseMessaging for push notifications.
  • Records the APNs token and associates it with a Firebase instance ID (FCM registration token).
  • Collects device model, language, time zone, OS version, application identifier and application version to generate the FCM registration token.

Cloud Messaging

FirebaseMessaging

Always collected

  • Collects application identifier and application version for topic subscription and unsubscription.

Collected by default

  • Automatically logs notification interactions via Google Analytics if the FirebaseAnalytics framework is present. To disable this behavior, remove FirebaseAnalytics from your app.

Firebase ML

FirebaseMLCommon

  • Does not collect any data.

FirebaseMLModelDownloader

Always collected

  • Collects ML model download metadata, such as download events, deletion events, and errors.

FirebaseMLModelInterpreter

Collected by default

  • Collects ML inference metadata, such as inference duration and error rate. To disable, set the ModelInterpreter.isStatsCollectionEnabled property to false.

FirebaseMLVision

Collected by default

  • Collects ML Vision model metadata, such as creation and detection events. To disable, set the Vision.isStatsCollectionEnabled property to false.

Performance Monitoring

FirebasePerformance

Always collected

  • Collects IP addresses to provide geography-based segmentation of performance data.
  • Collects app performance metrics such as app launch time and network request latency, as well as developer-specified custom traces to measure app performance.
  • Collects CPU/memory usage of the application to provide a timeline view of the app’s performance.
  • Collects device information, OS information, application information to filter the performance data against different segments of devices.

Remote Config

FirebaseRemoteConfig

Always collected

Cloud Storage

FirebaseStorage

Always collected