iOS privacy nutrition labels match actual data collection

Apple reviews nutrition label accuracy both during the review process and in response to user reports filed through the App Store. Mismatches like declaring analytics as 'Data Not Linked to You' while calling setUserId() expose you to enforcement and rejection on every subsequent update. Under Apple's App Privacy guidelines (external apple-app-privacy) and GDPR Art.13, users have a right to accurate disclosure of what data is collected and how it is linked to their identity. A mislabelled label is not a minor oversight — Apple has removed apps and forced resubmission for label inaccuracies.

Use Xcode's App Privacy Report on a real device (Settings → Privacy & Security → App Privacy Report) to see what data your app actually accesses at runtime. Cross-reference every third-party SDK's published nutrition label documentation — Google, Meta, and most major SDKs publish these.

For fastlane users, keep nutrition label declarations in fastlane/metadata/ios/ and audit them before every submission. Pay particular attention to analytics: if setUserId() or any equivalent identify() call exists in the codebase, analytics data is linked to the user and must be declared as 'Data Linked to You.'

• ID: privacy-nutrition-labels

• Severity: high

• What to look for: Count all relevant instances and enumerate each. Examine App Store Connect metadata (if available in fastlane/metadata/, store-listing/, or a .plist submission file). Compare declared data uses to actual code behavior. Specifically look for: "Data Used to Track You" — must include any data sent to ad networks or data brokers; "Data Linked to You" — must include account-linked data like email, purchase history, user ID; "Data Not Linked to You" — crash data, analytics sent without a user ID. Common mismatches to look for: app uses Firebase Analytics with user ID linking (setUserId()) but declares analytics as "Not Linked to You"; app has an ad network initialized but does not declare "Identifiers > Advertising Data" under "Data Used to Track You"; app collects location but declares it only under "Precise Location" when the actual usage is coarse/approximate. If no store metadata files are found, check the privacy policy for declared types and compare to code.

• Pass criteria: Declared App Store privacy nutrition labels (or privacy policy declarations) align with the data types actually collected and linked to users in the codebase. At least 1 implementation must be verified. A partial or placeholder implementation does not count as pass.

• Fail criteria: A declared category is inconsistent with code — e.g., analytics declared as anonymous when setUserId() is called; tracking declared absent when an ad SDK reads IDFA.

• Skip (N/A) when: App targets Android only with no iOS build target.

• Detail on fail: "Firebase Analytics initializes with setUserId() — analytics data is linked to the user, but no 'Analytics > Other analytics data > Linked to You' is declared in App Store metadata" or "No store metadata directory found — cannot verify nutrition label accuracy; recommend manual review before submission"

• Remediation: Apple reviews nutrition label accuracy during the review process and in response to user reports.

  1. Use Xcode's App Privacy Report (on a real device: Settings → Privacy & Security → App Privacy Report) to see what data your app actually accesses
  2. For each third-party SDK, check its App Store privacy nutrition label documentation — Google, Meta, and most major SDKs publish these
  3. When using fastlane, keep nutrition label declarations in fastlane/metadata/ios/ and review them before every submission

  Review the configuration in src/ or app/ directory for implementation patterns.