Thursday, August 16, 2012

Windows 8 Certification and Privacy Statement


The Windows 8 App Certification Requirements are a necessary evil meant to protect users, but they can cause developers a few headaches. One of the requirements in particular has plagued me with failed certifications:

4.1 Your app must comply with the following privacy-related requirements:

4.1.1 Your app must have a privacy statement if it collects personal information

4.1.2 Your app must obtain opt-in or equivalent consent to share personal information


If your app uses any kind of web service, it will lik ely need to meet this requirement or fail certification. Here are some pointers to help meet the 4.1 requirement:
  • Create a web page that states your app's privacy policy and what personal information it collects. Here is an example privacy policy which I use for one of my apps that does not collect personal info.

  • If your app does NOT collect personal information, state that clearly in the privacy policy (maybe your app just calls a web service and the user is anonymous).

  • If your app DOES collect personal information, you have a bit more work to do. You should get some legal wording here from a lawyer or appropriate entity for your privacy policy. You will also need a settings mechanism to enable/disable opt-in by the user. I personally haven't had to follow this path yet so I don't have many details on this one.

  • When you submit your app for certification, and you fill out the description section of your app, be sure to enter the URL to the privacy policy you created above:



  • You will need to provide a link to the privacy policy in your Settings Panel as well. Here is an example method (XAML/C#) that adds in an entry into the Settings Panel with the text "Privacy Policy" - this is a clickable control that brings up IE with a web page containing the policy:
public static void AddSettingsCommands(SettingsPaneCommandsRequestedEventArgs args)
{
    args.Request.ApplicationCommands.Clear();

    SettingsCommand privacyPref = new SettingsCommand("privacyPref", "Privacy Policy", (uiCommand) =>
    {
        Windows.System.Launcher.LaunchUriAsync(new Uri("http://www.myserver.com/myPrivacyPolicy.aspx"< /SPAN>));
    });

    args.Request.ApplicationCommands.Add(privacyPref);
}
You would use this method from each of your pages in your app by setting up event handlers (I use the OnNavigatedTo event, and be sure to clean up your event handlers)
protected override void OnNavigatedTo(NavigationEventArgs e)
{
    SettingsPane.GetForCurrentView().CommandsRequested += GroupedItemsPage_CommandsRequested;
}
void GroupedItemsPage_CommandsRequested(SettingsPane sender, SettingsPaneCommandsRequestedEventArgs args)
{
    SettingsHelper.AddSettingsCommands(args);
}

That's should help you get your connected apps through this certification requirement... good luck!