Blog Post Feature: Purpose Strings
App Rail helps you to protect user privacy and provide the required information for App Review by making it simple for App creators to explain their need to access to sensitive user or device data with purpose strings for iOS.
What are purpose strings and why are they needed? Apple says:
Purpose strings explain to a person why you need access to protected resources on their device.
Protected resources can be anything from location access to photos, calendars or push notifications.
Lets explore how App Rail makes it simple for App creators to inform users about how protected resources will be used in their App.
App Definition
To illustrate this feature we will create an App which uses a map to show ambulance drivers where patients are located in order to plan their trips efficiently. The map will display the user's current location.
In order to show the user's current location the map requires location permissions. The location permission dialog will be shown in a system view. App developers are required to define the reason for requesting this permission
Creating an App
Creating a new App in App Rail is simple. App creators click create App, then set their project name.
Adding a Plugin
In order to add a map to our App we need to add the Maps plugin. We can then drag a Map step from the toolbox into our App design. Configuring the map is easy - we ask it to show the current user location, and add patient visits to the map using a dummy name, and a latitude and longitude.
Exporting the App
Exporting your App from App Rail is simple. Here we are downloading the App as an Xcode project. There are other options available including exporting directly to Github.
Using Xcode you can open and run the App.
Privacy and App Rail
Regarding privacy, Apple says:
The App Store is designed to be a safe and trusted place for users to discover apps created by talented developers around the world. Apps on the App Store are held to a high standard for privacy, security, and content because nothing is more important than maintaining users’ trust.
Enhancing user privacy through transparency is one of the design principles of App Rail. For example, App Rail exports Apps that are NHS Digital Technology Assessment Criteria (DTAC) compatible. You can read more about the DTAC here.
Final Result
Here is the final result. The purpose string we entered into App Rail is shown in the system dialog. How does this work? Plugins in App Rail can define which protected resources they need to access. When you export your App, App Rail consolidates which protected resources are required and prompts you to enter purpose strings. These are automatically added to the Info.plist file in your project. Sometimes you also need to update an Entitlements file - App Rail handles this too!
If the App user chooses they can grant the App access to their location. The benefit they gain from this permission is clear. Here is the video of the full Patient Locations App.