16 May 2013
Update on Corona and COPPA, Privacy Policies
In the last two days we’ve heard that a number of developers (Corona and otherwise) have questions about data collection in their apps and how this relates to COPPA. So this is a great time to do an update post on this and make completely sure all Corona developers know where we stand. We posted about privacy policies back in December, and will also address that here.
I would also recommend that anyone interested in this topic read this blog post by ACT 4 Apps for a general overview and to understand what constitutes Personally Identifiable Information.
I will approach this in 3 sections:
1) Data collected by Corona Labs – We have always been very clear that we collect basic information from Corona-based apps via our “LaunchPad analytics”. The information collected includes:
- Device type and OS
- An app identifier – this is a string that identifies the Corona app. It does not include any end user info.
- App session time and lengths – this is data on the end user’s usage of the app, but not any personal info.
- IP address – this is the IP address related to the user’s phone connection to the Internet
- Hashed/anonymized MAC address – this is an identifier of the end user’s device
Please note that we no longer collect UDIDs, although the *anonymized* MAC address does serve as a device identifier. All data collection for analytics purposes needs some type of device identifier, otherwise the data would be almost useless.
VERY IMPORTANTLY, IT HAS ALWAYS BEEN POSSIBLE TO TURN COLLECTION OF THIS DATA OFF. This is documented in several places, but here I will direct you to the Analytics section of our Project Configuration guide.
The way to turn this data collection off is by adding the following code to your app’s config.lua file:
launchPad = false,
Once your app includes that line of code, CORONA LABS DOES NOT COLLECT ANY DATA from your end users’ app sessions.
One final point on this: even in the cases when we do collect this data (i.e., when you have not turned it off), we NEVER share this data with any third parties. The data is only used as a way to give you basic analytics on your apps and by us in aggregate form to get some basic data on the Corona ecosystem.
2) Data collected by 3rd party services – Of course, Corona allows you to use a number of 3rd party services (e.g., ad networks, analytics services, etc.). We cannot control what data those services may or may not collect. It is up to you, the app developer, to make sure you know what data those 3rd parties collect and act accordingly.
If you turn off the Corona “LaunchPad analytics” but still decide to use a 3rd party service, it is possible that you are sending data to those 3rd parties via their libraries/SDKs even if we (Corona Labs) are not collecting any data.
3) Privacy policies – Finally, as we mentioned back in December, we think it is important for all developers to know what data they are using/sending and to have privacy policies that accurately reflect this.