Crashlytics and Apple Privacy Rules

[Duv Groom]

We are gathering information in order to comply with the new Apple App Privacy rules and we want to confirm what types of data are collected by Crashlytics and how are they used.

Based on the information we see on the dashboard we realized that besides the data sent by us explicitly, there are some additional data that are collected about the user. (e.g. we send no location details but in the dashboard, we can view user information by country)

Please help us clarify the following questions: 

1. What types of data are collected? Please see here the list of data that Apple is interested in: https://developer.apple.com/support/app-privacy-on-the-app-store
2. how is this data used?
3. Who else has access to it? (can be accessed/used by adobe or shared with other vendors). 
4. How are we collecting location (coarse or precise) and device id (any key that can be used to identify specific devices?

Please let us know of any other details that might seem relevant to the topic.   

Thanks!

[Alex Argo]

We were wondering the same thing too. For general Firebase apps as well. Apple defines Coarse Location as "Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services" and Precise Location as "Information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places". I presume any location that is stored would meet one of these definitions. Google probably needs a page to answer these question for Crashlytics and Firebase. Maybe even let you selection which SDKs/features you are using to get your questions answered.