The so-called “tracking system” is widely used in current games. This kind of system is embedded into games and sending player’s behavior (played time, game progress, etc.) to the tracking server in real-time. The server records the collected data anonymously in a database for future analysis.
The system could be very useful since it could provide valuable information for developers to improve their games, if proper data-mining process could be made. For example, if you saved every player’s position in the tracking database and found that there was none of the players had ever entered one certain area of the map, it could be a hint for certain problem which preventing player from approaching there.
However, collecting information and sending that into the internet could be a sensitive topic. And most of the big game companies hire lawyers to write long-and-tedious disclaimers where has the data collection behavior be mentioned. For indie developers, it would be quite difficult to make this kind of disclaimers and present that to player before they play the game. Would that be still legal to deploy the tracking system in games without a disclaimer?
I have not found a general answer for this question, although it should be safe to have the tracking system implemented in the App Store applications as long as you choose to use standard EULA.
On the Terms of iTunes Store / App Store, it has the following consent:
b. Consent to Use of Data: You agree that Licensor may collect and use technical data and related information—including but not limited to technical information about your device, system and application software, and peripherals—that is gathered periodically to facilitate the provision of software updates, product support, and other services to you (if any) related to the Licensed Application. Licensor may use this information, as long as it is in a form that does not personally identify you, to improve its products or to provide services or technologies to you.
In this consent, the data collection is limited to any information that does not personally identify the user. Especially, the UDID (unique device identifier) is considered as non-personal information as well, which is one of the key columns for analyzing purpose:
Collection and Use of Non-Personal Information
We also collect non-personal information − data in a form that does not permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:
■ We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.