Request personal data only when your app clearly needs it. It’s natural to be suspicious of a request for personal information, especially if there’s no obvious need for it. Make sure permission requests occur only when people are using features that clearly need personal data. For example, an app might only request access to the current location when activating a location tracking feature.

Explain why your app needs the information. Provide custom text (known as a purpose string or usage description string) for display in the system’s permission request alert, and include an example. Keep the text short and specific, use sentence case, and be polite so people don’t feel pressured. There’s no need to include your app name — the system already identifies your app. For developer guidance, see Requesting Access to Protected Resources.

Request permission at launch only when necessary for your app to function. Users won’t be bothered by this request if it’s obvious that your app depends on their personal information to operate.

Don’t request location information unnecessarily. Before accessing location information, check the system to see whether Location Services is enabled. With this knowledge, you can delay the alert until a feature truly requires it, or perhaps avoid the alert altogether. For developer guidance, see Requesting Authorization for Location Services.

Use the system-provided alert. You can customize text in the standard permission alert, but avoid adding custom prompts that replicate the standard alert’s behavior or appearance.