Apple Shares Updated App Store Review Guidelines on Spam, Push Notifications, App Store Reviews, MDM Apps and More

Apple today informed developers that it has released updated App Store Review Guidelines, with changes that cover reviews, spam, push notifications, Sign in with Apple, data collection and storage, mobile device management, and more.


Apple's new guidelines can be found on its developer website, but we've highlighted a few notable changes below.

  • 1.4.4 - Apps used to commit or attempt to commit crimes of any kind by helping users evade law enforcement will be rejected. (This previously was a rule limited to apps about DUI checkpoints).

  • 4.3 - Apple has added new content types to its "Spam" list of app categories it considers already saturated. Fortune telling and dating apps join fart, burp, flashlight, and Kama Sutra apps as apps that will be automatically rejected unless they provide a "unique, high-quality experience."

  • 4.5.4 - New language around Push Notifications says they should not be used "to send sensitive, personal, or confidential information," nor should they be used for promotions or direct marketing purposes unless customers have explicitly opted in to receive them via consent language displayed in an app's UI. Developers must also provide a method in the app to allow users to opt out of receiving such messages.

  • 5.1.1 (ix) - Apps in highly regulated fields like banking and financial services, healthcare, and air travel or that require sensitive user information should be submitted by a legal entity that provides the services and not by an individual developer.

  • 5.1.5 - A rule that previously prohibited the use of location-based APIs for emergency services now says that developers can use location-based APIs to provide emergency services "only if you provide notice to your users in your app's UI that such services may not work in all circumstances."

  • 5.5 - There is new language related to Mobile Device Management apps that says apps offering configuration profiles cannot use third-party analytics to collect data: "In limited cases, third-party analytics may be permitted provided that the services only collect or transmit data about the performance of the developer's MDM app, and not any data about the user, the user's device, or other apps used on that device. Apps offering configuration profiles must also adhere to these requirements."

  • 5.6.1 - There's a new section dedicated to ‌App Store‌ reviews that requires developers treat customers with respect when responding to comments and says custom review prompts are not allowed: "‌App Store‌ customer reviews can be an integral part of the app experience, so you should treat customers with respect when responding to their comments. Keep your responses targeted to the user's comments and do not include personal information, spam, or marketing in your response. Use the provided API to prompt users to review your app; this functionality allows customers to provide an ‌App Store‌ rating and review without the inconvenience of leaving your app, and we will disallow custom review prompts."
Apple also provided new resources and guidelines for ‌Sign in with Apple‌, which is an iOS 13 feature that's designed as a privacy-focused alternative to Sign in with Facebook and Sign in with Google options.


This article, "Apple Shares Updated App Store Review Guidelines on Spam, Push Notifications, App Store Reviews, MDM Apps and More" first appeared on MacRumors.com

Discuss this article in our forums

Vaporizer Manufacturer PAX Calls on Apple to Rethink Vaping-Related App Ban

Apple last week removed all vaping-related apps from the App Store and updated ‌App Store‌ guidelines to prohibit apps that facilitate or encourage the use of vape-related devices.

Apple never allowed apps that sold vape cartridges, but it did allow apps that offered up vape-related news or provided controls for vape devices. Some companies, such as PAX, relied heavily on Apple's ‌App Store‌ to add technology to vaporizer devices and those companies are unhappy with Apple's recent ban.


PAX today penned a missive calling on Apple to rethink its decision as PAX creates several vaporizers that are designed to be controlled and customized through iOS and Android apps. The now-banned PAX Mobile app, for example, let PAX vaporizer users do things like adjust the vaporizer temperature, set parental controls, verify the authenticity of cartridges, and change the colors of the lights on the devices.

PAX says that while it respects Apple's leadership, it is concerned with Apple's ban because it prevents consumers in legal stages from "having access to important information and the ability to better control their cannabis experience."

Apple decided to ban all vaping-related apps after the Centers for Disease Control and Prevention reported 2,172 lung injury cases linked to e-cigarette or vape products containing vitamin E acetate, found primarily in products "informally" sourced from friends, family, or in-person or online dealers.

In a statement, Apple said that it agrees with the CDC's opinion that the spread of vaping devices is a "public health crisis and youth epidemic," which is why the apps were pulled.
We take great care to curate the ‌App Store‌ as a trusted place for customers, particularly youth, to download apps. We're constantly evaluating apps, and consulting the latest evidence, to determine risks to users' health and well-being.

Recently, experts ranging from the CDC to the American Heart Association have attributed a variety of lung injuries and fatalities to e-cigarette and vaping products, going so far as to call the spread of these devices a public health crisis and a youth epidemic.

We agree, and we've updated our ‌App Store‌ Review Guidelines to reflect that apps encouraging or facilitating the use of these products are not permitted. As of today, these apps are no longer available to download.
According to PAX, it aims to deliver technology to allow adults to make "educated, informed choices." The company cites its new PodID feature, which is designed to offer consumers "unprecedented access" to the information about what is in vape pods, including strain information, cannabinoid and terpene profiles, and access to state regulated test results, which could ultimately help vaporizer users avoid illicit and dangerous cartridges.

PAX says that it is hoping to work in partnership with Apple to reconsider the decision and make the PAX Mobile app available once again "in the interest of public health and safety."

Those who have already downloaded the PAX Mobile app on iOS can continue to use it for the time being, and it's still available on Android devices. PAX says that all PAX devices can be used without the app and temperature can be changed on the device alone.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


This article, "Vaporizer Manufacturer PAX Calls on Apple to Rethink Vaping-Related App Ban" first appeared on MacRumors.com

Discuss this article in our forums

Apple Removing Vaping-Related Apps From App Store Today Amid Public Health Concerns

Apple is removing all vaping-related apps from the App Store today, according to Axios, shortly after the Centers for Disease Control and Prevention reported 2,172 lung injury cases linked to e-cigarette or vape products.


In a statement issued to Axios, Apple said it agrees with expert opinions that vaping is a "public health crisis" and a "youth epidemic":
We take great care to curate the App Store as a trusted place for customers, particularly youth, to download apps. We're constantly evaluating apps, and consulting the latest evidence, to determine risks to users' health and well-being.

Recently, experts ranging from the CDC to the American Heart Association have attributed a variety of lung injuries and fatalities to e-cigarette and vaping products, going so far as to call the spread of these devices a public health crisis and a youth epidemic.

We agree, and we've updated our App Store Review Guidelines to reflect that apps encouraging or facilitating the use of these products are not permitted. As of today, these apps are no longer available to download.
Apple had already took a step in this direction in June, when it updated its App Store Review Guidelines to indicate that apps encouraging consumption of vape products are not permitted on the App Store.

Vaping-related apps already installed on iOS devices will continue to function.

Note: This discussion thread is located in our Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


This article, "Apple Removing Vaping-Related Apps From App Store Today Amid Public Health Concerns" first appeared on MacRumors.com

Discuss this article in our forums

Apple Reverses Course and Allows Parental Control Apps to Use MDM Technology With Stricter Privacy Requirements

As one of many updates to its App Store Review Guidelines this week, Apple has indicated that parental control app developers are again permitted to use Mobile Device Management (MDM) technology in their apps, so long as they do not sell, use, or disclose any data to third parties for any purpose.


An excerpt from the newly added Guideline 5.5:
You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. MDM apps must not violate local laws. Apps offering MDM services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program.
This comes a little over a month after The New York Times reported that Apple had removed or restricted many of the most popular screen time and parental control apps on the App Store since launching its own Screen Time feature in iOS 12 last year, raising concerns over potentially anticompetitive behavior.

In response to the report, Apple said it had discovered that some parental control apps were using MDM, putting the privacy and security of children at risk.

"These apps were using an enterprise technology that provided them access to kids' highly sensitive personal data," an Apple spokesperson said in a statement issued to The New York Times on Monday. "We do not think it is O.K. for any apps to help data companies track or optimize advertising of kids."

MDM technology is intended for enterprise users to manage their company-owned devices, and Apple said the use of MDM by consumer-focused apps carried privacy and security concerns that resulted in the company addressing the situation in its App Store Review Guidelines in 2017.

Backlash quickly mounted from parental control app developers, who eventually joined together to petition Apple to "put kids first" by releasing a public API for its Screen Time for use by developers. That never happened, with Apple going down this route instead and allowing MDM usage with stricter privacy requirements.

Apple's updated guidelines also indicate that parental control apps from "approved providers" may use one of its Personal VPN APIs.

Apple has faced increasing scrutiny over its App Store and potentially anticompetitive business practices, ranging from Spotify's complaint to multiple class action lawsuits. In response, Apple said it "welcomes competition" on the App Store, which only serves to make it a "better" platform.


This article, "Apple Reverses Course and Allows Parental Control Apps to Use MDM Technology With Stricter Privacy Requirements" first appeared on MacRumors.com

Discuss this article in our forums

Apple Cracking Down on Developers Spamming the App Store With Duplicate Apps

Just one day after exposing a handful of developers spamming the App Store with duplicate VoIP apps, a clear violation of the App Store Review Guidelines, TechCrunch reports that Apple has removed many of the apps from the App Store.


However, the report notes that plenty of duplicate apps remain available in other categories, such as photo printing. MailPix Inc., for example, has released three different apps that all offer same-day photo printing at nearby CVS or Walgreens locations. All three apps appear to be virtually identical in functionality.

By releasing duplicate apps on the App Store, developers are able to game the search results by using different names, categories, and keywords.


As the report mentions, the primary issue here is that Apple is not consistently enforcing its App Store Review Guidelines, which warn developers that "spamming the store may lead to your removal from the Developer Program." This can lead to an unfair playing field for developers who do abide by the rules.

With millions of apps on the App Store, it is likely that quite a few other duplicate apps have slipped through the cracks, but hopefully the increased awareness results in Apple cracking down more on these rule-breaking developers.


This article, "Apple Cracking Down on Developers Spamming the App Store With Duplicate Apps" first appeared on MacRumors.com

Discuss this article in our forums

Apple Changes App Store Rules to Allow Users to Gift In-App Purchases to Friends and Family

Apple today made a tweak to its App Store Review Guidelines, allowing developers to implement a new feature that will let iOS users purchase in-app content as a gift.

Right now, iOS users can purchase paid apps as gifts for other iOS users, but there's no way to purchase in-app content as a gift. As more and more apps work on a free-to-try or subscription basis with various content only available through an in-app purchase, this change to the in-app purchase rules makes sense.

The new in-app purchase gifting rule is outlined in Apple's updated App Store Review Guidelines.

Before the change: "Apps should not directly or indirectly enable gifting of in-app purchase content, features, or consumable items to others."

After the change: "Apps may enable gifting of items that are eligible for in-app purchase to others. Such gifts may only be refunded to the original purchaser and may not be exchanged."

It's not entirely clear how gifting an in-app purchase will be handled, but Apple may be planning to add new in-app purchase gifting options to its App Store interface. Apple may soon send more information about the in-app purchase gifting change to developers.


Right now, to gift a paid app to a person, a user needs to open up the App Store, tap on the three dots icon next to an app's price, and choose the "Gift App..." option. This brings up an interface for sending an App Store credit for a specific app to a contact via email.


Discuss this article in our forums

All New and Updated App Store Apps Required to Have a Privacy Policy Starting October

Apple has announced that, starting October 3, 2018, all new apps and app updates will require a privacy policy in order to be submitted for distribution on the App Store or through TestFlight for beta testing purposes.


Apple already requires a privacy policy for apps that access personal information, including apps that offer subscriptions, accept Apple Pay, or use Apple frameworks such as HomeKit, HealthKit, or CareKit. Now, the requirement will extend to all apps, including basic ones that do not share data in any way.

It does not appear that existing apps on the App Store will be affected by this move until they are updated on October 3 or later, so long-outdated apps may remain without a privacy policy if they are no longer maintained.

Apple detailed the upcoming changes in the News section of its App Store Connect portal for developers on Thursday:
Starting October 3, 2018, App Store Connect will require a privacy policy for all new apps and app updates in order to be submitted for distribution on the App Store or through TestFlight external testing. In addition, your app's privacy policy link or text will only be editable when you submit a new version of your app.

To add or edit your privacy policy for the App Store:

1. Go to My Apps in App Store Connect, and click on your app.
2. Under App Store, click on App Information.
3. In the top right corner, add your privacy policy link for iOS apps or macOS apps, or enter text directly for tvOS apps.
4. Click Save.

To add your privacy policy link to your app for external TestFlight distribution:

1. Go to My Apps in App Store Connect, and click on your app.
2. Under TestFlight, click Test Information.
3. Add your privacy policy link for iOS apps, or enter text directly for tvOS apps.
4. Click Save.
Apple elaborates on its privacy policy requirements in its App Store Review Guidelines, under Section 5.1.1:
Privacy Policies: All apps must include a link to their privacy policy in the App Store Connect metadata field and within the app in an easily accessible manner. The privacy policy must clearly and explicitly:

- Identify what data, if any, the app/service collects, how it collects that data, and all uses of that data.

- Confirm that any third party with whom an app shares user data (in compliance with these Guidelines) — such as analytics tools, advertising networks and third party SDKs, as well as any parent, subsidiary or other related entities that will have access to user data — will provide the same or equal protection of user data as stated in the app's privacy policy and required by these Guidelines.

- Explain its data retention/deletion policies and describe how a user can revoke consent and/or request deletion of the user's data.
App Store Connect has long provided a privacy policy metadata field for developers to submit a link to their privacy policy webpage for iOS apps. On the Apple TV, there is no web browser, so App Store Connect has a text box for developers to past the full text of their privacy policy displayed in app.


Discuss this article in our forums

Facebook Removing Onavo VPN From App Store After Apple Says It Violates Data Collection Policies

Facebook today removed VPN app Onavo Protect from the iOS App Store after Apple decided that it violates App Store data collection policies, reports The Wall Street Journal.

Apple earlier this month told Facebook officials that the Onavo app, which serves as a virtual private network, violates June App Store rules that prevent apps from harvesting data to build advertising profiles or contact databases.


Earlier this month, Apple officials informed Facebook that the app violated new rules outlined in June designed to limit data collection by app developers, the person familiar with the situation said. Apple informed Facebook that Onavo also violated a part of its developer agreement that prevents apps from using data in ways that go beyond what is directly relevant to the app or to provide advertising, the person added.
Facebook and Apple met last week to discuss the Onavo app, and last Thursday, Apple suggested that Facebook voluntarily remove the Onavo app, which Facebook agreed to do.

Onavo, a free VPN, promised to "keep you and your data safe when you browse and share information on the web," but the app's real purpose was tracking user activity across multiple different apps to learn insights about how Facebook customers use third-party apps.

Whenever a person using Onavo opens up an app or website, traffic is redirected to Facebook's servers, which log the action in a database to allow Facebook to draw conclusions about app usage from aggregated data.

As of earlier this year, Onavo for iOS and Android had been installed on more than 33 million devices, giving Facebook a wealth of user data. Facebook was up front about the data collection in the app's description, but the data that was being collected is now above and beyond what Apple allows.
To provide this layer of protection, Onavo uses a VPN to establish a secure connection to direct all of your network communications through Onavo's servers. As part of this process, Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we're part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.
It appears that the Onavo app has indeed been removed from the App Store at this time. People who have previously downloaded the app will still be able to use it, but it will no longer be updated. Onavo for Android will continue to be available.

Customers who have installed Onavo but do not want to be tracked by Facebook should uninstall the app from their iOS or Android device.

Update: Apple provided the following statement on the removal of Onavo: We work had to protect user privacy and data security throughout the Apple ecosystem. With the latest update to our guidelines, we made it explicitly clear that apps should not collect information about which other apps are installed on a user's device for the purposes of analytics or advertising/marketing and must make it clear what user data will be collected and how it will be used.


Discuss this article in our forums

Apple Revamps App Store Guidelines, Sets New Rules for Remote Mirroring Apps Like Steam Link

Alongside the debut of iOS 12, which is available to developers for beta testing as of today, Apple has introduced new App Store Guidelines.

There are several tweaks that have been made to the App Store Guidelines, and one notable change appears to have been introduced specifically because of the Steam Link debacle that saw Apple approve and then renege on the Steam Link app for iOS.

A new guideline, 4.2.7, says that all Remote Application Mirroring apps, such as Steam Link, must comply with a specific set of rules. Such apps are not allowed to offer a user interface that resembles an App Store view or a store-like interface, nor can they include the ability to purchase software not already owned by the user. Apple is allowing transactions to be made by remote mirroring apps, as long as purchases are made on the host device rather than the iOS device.
The UI appearing on the client does not resemble an iOS or App Store view, does not provide a store-like interface, or include the ability to browse, select, or purchase software not already owned or licensed by the user. For the sake of clarity, transactions taking place within mirrored software do not need to use in-app purchase, provided the transactions are processed on the host device.
With the clarification of Apple's stance on games streamed from a PC or Mac, the Steam Link app may be able to launch on iOS devices after all. Valve has not yet commented on the policy changes, and it's not clear what Valve will need to tweak to comply with the new rules.

There are multiple other changes to the App Store Guidelines. A modified 3.1.1 rule, for example, says that non-subscription apps may offer a free time-based trial period using a free in-app purchase option that temporarily unlocks app functionality. This will allow all apps in the App Store to offer free trials, rather than just subscription apps.

Apps that offer auto-renewing subscriptions, meanwhile, are prohibited from attempting to trick users into purchasing a subscription under false pretenses or engaging in bait-and-switch practices. Such apps will be removed from the App Store.

Apps are no longer allowed to encourage users to disable Wi-Fi, turn off certain security features, and make other modifications to system settings that are unrelated to the core functionality of an app.

All apps (including third-party ads) are now forbidden from running unrelated background processes like cryptocurrency mining.

A new rule, 2.3.12, states that all apps are required to "clearly describe" new features and product changes in their "What's New" text. Apps can continue to use generic descriptions for bug fixes, security updates, and performance improvements, but anything more significant must be listed in the notes.

Apps are also now required to obtain explicit user consent and provide a clear visual indication when recording or making a record of user activity, and there's a new rule that says apps can use Unicode characters that render as Apple emojis within apps and app metadata, a change from earlier this year when some apps were rejected for using emojis in their App Store descriptions. Emojis can't be embedded directly into an app binary, however.

There are many other smaller guideline changes concerning content ratings, iCloud documents, data security, cryptocurrency, and more, with the full list of App Store Guidelines available on Apple's website.

Related Roundup: iOS 12

Discuss this article in our forums