Apple Pulls Back Curtain on App Store Review Process

If you’ve ever submitted an iOS app and been rejected, it’s not as rare as you may think. According to an Apple lawyer, about one-third of apps submitted to the App Store are turned away.

House Republicans on the Energy and Commerce Committee last month asked Apple about surreptitious tracking on iPhones. The panel wanted to know whether iOS allowed apps and developers to collect and use data “in ways that consumers do not expect.”

In a 19-page letter to the committee, Apple’s director of federal government affairs, Timothy Powderly, laid bare the company’s privacy policies for third-party apps, and said a ton of apps are rejected:

The App Review team reviews more than 100,000 submissions per week, and rejects approximately 36,000 of those submissions.

The government’s query came on the heels of reports that Android devices were capable of data collection via the microphone, whether or not Google Assistant was triggered. Both Google and Apple were asked to comment. A spokeswoman for the committee told The Washington Post that “both companies have been cooperative thus far,” though Google’s response seems unclear; the report indicates that the search-engine giant has asked for a deadline extension.

In its letter, Apple also explained how its App Store review process works. While many view it as a black-box process where some random reviewer pulls a ticket (and there’s a ‘luck of the draw’ aspect to everything), the reality is far more logical. Apple has “specialists trained in the skills required” for app categories.

Those ‘specialists’ also “have access to software and tools that identify certain processes and methods that are known to violate the App Store Review Guidelines.”

We’ll assume this is the same tooling Apple uses to discover white-label apps, which probably identifies the same code structure and semantics. Pre-fabricated code is useful for making an app quickly, but also good for using the same script to sidestep best practices for security. API access is another feature these reviewers likely look for.

Powderly didn’t provide background on the App Store review process, but the structure he describes was probably introduced just over two years ago. In May 2016, iOS App Store review times were getting noticeably faster, down to two days from over a week. Dedicated experts examining code with tools designed to catch bad actors would almost certainly accelerate the app review process.

While the government’s inquiry is focused on voice assistants such as Siri (which has no direct weak points for handling user data, as you might expect), a glimpse behind the curtain into the App Store review process is nice. At least you know the person rejecting your app has some background in the subject matter, and isn’t making it up as they go along.

Related

2 Responses to “Apple Pulls Back Curtain on App Store Review Process”