Apple Sets Trend, Demands All Apps Have Privacy Policy

Does your iOS app have a privacy policy? A landing page? If not, you’re going to need one very soon.

Starting October 3, all apps distributed through the App Store and via Apple’s TestFlight beta testing distribution channel must have a privacy policy. If it’s an iOS or macOS app, the policy must be hosted online and linked within the app’s settings. However, tvOS apps can host privacy policy text directly within the app, as there’s no method to visit a website from Apple TV.

Previously, a privacy policy was limited to apps with a subscription model. It’s another measure to call out bad actors. In the switch to 64-bit binaries, Apple relied on an update cycle to weed out ‘zombie’ apps that hadn’t been touched in years. This privacy policy ploy is similar: Current apps won’t be pulled from circulation, but any app update submitted after October 3 will require a hosted privacy policy.

The move also corresponds to the release of the next version of iOS, Apple’s mobile operating system. Apple’s latest iPhones are shipping to users soon, along with a litany of app updates, as well as the final version of iOS 12.

Normally, updates for new hardware encompass new screen sizes or something similarly simple. Now, they’ll also have a privacy policy.

It’s important to note that Apple isn’t mandating what your privacy policy must be. Instead, Apple is asking developers to be clear about what info an app may collect, and how it’s used. There are some parameters, though.

According to section 5.1 of the App Store Review Guidelines, which was refreshed just after the keynote at WWDC 2018, apps can’t collect data without permission, and “should not attempt to surreptitiously build a user profile based on collected data.” Furthermore, any app that collects data for use by third parties (analytics tools, open-source libraries, etc.) must ensure those partners adhere to the same privacy policy as the app.

It’s a continuation of Apple’s “be good to users and each other” dictum for developers. Section 5.5 of the App Store Review Guidelines – completely new in the wake of WWDC 2018 – is an actual code of conduct for developers. It underscores why a privacy policy is important:

Customer trust is the cornerstone of the App Store’s success. Apps should never prey on users or attempt to rip-off customers, trick them into making unwanted purchases, force them to share unnecessary data, raise prices in a tricky manner, charge for features or content that are not delivered, or engage in any other manipulative practices within or outside of the app.

We’d be remiss not to point out how this feels like a heavy dose of side-eye toward Facebook. “Make sure outside partners share your privacy goals” and “don’t build profiles surreptitiously” are both things Facebook recently made headlines for doing. You should also expect Google to follow Apple’s lead at some point, which will make it nearly impossible for nefarious apps to hide in plain sight.

Related