Apple has announced a series of updates to its App Store Review Guidelines including a change that will allow parental control apps to use MDM technology with strict privacy restrictions. This follows accusations that the company was removing rival apps from the App Store following its launch of Screen Time.
The new guidelines listed below are now enforced for new and existing apps, unless otherwise indicated:
● Guidelines 1.3 and 5.1.4. In order to help keep kids’ data private, apps in the kids category and apps intended for kids cannot include third-party advertising or analytics software and may not transmit data to third parties. This guideline is now enforced for new apps. Existing apps must follow this guideline by September 3, 2019.
● Guideline 4.7. HTML5 games distributed in apps may not provide access to real money gaming, lotteries, or charitable donations, and may not support digital commerce. This functionality is only appropriate for code that’s embedded in the binary and can be reviewed by Apple. This guideline is now enforced for new apps. Existing apps must follow this guideline by September 3, 2019.
● Guideline 5.1.3(i). Apps may use a user’s health or fitness data to provide a benefit directly to that user, such as a reduced insurance premium, if the app is submitted by the entity providing the benefit and the data is not shared with a third party. The developer must also disclose to the user the specific health data collected from the device.
● Guideline 5.1.1(vii) (New). Apps that compile information from any source that is not directly from the user or without the user’s explicit consent, even public databases, are not permitted on the App Store.
● Guideline 5.1.1(i). Apps must get consent for data collection, even if the data is considered anonymous at the time of or immediately following collection.
● Guideline 1.1.3. Apps may not facilitate purchase of ammunition.
● Guideline 4.2.7. Remote desktop clients now include game consoles owned by the user. Software appearing in the client must be fully executed on the host device.