Apple Improves User Data Privacy in New App Store Guidelines

Apple released new App Store Guidelines earlier this week. The new guidelines focus heavily on the importance of transparency into the functions of the apps and privacy for users and their data. Apps must make their purpose very obvious and clear for users.

This may be a trend across the tech industry, as Google recently announced its efforts to “improve extension transparency” for its users. While Google wants users to know what the extensions do before installing, Apple’s announcement is more focused on data collection and privacy.

Apple App Store Guidelines Heavy on Data Privacy & Security

After the Facebook data scandals earlier this year, Apple’s CEO Tim Cook has been very outspoken about privacy. What better time than now to announce higher standards for user data protection.

1.6 Data Security

Apps should implement appropriate security measures to ensure proper handling of user information collected pursuant to the Apple Developer Program License Agreement and these Guidelines (see Guideline 5.1 for more information) and prevent its unauthorized use, disclosure, or access by third parties.

Apple is doubling down on data privacy and security. One of the key takeaways is that apps should not collect user data to create data profiles that they then use to target ads. It is interesting though that Apple is prohibiting app developers from collecting information for analytics. However, companies will be able to collect this information in anonymized or aggregated form.

(iii) Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way.

(iv) Do not use information from Contacts, Photos, or other APIs that access user data to build a contact database for your own use or for sale/distribution to third parties, and don’t collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing.

(v) Do not contact people using information collected via a user’s Contacts or Photos, except at the explicit initiative of that user on an individualized basis; do not include a Select All option or default the selection of all contacts. You must provide the user with a clear description of how the message will appear to the recipient before sending it (e.g. What will the message say? Who will appear to be the sender?).

Apple Bans On-Device Cryptocurrency Mining on iOS and macOS

Another issue that Apple addresses in its new guidelines is cryptocurrency mining using someone’s iOS or macOS device. Apps that mine cryptocurrency directly from a user’s device do so by hijacking that device’s CPU. While iPhones and iPads don’t offer much computing power alone, if an app were able to build a substantial user base, they could have a network of mining devices.

This move by Apple comes after Google and Facebook have both banned cryptocurrency ads from their ad networks.

More Internet Companies Need To Embrace This Shift

Apple is not the first company to prioritize user privacy and data security, however its move into the space will likely cause a lot of smaller players to follow suit. In order for privacy to become accessible to everyone, it needs to be enabled by default. If having privacy on the internet means you have to give up usability and features, people will opt for convenience every time.

Search Encrypt strives to deliver search privacy in a convenient and easy to use package. Rather than putting the responsibility on our users to adjust their settings to be more private, Search Encrypt enables privacy by default.