Apple today informed developers that it has released updated App Store Review Guidelines, with changes that cover reviews, spam, push notifications, Sign in with Apple, data collection and storage, mobile device management, and more.
Apple's new guidelines can be found on its developer website, but we've highlighted a few notable changes below.
- 1.4.4 - Apps used to commit or attempt to commit crimes of any kind by helping users evade law enforcement will be rejected. (This previously was a rule limited to apps about DUI checkpoints).
- 4.3 - Apple has added new content types to its "Spam" list of app categories it considers already saturated. Fortune telling and dating apps join fart, burp, flashlight, and Kama Sutra apps as apps that will be automatically rejected unless they provide a "unique, high-quality experience."
- 4.5.4 - New language around Push Notifications says they should not be used "to send sensitive, personal, or confidential information," nor should they be used for promotions or direct marketing purposes unless customers have explicitly opted in to receive them via consent language displayed in an app's UI. Developers must also provide a method in the app to allow users to opt out of receiving such messages.
- 5.1.1 (ix) - Apps in highly regulated fields like banking and financial services, healthcare, and air travel or that require sensitive user information should be submitted by a legal entity that provides the services and not by an individual developer.
- 5.1.5 - A rule that previously prohibited the use of location-based APIs for emergency services now says that developers can use location-based APIs to provide emergency services "only if you provide notice to your users in your app's UI that such services may not work in all circumstances."
- 5.5 - There is new language related to Mobile Device Management apps that says apps offering configuration profiles cannot use third-party analytics to collect data: "In limited cases, third-party analytics may be permitted provided that the services only collect or transmit data about the performance of the developer's MDM app, and not any data about the user, the user's device, or other apps used on that device. Apps offering configuration profiles must also adhere to these requirements."
- 5.6.1 - There's a new section dedicated to App Store reviews that requires developers treat customers with respect when responding to comments and says custom review prompts are not allowed: "App Store customer reviews can be an integral part of the app experience, so you should treat customers with respect when responding to their comments. Keep your responses targeted to the user's comments and do not include personal information, spam, or marketing in your response. Use the provided API to prompt users to review your app; this functionality allows customers to provide an App Store rating and review without the inconvenience of leaving your app, and we will disallow custom review prompts."
Apple also provided new resources and guidelines for Sign in with Apple, which is an iOS 13 feature that's designed as a privacy-focused alternative to Sign in with Facebook and Sign in with Google options.
