Apple is cracking down on apps that don’t communicate to users how their personal data is used, secured or shared. In an announcement posted to developers through the App Store Connect portal, Apple says that all apps, including those still in testing, will be required to have a privacy policy as of October 3, 2018.
Allowing apps without privacy policies is something of an obvious hole that Apple should have already plugged, given its generally protective nature over user data. But the change is even more critical now that Europe’s GDPR regulations have gone into effect. Though the app makers themselves would be ultimately responsible for their customers’ data, Apple, as the platform where those apps are hosted, has some responsibility here, too.
Platforms today are being held accountable for the behavior of their apps, and the data misuse that may occur as a result of their own policies around those apps.
Facebook CEO Mark Zuckerberg, for example, was dragged before the U.S. Senate about the Cambridge Analytica scandal, where data from 87 million Facebook users was inappropriately obtained by way of Facebook apps.
Apple’s new requirement, therefore, provides the company with a layer of protection – any app that falls through the cracks going forward will be able to be held accountable by way of its own privacy policy and the statements it contains.
Apple also notes that the privacy policy’s link or text cannot be changed until the developer submits a new version of their app. It seems there’s still a bit of loophole here, though – if developers add a link pointing to an external webpage, they can change what the webpage says at any time after their app is approved.
The new policy will be required for all apps and app updates across the App Store as well as through the TestFlight testing platform as of October 3, says Apple.
What’s not clear is if Apple itself will be reviewing all the privacy policies themselves as part of this change, in order to reject apps with questionable data use policies or user protections. If it does, App Store review times could increase, unless the company hires more staff.
Apple has already taken a stance on apps it finds questionable, like Facebook’s data-sucking VPN app Onavo, which it kicked out of the App Store earlier this month. The app had been live for years, however, and its App Store text did disclose the data it collected was shared with Facebook. The fact that Apple only booted it now seems to indicate it will take a tougher stance on apps which are designed to collect user data as one of their primary functions going forward.