The App Store (iOS) is Apple’s online application marketplace for the iPhone, iPad, and iPod Touch. iOS app developers are subject to several privacy requirements in the iOS Developer Program License Agreement. The Agreement is not a public document; however, this page lists key privacy requirements for developers who wish to distribute their applications and services through the App Store. Apple also provides App Store Review Guidelines to aid registered developers in understanding the App Store’s privacy requirements.
- Consent and Use of Data: Developers and applications cannot collect user or device data without prior consent from the user, and then only to provide a service or function that is directly relevant to the use of the Application, or to serve advertising in accordance with Sections 3.3.12 and 3.3.13. . This data can only be used to provide a service or function that is directly relevant to the use of the application, or to serve advertising. You may not use analytics software in Your Application to collect and send device data to a third party. Further, neither You nor Your Application will use any permanent, device-based identifier, or any data derived therefrom, for purposes of uniquely identifying a device. Section 3.3.9
- You must take appropriate steps to protect such data from unauthorized use, disclosure or access by third parties. If a user ceases to consent or affirmatively revokes consent for Your collection, use or disclosure of his or her user or device data, You (and any third party with whom You have contracted to serve advertising) must promptly cease all such use. Section 3.3.10
- Location Data: Applications that offer location-based services or functionality must notify and obtain consent from users before the location data is collected, transmitted or otherwise used by the app. Section 3.3.14
- Also, applications cannot “interfere with any Apple implemented system alerts, warnings, display panels, [and] consent panels,” including those that are “intended to notify the user that the user’s location data is being collected, transmitted, maintained, processed or used, or intended to obtain consent for such use. If consent is denied or withdrawn, Applications may not collect, transmit, maintain, process or utilize the user’s location data or perform any other actions for which the user’s consent has been denied or withdrawn.” Section 3.3.16
- Applications may not be designed or marketed for automatic or autonomous control of vehicle behavior, or for emergency or life-saving purposes. Section 3.3.14
- Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used.
- Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected.
- Apps may ask for date of birth (or use other age-gating mechanisms) only for the purpose of complying with applicable children’s privacy statutes, but must include some useful functionality or entertainment value regardless of the user’s age.
- Apps may not send Push Notifications without first obtaining user consent. In addition, apps that require Push Notifications to function will be rejected.
- Apps may not send sensitive personal or confidential information using Push Notifications.
- Apps may not use Push Notifications to send unsolicited messages, or for the purpose of phishing or spamming. Apps cannot use Push Notifications to send advertising, promotions, or direct marketing of any kind.
- Apps that contain false, fraudulent or misleading representations or use names or icons similar to other apps will be rejected
- Advertising Identifier: Apps and any third party with whom you have contracted to serve advertising may use the Advertising Identifier, and any information obtained through the use of the Advertising Identifier, only for the purpose of serving advertising. Section 3.3.12
- If a user resets the Advertising Identifier, then You agree not to combine, correlate, link or otherwise associate, either directly or indirectly, the prior Advertising Identifier and any derived information with the reset Advertising Identifier. Further, You agree not to combine, correlate, link or otherwise associate, either directly or indirectly, any other permanent, device-based identifier with a user’s Advertising Identifier.
For Applications compiled for any iOS version providing access to the Ad support APIs:
- You agree to check a user’s Advertising Preference prior to serving any advertising using the Advertising Identifier, and You agree to abide by a user’s setting in the Advertising Preference.
- If a user has set their Advertising Preference to limit ad tracking, You may use the Advertising Identifier, and any information obtained through the use of the Advertising Identifier, only for Limited Advertising Purposes.
- The foregoing restrictions also apply to Your use of any other permanent, device-based identifiers for advertising, and any information obtained through the use of such identifiers. Section 3.3.13
Because health data can be sensitive, HealthKit grants users control over their data by providing fine-grained control over the information that apps can share. The user must explicitly grant each app permission to read and write data to the HealthKit store. Users can grant or deny permission separately for each type of data. For example, a user could let your app read the step count data but prevent it from reading the blood glucose level. To prevent possible information leaks, an app does not know whether it has been denied permission to read data. From the app’s point of view, if the app has been denied permission to read data, no data of that type exists.
The HealthKit data is not saved to iCloud or synced across multiple devices. The data is only kept locally on the user’s device. For security, the HealthKit store is encrypted when the device is not unlocked.
In addition, your app must not access the HealthKit APIs unless the app is primarily designed to provide health or fitness services. Your app’s role as a health and fitness service must be clear in both your marketing text and your user interface. Specifically, the following guidelines apply to all HealthKit apps.
- Your app may not use information gained through the use of the HealthKit framework for advertising or similar services. Note that you may still serve advertising in an app that uses the HealthKit framework, but you cannot use data from the HealthKit store to serve ads.
- You must not disclose any information gained through HealthKit to a third party without express permission from the user. Even with permission, you can only share information to a third party if they are also providing a health or fitness service to the user.
- You cannot sell information gained through HealthKit to advertising platforms, data brokers or information resellers.
- If the user consents, you may share his or her HealthKit data with a third party for medical research.
- You must clearly disclose to the user how you and your app will use their HealthKit data.
- Apps using the HomeKit framework must have a primary purpose of providing home automation services
- Apps must not use data gathered from the HomeKit APIs for advertising or other use-based data mining
- Apps using data gathered from the HomeKit API for purposes other than improving the user experience or hardware/software performance in providing home automation functionality will be rejected
- Apps in the Kids Category may not include behavioral advertising (e.g. the advertiser may not serve ads based on the user’s activity within the App), and any contextual ads presented in the App must be appropriate for kids
- Apps in the Kids Category must get parental permission or use a parental gate before allowing the user to link out of the app or engage in commerce
- Apps in the Kids Category must be made specifically for kids ages 5 and under, ages 6-8, or ages 9-11