iOS 8 Update To App Store Guidelines Means Better Privacy Protection

HealthKit App iOS 8 2014-09-03With its media event scheduled for September 9 fast approaching, Apple is working overtime to improve users’ App Store experience ahead of the iPhone 6 and iOS 8. For HealthKit, Apple released a set of developer rules in the last iOS 8 beta. Now the rules have been brought out to the App Store Guidelines in an update meant to bar the storing of user health data in iCloud. The update also added coverage for HomeKit, TestFlight, and app extensions.

For HealthKit, Apple stipulates that user data may not be gathered “from the HealthKit API for advertising or other use-based data mining purposes other than improving health, medical, and fitness management, or for the purpose of medical research.” The guidelines include scenarios in which an app will be rejected including:

  • writing false or inaccurate data into HealthKit
  • storing users’ HealthKit data in iCloud
  • sharing, without user consent, user data gathered via HealthKit with third parties
  • lacking a privacy policy
  • giving unauthorized diagnoses, treatment options, etc.

In HomeKit, similar rules were implemented. Apps must primarily be provide “home automation services”, must indicate their use of the HomeKit framework, and must provide a privacy policy. As with HealthKit, apps may not use data gathered from HomeKit for advertising or data mining. Apps that gather data for “purposes other than improving the user experience” will be rejected.

For TestFlight, the guidelines state that apps may only use the feature “to beta test apps intended for public distribution.” Builds that contain any adjustments to content or functionality must be submitted for review, and apps may not be distributed to testers in exchange for compensation–in other words, testers shouldn’t have to pay to test a beta app.

Finally, apps hosting extensions are required to provide functionality, such as help screens and additional settings, or they risk rejection. Apps may not include “marketing, advertising, or in-app purchases” in their extension view. There are several rules concerning keyboard extensions including:

  • providing a method to progress to the next keyboard
  • remaining functional without network access
  • including a primary category of Utilities and a privacy policy
  • only collecting user data to enhance the extension’s functionality on the iOS device

In another stipulation encompassing all apps, Apple states, “Apps that present excessively objectionable or crude content will be rejected.” Basically, Apple reserves the right to delete your app if it is distasteful or downright creepy.

The Apple’s meticulous curation of apps has always made its App Store user-friendly and focused on user experience. The updating of the guidelines in favor of users’ privacy differentiates Apple’s app store from those of its competitors. While Google relies on user data to rake in ad-driven revenue, Apple rejects the use of its customers’ data in such a way.