Apple Sets Privacy Rules for Third-Party Access to Live Activities and Notifications

[MacRumors]

As part of its interoperability compliance in the EU, Apple has been working on changes to iOS that allow AirPods-like pairing and notification forwarding for third-party wearables on iPhone. In the iOS 26.5 beta released on Monday, Apple added Live Activities forwarding, and the company has now revised its Developer Program License Agreement with new rules on how the forwarding features should be accessed.

In a new section titled "3.3.3 (J), Accessory Notifications Framework and Accessory Live Activities Framework," Apple says that third parties "may not use Forwarding Information for advertising, profiling, training models, or monitoring location." It also states that they "may not disseminate the Forwarding Information to any other Application, or any other device besides Your Authorized Target Accessory."

The new section goes on to state that developers can't store forwarded notification data on servers, in the cloud, or on any remote device, and the data can only be decrypted on the accessory itself, not on a server or anywhere else along the way.

Besides formatting adjustments, the forwarded information can't be altered in any way that changes its meaning, while the accessory that receives the notification can't share that data or its encryption keys with any other device, including the user's own iPhone. In other words, the data must be locked to the device it was sent to.

Even if a developer's app doesn't use these frameworks at all, Apple says it reserves the right to forward that app's notifications to a third-party accessory if the user enables it.

Last September, Apple complained that its obligations under the EU's Digital Markets Act (DMA) would cause feature rollout delays in the bloc, but it also warned of new privacy and security threats. Apple based these threats on companies' submitted requests, which included the complete content of a user's notifications, as well as the full history of Wi-Fi networks a user has joined.

Apple said it had explained the risks of such requests to the European Commission, but the concerns had not been accepted as valid reasons to turn them down. The new developer rules appear to be Apple's best effort to mitigate the risks regardless.

Taken together, they make it clear that Apple wants no tracking, no profiling, no cloud copies, and no sharing between devices, with developers bearing full responsibility for their app's compliance with the new rules.

Article Link: Apple Sets Privacy Rules for Third-Party Access to Live Activities and Notifications

 

[retroneo]

Pretty good they are maintaining end to end encryption, while adding third party device support.

 

[WarmWinterHat]

That's nice. Now enable these forwarding controls everywhere in the world.

I really hate the all-or-nothing notifications on my Garmin, so I mostly just disable them altogether.

 

[gregmancuso]

This will never fly. The EU won't be able to help them selves and will have to slap Apple on trying to be the adult in the room. How on earth could they allow Apple to implement a feature that responsibly allows for increased interoperability while maintaining privacy and security. But at the expense enforcing basic adult responsibilities on those consumers, "such as not stealing user data" and "you, mr. 3rd-party, are responsible for compliance".

/s, obviously

 

[steviewondercansee]

Nobody wants this. It's so stupid.

 

[MrSnirf]

It is fascinating to watch iOS in the EU get really good consumer friendly features while US customers get nothing but are still paying the same price they have always paid.

 

[Love-hate 🍏 relationship]

Nobody wants this. It's so stupid.

What? Why

 

[Rafagon]

No wonder Apple is so behind on the promised AI upgrades to Siri. They're busy catering to all the EU's ********.

 

[jimscard]

As part of its interoperability compliance in the EU, Apple has been working on changes to iOS that allow AirPods-like pairing and notification forwarding for third-party wearables on iPhone. In the iOS 26.5 beta released on Monday, Apple added Live Activities forwarding, and the company has now revised its Developer Program License Agreement with new rules on how the forwarding features should be accessed.

In a new section titled "3.3.3 (J), Accessory Notifications Framework and Accessory Live Activities Framework," Apple says that third parties "may not use Forwarding Information for advertising, profiling, training models, or monitoring location." It also states that they "may not disseminate the Forwarding Information to any other Application, or any other device besides Your Authorized Target Accessory."

The new section goes on to state that developers can't store forwarded notification data on servers, in the cloud, or on any remote device, and the data can only be decrypted on the accessory itself, not on a server or anywhere else along the way.

Besides formatting adjustments, the forwarded information can't be altered in any way that changes its meaning, while the accessory that receives the notification can't share that data or its encryption keys with any other device, including the user's own iPhone. In other words, the data must be locked to the device it was sent to.

Even if a developer's app doesn't use these frameworks at all, Apple says it reserves the right to forward that app's notifications to a third-party accessory if the user enables it.

Last September, Apple complained that its obligations under the EU's Digital Markets Act (DMA) would cause feature rollout delays in the bloc, but it also warned of new privacy and security threats. Apple based these threats on companies' submitted requests, which included the complete content of a user's notifications, as well as the full history of Wi-Fi networks a user has joined.

Apple said it had explained the risks of such requests to the European Commission, but the concerns had not been accepted as valid reasons to turn them down. The new developer rules appear to be Apple's best effort to mitigate the risks regardless.

Taken together, they make it clear that Apple wants no tracking, no profiling, no cloud copies, and no sharing between devices, with developers bearing full responsibility for their app's compliance with the new rules.

Article Link: Apple Sets Privacy Rules for Third-Party Access to Live Activities and Notifications

At least Apple is protecting users' privacyt when their own governments refuse to..

 

[jimscard]

No wonder Apple is so behind on the promised AI upgrades to Siri. They're busy catering to all the EU's ********.

I've been saying that for a long time -- Apple can't say it outloud, but you know that the EU has randomly added about 20% in additional scope to iOS/iPadOS 18 and 26 with all their demands. That has to come from somewhere - not to mention that addressing their demands, especially alternative marketplaces also added whole new attack trees and tons of attack surface, since the mitigations provided by app store review can't be assumed there.

 

[MrSnirf]

I've been saying that for a long time -- Apple can't say it outloud, but you know that the EU has randomly added about 20% in additional scope to iOS/iPadOS 18 and 26 with all their demands. That has to come from somewhere - not to mention that addressing their demands, especially alternative marketplaces also added whole new attack trees and tons of attack surface, since the mitigations provided by app store review can't be assumed there.

Apple is not reinventing the wheel here, those features already exist in iOS, all they need to do is give 3rd party developers the same access to API their 1st party devices and applications use. But nope they have to go make a workaround and make it unnecessarily convoluted.

Apple has over 150,000 employees, it does not take that many people to work on these things.

 

[svish]

Good to know. Looks like privacy will still be maintained while these changes are implemented.