Apple Shares Updated App Store Review Guidelines on Spam, Push Notifications, App Store Reviews, MDM Apps and More

[Appleman3546]

I am really surprised that dating apps are now considered spam. That would mean the entire app side of it has essentially become monopolized by key players grandfather in, forcing competition to the web instead. I don’t think this was a smart consumer focused move to automatically reject it, since dating by app has become so mainstream, but maybe a halfway ground rejecting suspiciously similar dating apps may be the better approach

 

[cmaier]

I am really surprised that dating apps are now considered spam.

That’s not at all what the rule says.

 

[Mr Staunton]

Hopefully Apple will do something about all the Apps that are flooding the store that throw adverts at you with a short mini game in between.

 

[derekamoss]

So ads in push notification now.....

 

[CarlJ]

• 4.5.4 - New language around Push Notifications says they should not be used "to send sensitive, personal, or confidential information," nor should they be used for promotions or direct marketing purposes unless customers have explicitly opted in to receive them via consent language displayed in an app's UI. Developers must also provide a method in the app to allow users to opt out of receiving such messages.

I'd really like to see this heavily enforced. There are numerous apps where I'm happy to get "your order has shipped" notifications, or others directly related to activity on my account, but I do not want tons of "We're having a sale on Diet Water!!1!" notifications.
[automerge]1583373124[/automerge]

Well, keep in mind that the OLD language just said you couldn’t use it for marketing. This new language is actually worse.

Okay, but some companies were using it for marketing. I'm hoping this plays out as, if users complain that the app is spamming then with marketing, and they either have the "yes to marketing notifications" unchecked, or there's no such button implemented in the app, then Apple can pull the app from the store until the developer fixes it.

 

[Paradoxally]

I am really surprised that dating apps are now considered spam.

The rule states that market is saturated, meaning they don't want new apps that are just like Tinder unless they offer a unique experience.

It doesn't mean all dating apps are spam. That's just silly.

 

[adib]

1.4.4 - Apps used to commit or attempt to commit crimes of any kind by helping users evade law enforcement will be rejected. (This previously was a rule limited to apps about DUI checkpoints).

Any messaging app including iMessage?

... Waze's "Traffic Police" and "Speed Camera" features?

 

[l.hughes]

5.1.5 - A rule that previously prohibited the use of location-based APIs for emergency services now says that developers can use location-based APIs to provide emergency services "only if you provide notice to your users in your app's UI that such services may not work in all circumstances."

Where are you reading this? This is directly from the review guidelines:

"Use Location services in your app only when it is directly relevant to the features and services provided by the app. Location-based APIs shouldn’t be used to provide emergency services or autonomous control over vehicles, aircraft, and other devices, except for small devices such as lightweight drones and toys, or remote control car alarm systems, etc."

 

[compwiz1202]

I wonder how this will relate to apps that help with ‘safety cameras’?

Heck Waze and other nav apps should be canned for that rule but are still around.
[automerge]1583423175[/automerge]

Hopefully Apple will do something about all the Apps that are flooding the store that throw adverts at you with a short mini game in between.

Seriously. I tried some fishing app once and got like three ads within the first 30s of play. Never deleted an app as quickly as that one. I can take ads if they are voluntary and give some boost that lasts for a reasonable amount of time.

 

[danmart]

Waze and other nav apps should be canned for that rule but are still around

In the UK the government styles them as ‘safety cameras’ which are only placed at accident hot-spots. So the argument is that it is reasonable for people to want to be informed about approaching a presumably dangerous patch of road.

By contrast I seem to recall such systems are banned in France and even having one in the car will attract a fine if the Gendarmes catch you with it.

 

[farewelwilliams]

you should treat customers with respect when responding to their comments.

This is great. I had a developer threaten me for posting a bad review. The app is "Arc App" that tracks your location. I recommend you stop using it if anyone is reading this. App actually does collect personal information and gets sent back to the developer's Firebase which goes against the developer's own privacy policy.

 

[aggiesrwe03]

1.4.4 - Apps used to commit or attempt to commit crimes of any kind by helping users evade law enforcement will be rejected.

Does this mean Waze, as is (i.e., "police reported ahead" or "speed trap reported ahead" or "red light camera reported ahead"), is on its way out? Technically Waze isn't committing any crime, but one could argue that by being so transparent with the location of 'law enforcement' it allows users to evade said law enforcement.

Same question because Google maps (which owns Waze) just enabled this feature as well. Ask most LEO’s and they consider that feature an assistance to “evasion.”
[automerge]1583448445[/automerge]

Since they’re publishing info about push notifications, does that mean Apple themselves are going to figure out push email with their own app? Bec it’s been awful for a while now. LOL

Or just fix push notifications as a whole, I have like one app where push notifications actually work reliably, and that one typically doesn’t work after an update until I open the app...
[automerge]1583448681[/automerge]

Tinder is going to stick around as it says dating apps, fortune telling, and those other categories will still be approved if they provide a high quality and unique experience.

Does that even exist because I’ve been on a few tinder dates and uhhh... 😂😂

 

[Tech198]

I wonder how these new guidelines will go with VPN apps... because technically they can be used for "both" cases.

The same used for good, can also be used for evil.. The fact you must abide by VPN providers own policy as well doesn't hold much water if all you wanna do it do it.

"5.5 - There is new language related to Mobile Device Management apps that says apps offering configuration profiles cannot use third-party analytics to collect data"

I guess i would say sharing in 'limited' cases is allowing exceptions though.. It's a start, but something that you just get bigger over time anyway...

Best way is to never allow it in the first place, if Apple can't control it.

It's one thing to enforce guidelines, but it's worth nothing if Apple honors, only to double back after the app is on the store...

Either do it pre-approval or don't don't do it all, even it it takes long to GET approved.. Do it,, because you'll only be in this ht spot of taking them down later if its wrong anyway. So, may as well follow then first

 

[Krizoitz]

Uh what are you talking about? That requirement just says Bank A needs to create a developer account themselves, go through validation, and submit the Bank A app under their own name, rather than relying on a contractor's account. It has nothing to do with APIs.

This makes it easier for them to screen out fake phishing apps, since they will automatically reject banking apps from random individual developers or some other seemingly unaffiliated company. This is largely an issue with tiny banks, like credit unions (building societies), and also small medical practices.

It also means Company X can't make a banking app against Bank A's APIs and submit to the App Store, meaning if you see a banking app for your bank it has to have been supplied by the Bank itself, and thus, is likely to be more trustworthy than Random Company X's app.

The OP is right, mandating this kind of access is insane from a security standpoint.

 

[konqerror]

It also means Company X can't make a banking app against Bank A's APIs and submit to the App Store, meaning if you see a banking app for your bank it has to have been supplied by the Bank itself, and thus, is likely to be more trustworthy than Random Company X's app.

The OP is right, mandating this kind of access is insane from a security standpoint.

Not the way I read it. The Mint banking data aggregator app provides the Mint service; it does not provide a Bank of America service, even though the Mint app talks to Bank of America APIs (via an intermediary they pay, which is what PSD2 is trying to cut out).

This is no different from e-mail. Nobody can publish a "Gmail" app other than Google, but there are tons of apps that talk to Gmail APIs.

 

[Cosmosent]

I predict Apple will ALSO "now" be Forced to RE-design / LIMIT the Burst mode feature of their native iOS Camera App:

999 photos per set x 5 MB (avg) = 4.995 GB per Max photo set !

 

[marcusmattsson]

Rule 1.4.4 is not new, it's been there at least since 2018. For instance, it's in the guidelines here: https://web.archive.org/web/20180604060822/https://developer.apple.com/app-store/review/guidelines/

 

[NetMage]

I guess I should have published my screen flashlight app (first color flashlight app on iPhone) back when the App Store opened. Maybe I can get a historical interest exception