Apple's New App Store Guidelines Restrict Apps From Harvesting Data From iPhone Users' Friends

Jun 12, 2018 2:13 pm PDT by Juli Clover
Apple last week updated its App Store Review Guidelines for developers after unveiling iOS 12, introducing rules for remote mirroring apps, banning cryptocurrency mining, and introducing clear rules to allow developers to provide free trials for paid apps.

At the same time, Apple also quietly expanded its data sharing rules, as Bloomberg points out, introducing strict new guidelines that prevent app developers from collecting user data to build advertising profiles or contact databases. The rules also prohibit apps from harvesting data from an iPhone user's contacts. From Apple's updated 5.1.2 data sharing guidelines:
(iii) Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an "anonymized," "aggregated," or otherwise non-identifiable way.

(iv) Do not use information from Contacts, Photos, or other APIs that access user data to build a contact database for your own use or for sale/distribution to third parties, and don't collect information about which other apps are installed on a user's device for the purposes of analytics or advertising/marketing.

(v) Do not contact people using information collected via a user's Contacts or Photos, except at the explicit initiative of that user on an individualized basis; do not include a Select All option or default the selection of all contacts. You must provide the user with a clear description of how the message will appear to the recipient before sending it (e.g. What will the message say? Who will appear to be the sender?).
The wording of the updated 5.1.2 guideline puts an end to secretive data collection techniques, where developers collect data from an iPhone user's contacts and then use it for marketing and advertising purposes. In the past, developers have used iPhone contact lists, which include phone numbers, email addresses, photos, and other information, for unsavory advertising and data collection purposes.

One developer explained to Bloomberg just how much data was accessible and how easily it could be obtained and abused without Apple's knowledge:
"The address book is the Wild West of data,'' the iOS developer said. "I am able to instantly transfer all the contacts info into some random server or upload it to Dropbox if I wanted to, the very moment a user says okay to giving contacts permission. Apple doesn't track it, nor do they know where it went.''
Developers are now expressly forbidden from using apps to build user profiles and contact databases and from misusing contact information and other sensitive user data. Apple has also prohibited apps from sending out mass texts to a user's contact list without explicit user permission. Developers who are caught breaking Apple's new data sharing rules may be banned from the App Store.

The full App Store Guidelines for developers can be viewed on Apple's website.

Top Rated Comments

(View all)

22 months ago
So this means Facebook is banned, yeah? lol
Rating: 16 Votes
22 months ago
This is why I almost always say "no" when apps ask for access to my contacts. It feels like selling out my friends.
Rating: 13 Votes
22 months ago
This is excellent. I usually forbid apps from accessing my contacts unless I really know the app.
Rating: 11 Votes
22 months ago
So they're going to remove Facebook from the App Store right?

EDIT: Or I declare hypocrisy!
Rating: 7 Votes
22 months ago
Unfortunately the cat is out of the bag on this one...but better late than never. All our contact info has been shared by our friends to every big and medium sized company on the planet by now.

As others ask, guess Facebook, Instagram, and WhatsApp will be banned now?
Rating: 5 Votes
22 months ago
Great deal. Far too many apps allowed your friends to determine if they shared YOUR details. Nothing like someone you haven't seen since high school giving your contact information and all kinds of other stuff to some random advertiser.
Rating: 5 Votes
22 months ago
Does anyone know the specifics of what data/fields are shared/uploaded when agreeing to share iOS contacts with an app or service? Is it just the contact’s Name, Number & Email or is everything uploaded, Notes, Photos, Address, etc?
Rating: 4 Votes
22 months ago

Yeah, I think Apple should list out what fields are shared when you agree to those requests for data. Like when you use an App what data about your device do developers get to know about?

Absolutely! In fact, Apple, iOS should enable a way for users to select/prevent specific contacts and/or groups of contacts from being shared at all (family, kids, etc) as well as options to prevent specific contact data/fields from being shared at all (like Notes, Address, Photos, Secondary numbers/emails, etc)!
Rating: 4 Votes
22 months ago
They should also narrow down the permissions to specifics.
E.g. when you want to share an image from an app, that app shouldn't have to have read/write/delete permissions to all your storage. Just get permission to upload that one image, that one time.
Rating: 4 Votes
22 months ago
Facebook, Messenger, Instagram, Snapchat, Amazon, Google Maps/Voice/Docs/etc

Ban em all
Rating: 3 Votes

[ Read All Comments ]