Apple Reverses Course and Allows Parental Control Apps to Use MDM Technology With Stricter Privacy Requirements

As one of many updates to its App Store Review Guidelines this week, Apple has indicated that parental control app developers are again permitted to use Mobile Device Management (MDM) technology in their apps, so long as they do not sell, use, or disclose any data to third parties for any purpose.


An excerpt from the newly added Guideline 5.5:
You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. MDM apps must not violate local laws. Apps offering MDM services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program.
This comes a little over a month after The New York Times reported that Apple had removed or restricted many of the most popular screen time and parental control apps on the App Store since launching its own Screen Time feature in iOS 12 last year, raising concerns over potentially anticompetitive behavior.

In response to the report, Apple said it had discovered that some parental control apps were using MDM, putting the privacy and security of children at risk.

"These apps were using an enterprise technology that provided them access to kids' highly sensitive personal data," an Apple spokesperson said in a statement issued to The New York Times on Monday. "We do not think it is O.K. for any apps to help data companies track or optimize advertising of kids."

MDM technology is intended for enterprise users to manage their company-owned devices, and Apple said the use of MDM by consumer-focused apps carried privacy and security concerns that resulted in the company addressing the situation in its App Store Review Guidelines in 2017.

Backlash quickly mounted from parental control app developers, who eventually joined together to petition Apple to "put kids first" by releasing a public API for its Screen Time for use by developers. That never happened, with Apple going down this route instead and allowing MDM usage with stricter privacy requirements.

Apple's updated guidelines also indicate that parental control apps from "approved providers" may use one of its Personal VPN APIs.

Apple has faced increasing scrutiny over its App Store and potentially anticompetitive business practices, ranging from Spotify's complaint to multiple class action lawsuits. In response, Apple said it "welcomes competition" on the App Store, which only serves to make it a "better" platform.



Top Rated Comments

(View all)
Avatar
11 weeks ago

I think this is the wrong solution. Unfortunate that they chose MDM over providing screen time APIs to developers.

Well it’s gonna take time for them to release the APIs; this problem was only recently discovered. This is a decent stop-gap until the APIs are released.
Rating: 6 Votes
Avatar
11 weeks ago
I think this is the wrong solution. Unfortunate that they chose MDM over providing screen time APIs to developers.
Rating: 6 Votes
Avatar
11 weeks ago
Helicopter parents were gonna revolt so hard lol Apple
Rating: 4 Votes
Avatar
11 weeks ago
There's no question the recent DOJ antitrust news factored into Apple's decision. If history has proven anything it's that Apple responds to legal threats, be they from private class action suits or from federal agencies.
Rating: 3 Votes
Avatar
11 weeks ago

Well it’s gonna take time for them to release the APIs; this problem was only recently discovered. This is a decent stop-gap until the APIs are released.

I agree with [USER=31633]@Kabeyun[/USER] and [USER=874699]@BootsWalking[/USER] This is the wrong solution and it sends a contradictory message.
What happened to putting the privacy and security of children at risk? Aren't those same supposed risks still there? Apple did nothing to mitigate the supposed risks, they just reversed the decision regarding MDM. The devs can still collect the same info they were collecting before.

I think you're right that it will take time to develop API's - which is the correct decision imo. Not so right in thinking this is a decent stop-gap. This reads more like a reversal to mitigate the anti competitive claims.
Rating: 1 Votes
[ Read All Comments ]