In the wake of the Facebook Cambridge Analytica data breach, Apple has started removing apps from the iOS App Store that violate the company’s policies on sharing location data with third-parties without seeking explicit consent, according to report from 9to5Mac.
Sections 5.1.1 and 5.1.2 of Apple’s App Store Guidelines, which state that apps are not allowed to pass on “user location data to third parties without explicit consent from the user [or] for unapproved purposes,” is the specific clause in question. This particular section of the App Store’s Guidelines has existed in some form since 2014.
Below is an abbreviated outline of the guidelines:
“Data collected from apps may not be used or shared with third parties for purposes unrelated to improving the user experience or software/hardware performance connected to the app’s functionality, or to serve advertising in compliance with the Apple Developer Program License Agreement…”
Developers that have violated these guidelines have received notifications from Apple that their apps are not in compliance following “re-evaulation,” according to various social media posts and developers who reached out to 9to5Mac directly.
Apple finally decided to start enforcing guidelines on selling location data
— Thomasbcn (@Thomasbcn) May 7, 2018
It’s likely that Apple’s move to more strictly enforce the policy is related to the General Data Protection Regulation that’s set to go into effect on May 25th in Europe. The new rules force technology companies to obtain explicit informed consent before they’re able to collect data from a user.
According to the messages sent to developer affected by this new enforcement, in order to get their apps reinstated, code, frameworks and SKDs related to third-party location sharing must be removed. The app then needs to be resubmitted for review.
It’s currently unclear how many developers are affected by Apple more strictly enforcing this rule.