At a time when every tech company is desperate to avoid news that third-parties got their hands on user data without their knowledge, Apple is reportedly cracking down on app developers who have been transmitting users’ locations without their consent. The practice has long been part of Apple’s guidelines, but apparently wasn’t being properly enforced.
According to 9to5 Mac, an unspecified number of developers have been receiving a legal notice from Apple that explains their app is in violation of the App Store Review Guidelines. Specifically, a section of the agreement, which states in part:
Data collected from apps may not be used or shared with third parties for purposes unrelated to improving the user experience or software/hardware performance connected to the app’s functionality, or to serve advertising in compliance with the Apple Developer Program License Agreement...
Use Location services in your app only when it is directly relevant to the features and services provided by the app...
Ensure that you notify and obtain consent before collecting, transmitting, or using location data.
This whole section has expanded over the years but existed in some way going as far back as 2014. Apple’s app review process is known for being relatively strict in comparison to its competitors. In the past, it has removed apps for violations as small as including the word “free” in their name and using Apple’s custom emoji without permission. Transmitting location data to a third-party without a user’s permission is a very big deal, and it’s more than surprising that these apps have been getting through the review process at all.
9to5 Mac cites several sources that have approached the publication after receiving their takedown notices and at least one person has tweeted a copy of the letter that was allegedly sent by Apple. The letter states that “upon re-evaluation” it was found the app wasn’t in compliance with the company’s guidelines and a compliant version will have to be resubmitted.
The move comes just ahead of the GDPR privacy protections coming into effect in the European Union. On 25 May, tech companies will have to begin giving users much more control over their data and gain their consent in more situations. While the new law only applies in the EU, many companies have bolstered their policies across the board.
Gizmodo reached out to Apple for comment about this story and to ask what prompted this sudden “re-evaluation” of apps. We’ll update this post when we receive a reply. [9to5 Mac]