Apple has faced lots of criticism over the past few years because of the way its services get special treatment on iOS devices. They’ve also gotten lots of heat as of late over the way in which they allow customers to get sucked into service subscriptions.
There are lots of potential solutions to these problems. But first, you have to identify which problems are the most important to solve first. There are a couple of areas that are particularly important.
One of those is the default search engine for Safari. Apple has a controversial special deal with Google that makes them boatloads of money. They agreed to make Google the default search engine on iPhone, iPad, iPod touch, and macOS in exchange for billions. Other search engines are at a severe disadvantage because you need to navigate through multiple settings levels to change it to another service.
Apple could easily wash away any sort of antitrust implications by including a search engine selection screen during the setup process. Google would still be selected by default, but it would give users an opportunity upon first use to change their search engine of choice. This is also important for users who care about privacy. It should be easier for any user to change their default service to something like DuckDuckGo.
Another setting that should be surfaced during first setup is default apps and services. Apple could frame this as a way to set Siri information and content sources, but it would also change the default app in that category.
This step would appear after you sign in to your Apple ID so that you can download an alternative, Siri compatible service before set up is over.
Apple currently offers the ability to set an app as a default within its own settings panel buried at the bottom of the main Settings view. There’s no centralized place to see all of your default apps.
If they created a default apps settings panel and moved it to the top level of Settings, users would be able to find this ability much more easily. This would help alleviate some of the concerns about apps like Spotify or Gmail being put at a disadvantage.
Apple could rearrange the main Settings view and move App Store and Wallet settings right to the top below Apple ID. They could also update the App Store menu to be “Apps & Subscriptions.” Any user would be able to easily find all of their subscribed services and cancel them if they wanted to. You can also see the new “Default Apps & Services” menu with the third group of cells.
Apple also ought to update their tracking and privacy menus by merging third-party settings with first-party app settings. Apple’s own apps have their privacy settings buried within the privacy section of Settings while third-party apps’ settings are right at the top.
To complement the new subscriptions menu, Apple could redesign the sheet that appears when you tap to subscribe to a service. The new sheet would show all available plans and hides all additional copy under an information button. You would select an available plan and tap continue to move to the final step.
This additional stopgap prevents people from accidentally subscribing to a service, especially on Touch ID enabled iPhones. The second screen within the sheet lets you change your payment method and accept the terms of your subscription with a double click on the side button.
Apple could also introduce a new API for unsubscribing to services. Developers could be required to build it into their app. When tapped, a new proprietary sheet would slide up, telling you how much time is left in your subscription. You could then tap to unsubscribe and then double click the side button to confirm it.
With these changes, it would not only make it harder for people to get sucked into subscriptions, but it would help people better understand what they’re signing up for. The new top-level menu in Settings combined with these new sheets would remove the suspicion that Apple is purposefully trying to keep people subscribed to services they don’t use.
Later this year, the App Store will help users understand an app’s privacy practices before they download the app on any Apple platform. On each app’s product page, users can learn about some of the data types the app may collect, and whether that data is linked to them or used to track them. You’ll need to provide information about your app’s privacy practices, including the practices of third-party partners whose code you integrate into your app, in App Store Connect. This information will be required to submit new apps and app updates to the App Store starting December 8, 2020.
Apple will begin requiring developers to provide more privacy details about their apps starting December 8, While this feature is not yet available to users, developers can already submit their privacy reports to the App Store.
Privacy labels have been introduced as a new iOS 14 and macOS Big Sur feature that will inform users about what data third-party apps can access, such as location, photos, and contacts. Each app will have its own privacy report on the App Store so that users can check this information before downloading the app.
The company shared in the Apple Developer portal exactly what it asks developers for the App Store privacy labels. We also checked on the App Store Connect portal how this process works for developers.
Once the developer chooses a specific app in the App Store Connect, there’s a new menu dedicated to App Privacy. From there, the platform guides the developer with everything needed for the new privacy labels. First, Apple asks if the app collects any user data — this also applies to third-party content such as advertisements from other platforms.
Next, the developer must select exactly what kind of personal information the app collects from the user. This includes contacts, health, financial information, location, sensitive information, personal content, browsing history, and more.
For each category, Apple requires details on the data collected. If you have an app that collects contact information, you need to tell Apple what that data is (name, email, phone number) and whether you use that data to track the user over the web or not.
Apps that collect financial information should tell Apple whether this is restricted to payment information such as credit card numbers or also things like salary and credit score. For apps that let users upload files, the developer must specify whether the app collects emails, text messages, photos, videos, or even gameplay content.
Apple will review privacy reports before showing them on the App Store. Once privacy labels are approved for an app, developers cannot modify them unless they launch an app update on the App Store.
The App Store will soon help users understand an app’s privacy practices before they download the app on the Apple platform. On each app’s product page, users can learn about some of the data types the app may collect, and whether that data is linked to them or used to track them.
This feature will be rolled out to users as of December 8. You can find more information about App Store’s new privacy labels on the Apple Developer website.
Answering app privacy questions
As you get ready to select your answers from the options presented in App Store Connect, keep in mind:
You need to identify all of the data you or your third-party partners collect, unless the data meets all of the criteria for optional disclosure listed below.
Your app’s privacy practices should follow the App Store Review Guidelines and all applicable laws.
You’re responsible for keeping your responses accurate and up to date. If your practices change, update your responses in App Store Connect. You may update your answers at any time, and you do not need to submit an app update in order to change your answers.
You’ll need to know the types of data that you and/or your third-party partners collect from your app before answering the questions in App Store Connect.
“Collect” refers to transmitting data off the device in a way that allows you and/or your third-party partners to access it for a period longer than what is necessary to service the transmitted request in real time.
“Third-party partners” refers to analytics tools, advertising networks, third-party SDKs, or other external vendors whose code you’ve added to your app.
Data types that meet all of the following criteria are optional to disclose:
The data is not used for tracking purposes, meaning the data is not linked with Third-Party Data for advertising or advertising measurement purposes, or shared with a data broker. For details, see the Tracking section.
The data is not used for Third-Party Advertising, your Advertising or Marketing purposes, or for Other Purposes, as those terms are defined in the Tracking section.
Collection of the data occurs only in infrequent cases that are not part of your app’s primary functionality, and which are optional for the user.
The data is provided by the user in your app’s interface, it is clear to the user what data is collected, the user’s name or account name is prominently displayed in the submission form alongside the other data elements being submitted, and the user affirmatively chooses to provide the data for collection each time.
If a data type collected by your app meets some, but not all, of the above criteria, it must be disclosed in App Store Connect.
Examples of data that may not need to be disclosed include data collected in optional feedback forms or customer service requests that are unrelated to the primary purpose of the app and meet the other criteria above.
For the purpose of clarity, data collected on an ongoing basis after an initial request for permission must be disclosed.
Types of data
Refer to the list of data types below and compare them to the data collection practices in your app.
Such as first or last name
Including but not limited to a hashed email address
Including but not limited to a hashed phone number
Such as home address, physical address, or mailing address
Other User Contact Info
Any other information that can be used to contact the user outside the app
Health and Fitness
Health and medical data, including but not limited to data from the Clinical Health Records API, HealthKit API, MovementDisorderAPIs, or health-related human subject research or any other user provided health or medical data
Fitness and exercise data, including but not limited to the Motion and Fitness API
Such as form of payment, payment card number, or bank account number. If your app uses a payment service, the payment information is entered outside your app, and you as the developer never have access to the payment information, it is not collected and does not need to be disclosed.
Such as credit score
Other Financial Info
Such as salary, income, assets, debts, or any other financial information
Information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places
Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services
Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data
Such as a list of contacts in the user’s phone, address book, or social graph
Emails or Text Messages
Including subject line, sender, recipients, and contents of the email or message
Photos or Videos
The user’s photos or videos
The user’s voice or sound recordings
Such as user-generated content in-game
Data generated by the user during a customer support request
Other User Content
Any other user-generated content
Information about content the user has viewed that is not part of the app, such as websites
Information about searches performed in the app
Such as screen name, handle, account ID, assigned user ID, customer number, or other user- or account-level ID that can be used to identify a particular user or account
Such as the device’s advertising identifier, or other device-level ID
An account’s or individual’s purchases or purchase tendencies
Such as app launches, taps, clicks, scrolling information, music listening data, video views, saved place in a game, video, or song, or other information about how the user interacts with the app
Such as information about the advertisements the user has seen
Other Usage Data
Any other data about user activity in the app
Such as crash logs
Such as launch time, hang rate, or energy use
Other Diagnostic Data
Any other data collected for the purposes of measuring technical diagnostics related to the app
Other Data Types
Any other data types not mentioned
You should have a clear understanding of how each data type is used by you and your third-party partners.
For example, collecting an email address and using it to authenticate the user and personalize the user’s experience within your app would include App Functionality and Product Personalization.
Such as displaying third-party ads in your app, or sharing data with entities who display third-party ads
Developer’s Advertising or Marketing
Such as displaying first-party ads in your app, sending marketing communications directly to your users, or sharing data with entities who will display your ads
Using data to evaluate user behavior, including to understand the effectiveness of existing product features, plan new features, or measure audience size or characteristics
Customizing what the user sees, such as a list of recommended products, posts, or suggestions
Such as to authenticate the user, enable features, prevent fraud, implement security measures, ensure server up-time, minimize app crashes, improve scalability and performance, or perform customer support
Any other purposes not listed
Data linked to the user
You’ll need to identify whether each data type is linked to the user’s identity (via their account, device, or other details) by you and/or your third-party partners. Data collected from an app is often linked to the user’s identity, unless specific privacy protections are put in place before collection to de-identify or anonymize it, such as:
Stripping data of any direct identifiers, such as user ID or name, before collection.
Manipulating data to break the linkage and prevent re-linkage to real-world identities.
Additionally, in order for data not to be linked to a particular user’s identity, you must avoid certain activities after collection:
You must not attempt to link the data back to the user’s identity.
You must not tie the data to other datasets that enable it to be linked to a particular user’s identity.
Note: “Personal Information” and “Personal Data”, as defined under relevant privacy laws, are considered linked to the user.
You’ll need to understand whether you and/or your third-party partners use data from your app to track users and, if so, which data is used for this purpose.
“Tracking” refers to linking data collected from your app about a particular end-user or device, such as a user ID, device ID, or profile, with Third-Party Data for targeted advertising or advertising measurement purposes, or sharing data collected from your app about a particular end-user or device with a data broker.
“Third-Party Data” refers to any data about a particular end-user or device collected from apps, websites, or offline properties not owned by you.
Examples of tracking include:
Displaying targeted advertisements in your app based on user data collected from apps and websites owned by other companies.
Sharing device location data or email lists with a data broker.
Sharing a list of emails, advertising IDs, or other IDs with a third-party advertising network that uses that information to retarget those users in other developers’ apps or to find similar users.
Placing a third-party SDK in your app that combines user data from your app with user data from other developers’ apps to target advertising or measure advertising efficiency, even if you don’t use the SDK for these purposes. For example, using a login SDK that repurposes the data it collects from your app to enable targeted advertising in other developers’ apps.
The following situations are not considered tracking:
When the data is linked solely on the end-user’s device and is not sent off the device in a way that can identify the end-user or device.
When the data broker uses the data shared with them solely for fraud detection or prevention or security purposes, and solely on your behalf.
Privacy Choices (Optional): A publicly accessible URL where users can learn more about their privacy choices for your app and how to manage them. For example, a webpage where users can access their data, request deletion, or make changes.
You collect different types of data from users depending on whether the user is a child, whether they are a free or paid user, whether they opt in, where they live, or for some other reason.
You use Apple frameworks or services, such as MapKit, CloudKit, or App Analytics.
If you collect data about your app from Apple frameworks or services, you should indicate what data you collect and how you use it. You are not responsible for disclosing data collected by Apple.
You use location, device identifiers, and other sensitive data, but only on device, and the data is never sent to a server.
Data that is processed only on device is not “collected” and does not need to be disclosed in your answers. If you derive anything from that data and send it off device, the resulting data should be considered separately.
You collect precise location, but immediately de-identify and coarsen it before storing.
Disclose that you collect Coarse Location, since the precise location data is immediately coarsened and precise location is not stored.
Your app includes free-form text fields or voice recordings, and users can save any type of information they want through those mediums, including names and health data.
Mark “Other User Content” to represent generic free form text fields and “Audio Data” for voice recordings. You’re not responsible for disclosing all possible data that users may manually enter in the app through free-form fields or voice recordings. However, if you ask a user to input a specific data type into a text field, such as their name or email, then you’ll need to disclose the specific type of data that you request.
You collect data to service a request but do not retain it after servicing the request.
“Collect” refers to transmitting data off the device and storing it in a readable form for longer than the time it takes you and/or your third-party partners to service the request. For example, if an authentication token or IP address is sent on a server call and not retained, or if data is sent to your servers then immediately discarded after servicing the request, you do not need to disclose this in your answers in App Store Connect.
In recent weeks and months, Apple has been catching some heat for its App Store rules, particularly as they apply to gaming apps. Not only has Apple come under fire from Epic for the fact that it takes a 30% cut from each in-app purchase, but the company has also drawn criticism from Facebook and Microsoft, as its App Store policies have made it impossible to get their game streaming apps – Facebook Gaming and Project xCloud, respectively – on iOS devices. Today, Apple updated its App Store guidelines, and while the new rules cover a number of different apps, there are a few specifically for game streaming.
Apple’s updated App Store guidelines can be read in full over on the company’s developer site, but as that spans pages and pages of text, it’s probably easier to look at a changelog for this update that Apple published elsewhere. Apple has implemented new rules regarding App Clips, widgets, extensions and notifications, requiring that those all be related to the content or functionality of the app they belong to. Apple also now requires that “all App Clip features and functionality must be included in the main app binary,” and says that App Clips can’t contain advertising.
Apple has also relaxed some rules about in-app purchase requirements for apps that offer person-to-person experiences, which have become much more important in the age of COVID-19. Apple’s new rules say that apps which offer one-on-one services can charge using payment methods other than in-app purchases. Those that offer “one-to-few” and “one-to-many realtime experiences,” however, have to continue using in-app purchases to charge users.
With these changes, Apple is now allowing web-based tools to offer free standalone companion apps without the need for in-app purchases. So, your web provider can give you access to a standalone email app or VOIP app without rolling some kind of in-app purchase into that app. Furthermore, Apple has put in place new rules regarding in-app pop-ups that make you watch ads, request that you review the app, or click on advertisements:
3.2.2(vi): Apps should not require users to rate the app, review the app, watch videos, download other apps, tap on advertisements, enable tracking, or take other similar actions in order to access functionality, content, use the app, or receive monetary or other compensation, including but not limited to gift cards and codes.
Apps offering personal loans are now subject to some rather big restrictions too, with Apple saying that they can’t charge a maximum APR higher than 36% and can’t require that people pay back their loan in full in 60 days or less. The company also says that these apps must “clearly and conspicuously disclose all loan terms, including but not limited to equivalent maximum Annual Percentage Rate (APR) and payment due date.”
Arguably the biggest changes Apple made today apply to game streaming. Facebook has made clear its frustrations with App Store restrictions regarding its Facebook Gaming app, while Microsoft hasn’t been able to bring Project xCloud to iOS because of those same restrictions. Even Google Stadia has bumped up against these guidelines, which means there’s a distinct lack of game streaming present on the iOS App Store.
While these new guidelines are meant to ease game streaming restrictions, we’re not sure how much they’re going to help. Apple’s new rules for game streaming are as follows:
3.1.2(a): Games offered in a streaming game service subscription must be downloaded directly from the App Store, must be designed to avoid duplicate payment by a subscriber, and should not disadvantage non-subscriber customers.
Elsewhere in its changelog, Apple says that “Each streaming game must be submitted to the App Store as an individual app so that it has an App Store product page, appears in charts and search, has user ratings and review, can be managed with ScreenTime and other parental control apps, appears on the user’s device, etc.” Game streaming apps can offer a catalog app separately that points to these App Store listings, but if Microsoft and Stadia were looking to offer one, all-inclusive app that features their entire streaming catalogs, it looks like they won’t be able to do that.
According to Microsoft, Project xCloud will offer 100+ games when it launches as part of Xbox Game Pass Ultimate next week, so in order for Microsoft to publish that app on iOS, it would not only need some kind of mainline Xbox Game Pass app for iOS, but also an individual App Store listing for each of the 100+ games on the service so Apple can review and approve each one. It seems those App Store listings don’t necessarily have to host the full game, but CNBC notes that they’ll need some kind of basic functionality.
It’s hard to imagine Microsoft, Google, or Facebook opting to bring their services to iOS even after these updated guidelines. While Stadia has a traditional storefront that wouldn’t see much in the way of rotation, it still seems like a huge endeavor to publish listings for each game it sells. When you consider that games rotate in and out of the Game Pass library each month, maintaining App Store listings for each game on the service becomes even more of a chore for Microsoft.
Still, services like Game Pass and Stadia now have a way to get on the App Store, but the question now is whether Google, Facebook, and Microsoft will think getting their streaming services on iOS will be worth the trouble of complying with Apple’s guidelines. Apple has indeed given these companies an in regarding the App Store, but it’s done so in a very complicated way, seemingly to ensure that it has granular control over what’s offered on iOS for better or worse.