Apple updates App Store rules to prevent devs gathering data from contacts
Apple has tweaked its App Store policies, closing a loophole that made it possible for developers to gather data from phone contacts and then sell or share that data without consent.
Until very recently app developers have been able to ask for permission to access users' address books and then use this permission to gather data about contacts. But with the latest policy change -- introduced with no announcement -- Apple has clamped down on this practice in the name of privacy.
- Apple slaps a ban on cryptocurrency mining apps
- Apple adopts a 'cautious approach' and cuts iPhone parts orders by 20 percent
- Apple reveals performance-focused iOS 12 for a massive range of iPhones and iPads
The updated guidelines were introduced last week, and were first spotted by Bloomberg. This privacy-related change is the second unadvertised alteration Apple has made to its policies recently. The company also just introduced a ban on cryptocurrency mining activity.
The changes explicitly state that developers may not build a contact database using information gathered from users' contacts:
- (iv) Do not use information from Contacts, Photos, or other APIs that access user data to build a contact database for your own use or for sale/distribution to third parties, and don’t collect information about which other apps are installed on a user's device for the purposes of analytics or advertising/marketing.
- (v) Do not contact people using information collected via a user's Contacts or Photos, except at the explicit initiative of that user on an individualized basis; do not include a Select All option or default the selection of all contacts. You must provide the user with a clear description of how the message will appear to the recipient before sending it (e.g. What will the message say? Who will appear to be the sender?).
Developers must not only ask for explicit permission to access contact data, but also fully explain how this data will be used -- multiple times if the data is to be used for more than one purpose.