Apple’s App Store Review Guidelines have been getting a number of interesting tweaks since WWDC last week, including loosening restrictions on apps like Valve’s Steam Link, opening up a bit on free trials, and banning cryptocurrency apps, and Bloomberg has discovered another interesting clause that has Apple slamming the door on apps that harvest a user’s contact information to build databases of a user’s friends and other contacts. Apple has expanded Section 5.1.2 on “Data Use and Sharing,” adding new clauses that explicitly prohibit apps from building a database of user data or even “surreptitiously” building profiles on users.
(iii) Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way.
(iv) Do not use information from Contacts, Photos, or other APIs that access user data to build a contact database for your own use or for sale/distribution to third parties, and don’t collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing.
(v) Do not contact people using information collected via a user’s Contacts or Photos, except at the explicit initiative of that user on an individualized basis; do not include a Select All option or default the selection of all contacts.
You must provide the user with a clear description of how the message will appear to the recipient before sending it (e.g. What will the message say? Who will appear to be the sender?).
Apple has had technical restrictions in place since 2012 preventing apps from accessing contact information without explicitly requesting the user’s permission, however the company has previously said little about what developers could do with that data after such permission had been granted. Since many users may not give much thought before granting contact access to third-party apps, many developers have been able to benefit by building large databases information that goes well beyond the individual user, since of course most iPhone contact lists contain dozens, if not hundreds of names, phone numbers, email addresses, and even profile photos of family, friends, colleagues, and other acquaintances.
Once the user has granted permission for a third-party app to access this information, neither Apple nor the user has any further control over what gets done with this data — as one developer said to Bloomberg, “The address book is the Wild West of data,” and developers can “instantly transfer all the contacts info into some random server or upload it to Dropbox […] the very moment a user says okay to giving contacts permission.” Further, revoking permission later at the iOS level will prevent future contacts from getting transferred, but doesn’t remove any data that the developer has already collected, and users are forced to rely on the individual — and sometimes inscrutable — privacy policies of each third-party app in order to determine what is actually being done with this data.
While many well-known apps do have clear privacy policies, and often only read contact information for relatively innocuous purposes — such as automatically looking up friends on social networks — and don’t actually store that information, other apps such as some of the anti-spam and “caller ID” apps that have been made possible with the development of CallKit are mining this data and storing it to build their own services, such as online directories of phone numbers and email addresses. It’s unclear whether Apple’s new restrictions will prevent this kind of use of contact information — it seems to hinge on what “for your own use” actually means — but it certainly seems like a step in the right direction to close one of the biggest privacy loopholes out there and preventing contact information from being collected on third parties without anything even remotely resembling their consent.