Apple has changed its App Store rules last week to limit how developers use information about iPhone owners’ friends and other contacts, quietly closing a loophole that let app makers store and share data without many people’s consent.
Even though this move widely went unnoticed but Apple issued the revised App Store Guidelines during the WWDC banning the developers from building their own databases with collected information about the user and its contact and avoiding their sharing without having any further permission.
The rules also prohibit apps from harvesting data from an iPhone user’s contacts. From Apple’s updated 5.1.2 data sharing guidelines:
(iii) Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way.
(iv) Do not use information from Contacts, Photos, or other APIs that access user data to build a contact database for your own use or for sale/distribution to third parties, and don’t collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing.
(v) Do not contact people using information collected via a user’s Contacts or Photos, except at the explicit initiative of that user on an individualized basis; do not include a Select All option or default the selection of all contacts. You must provide the user with a clear description of how the message will appear to the recipient before sending it (e.g. What will the message say? Who will appear to be the sender?).
An Anonymous developer explained how easy it was to use the contact information of the user. “The address book is the Wild West of data. I am able to instantly transfer all the contacts info into some random server or upload it to Dropbox if I wanted to, the very moment a user says okay to giving contacts permission. Apple doesn’t track it, nor do they know where it went.”
Nevertheless, the new guidelines are more strict and pay attention towards user’s privacy. Under the new rules, developers are not only barred from creating, sharing, or selling databases based on harvested contact info but must use contact data explicitly for what they say they will unless they get further permission
However, one interesting thing to note here is that these guidelines don’t repair the damage done in the past already. The data that may have been shared already cannot be retrieved back or be “un-shared”. It just means that from now on there shouldn’t be any misuse of the user’s data.
Developers who are caught breaking Apple’s new data sharing rules may be banned from the App Store. The full App Store Guidelines for developers can be viewed on Apple’s website.