Weeks ahead of the EU’s enforcement of the General Data Protection Regulation (GDPR), Apple is removing iOS apps from the App Store if they’ve been giving location data to third parties without explicit consent, a new report says.
According to 9to5Mac, Apple has emailed multiple developers to inform them that their apps were discovered to be violating sections 5.1.1 and 5.1.2 of its App Store review guidelines, which are concerned with apps that send “user location data to third parties without explicit consent from the user and for unapproved purposes.” Apple is also pushing developers not to share user data for reasons other than “improving the user experience or software/hardware performance connected to the app’s functionality.”
Apple finally decided to start enforcing guidelines on selling location data
— Thomasbcn (@Thomasbcn) May 7, 2018
There are two clear concerns here: transparency about sharing data and the need to restrict data sharing to limited purposes. As enforcement of the GDPR looms in Europe, Apple has drawn a clear line across regions stating that iOS apps need to get explicit permission from users to share data, explain what it’s used for, and provide access to information on where and how the data is shared. The company also added new data privacy disclosures to iOS 11.3, including a conspicuous sharing icon and screens to indicate when an Apple app or feature wants to use personal information.
It’s unclear how widespread Apple’s initiative is, but in addition to one public tweet, 9to5Mac says that multiple developers have privately reached out to confirm that their apps have been pulled. Offending developers are being allowed to resubmit their apps after removing violating code.