Apple updated its App Store Review Guidelines this week at WWDC 2019, and many of those changes seem to be aimed squarely at the kinds of controversies that recently led us to ask whether Apple can be trusted with the App Store to begin with.
More prominent, like The New York Times notes, the company appears to be moving away from its stance that screen time and parental control apps shouldn’t have access to the same VPN and mobile device management (MDM) APIs that large companies have, a hallmark that The company conveniently used earlier this year to remove a large number of those apps just as it was introducing its own screen time feature.
“It’s not clear why we should trust big companies not to steal customer data any more than these now banned little ones,” we wrote last week, and Apple apparently agrees: according to Apple’s changelog, “companies use MDM for parental control” is now one of the groups that can use the feature, along with “business organizations, educational institutions or government agencies.”
Regarding the VPN API, applications that offer “parental control, content blocking and security” also have a provisional exemption.
it is not clear that the repression is over
Note that it’s not clear that the crackdown is over, or that any of the previously banned apps, which recently joined forces to demand that Apple publicly release a new dedicated parental control API for their use, will actually go back to the store. A new API would certainly have been a more logical solution, if Apple really believes that MDM is as inherently dangerous as it told the world in April. These changes make it appear that Apple’s fears were exaggerated, or that it is willing to compromise that belief to satisfy those developers.
However, there is a key coverage: The two new rules still allow Apple to pick and choose winners and losers. MDM is allowed “in limited cases”, while parental control apps can use VPN if they come from “approved providers”.
Other headline changes you’ll find in Apple’s Revised App Store Guidelines include that “apps intended for children may not include third-party advertising or analytics,” after The Wall Street JournalJoanna Stern discovered that a Curious George app was sending her son’s name, age, and book choices to Facebook, and a couple of new rules that require apps to get explicit consent for any form of data collection, including anonymous or extracted from a public database, then The Washington Post Geoffrey Fowler shed light on how hidden app trackers were diverting your data overnight.
Yesterday, we also wrote about how Apple is tightening its rules for enterprise app certificates, another scandal that allowed app developers to completely bypass the App Store to create an illicit app world, and how Apple is using its ownership over the App Store. to require that iOS developers adopt their new single sign-on feature.