Apple today has updated its App Store Review Guidelines with a handful of changes. The new guidelines include revisions related to data security, cryptocurrency mining, free app trials, advertising, and more.
First off, Apple has added a new section to the App Store Review Guidelines about data security. The company says that apps sure implement measures that ensure proper handling of user data:
Apps should implement appropriate security measures to ensure proper handling of user information collected pursuant to the Apple Developer Program License Agreement and these Guidelines (see Guideline 5.1 for more information) and prevent its unauthorized use, disclosure, or access by third parties.
Apple also describes how developers can offer free trials of their applications. While previously described free trials for subscription-based applications, it now says that non-subscription apps may offer a free time-based trial by using a “non-consumable” in-app purchase:
Non-subscription apps may offer a free time-based trial period before presenting a full unlock option by setting up a Non-Consumable IAP item at Price Tier 0 that follows the naming convention: “14-day Trial.”
Prior to the start of the trial, your app must clearly identify its duration, the content or services that will no longer be accessible when the trial ends, and any downstream charges the user would need to pay for full functionality. Learn more about managing content access and the duration of the trial period using Receipts and Device Check.
This is notable as Apple’s Review Guidelines previously only laid out the process for free trials as they related to subscription applications. Now, however, the company is condoning free trials for all types of applications.
The new guidelines also clarify rules surrounding multi-platform services. This specifically seems to relate to apps like Steam Link, which Apple notably rejected last month. Apple now says that apps operating across multiple platforms may allow users to access content acquired elsewhere, but that content must also be available via in-app purchases.
Multiplatform Services: Apps that operate across multiple platforms may allow users to access content, subscriptions, or features they have acquired elsewhere, provided those items are also available as in-app purchases within the app. You must not directly or indirectly target iOS users to use a purchasing method other than in-app purchase, and your general communications about other purchasing methods must not discourage use of in-app purchase.
Also related to remote mirroring applications like Steam Link, Apple outlines that the host device for such apps must be a personal computer owned by the user and more:
(a) The host device is a personal computer owned by the user, and both the host and client must be connected on a local and LAN-based network.
(b) Any software or services appearing in the client are fully rendered on the screen of the host device, and may not use APIs or platform features beyond what is required to stream the Remote Desktop
(c) All account creation and management must be initiated from the host device.
(d) The UI appearing on the client does not resemble an iOS or App Store view, does not provide a store-like interface, or include the ability to browse, select, or purchase software not already owned or licensed by the user. For the sake of clarity, transactions taking place within mirrored software do not need to use in-app purchase, provided the transactions are processed on the host device.
Furthermore, Apple includes some new details about cryptocurrency and specifically says apps cannot mine cryptocurrency in the background.
(i) Wallets: Apps may facilitate virtual currency storage, provided they are offered by developers enrolled as an organization.
(ii) Mining: Apps may not mine for cryptocurrencies unless the processing is performed off device (e.g. cloud-based mining).
(iii) Exchanges: Apps may facilitate transactions or transmissions of cryptocurrency on an approved exchange, provided they are offered by the exchange itself.
(iv) Initial Coin Offerings: Apps facilitating Initial Coin Offerings (“ICOs”), cryptocurrency futures trading, and other crypto-securities or quasi-securities trading must come from established banks, securities firms, futures commission merchants (“FCM”), or other approved financial institutions and must comply with all applicable law.
(v) Cryptocurrency apps may not offer currency for completing tasks, such as downloading other apps, encouraging other users to download, posting to social networks, etc.
Also included in today’s revisions are new details about in-app advertising. Apple says that ads must be appropriate for the app’s audience and may not target sensitive user data:
Advertising: Ads displayed in an app must be appropriate for the app’s age rating, allow the user to see all information used to target them for that ad (without requiring the user to leave the app), and may not engage in targeted or behavioral advertising based on sensitive user data such as health/medical data (e.g. from the HealthKit APIs), school and classroom data (e.g. from ClassKit), or from kids (e.g. from apps in the Kids Category), etc.
Interstitial ads or ads that interrupt or block the user experience must clearly indicate that they are an ad, must not manipulate or trick users into tapping into them, and must provide easily accessible and visible close/skip buttons large enough for people to easily dismiss the ad.