Apple updated its App Store Review Guidelines this week at WWDC 2019 — and many of those changes appear to be aimed squarely at the kinds of controversies that recently led us to ask whether Apple can be trusted with the App Store to begin with.
Most prominently, as The New York Times points out, the company appears to be backing away from its stance that screen time and parental control apps shouldn’t have access to the same powerful mobile device management (MDM) and VPN APIs that big companies do — which the company conveniently used earlier this year to remove a whole bunch of those apps just as it was coincidentally introducing it own Screen Time feature.
“It’s not clear why we should trust big enterprise companies to not steal customer data any more than these now-banned small ones,” we wrote last week, and apparently Apple agrees: according to Apple’s changelog, “companies utilizing MDM for parental controls” are now one of the groups that can use the feature, alongside “business organizations, educational institutions, or government agencies”.
As far as the VPN API goes, apps that offer “parental control, content blocking, and security” also have a tentative exemption.
Mind you, it’s not clear that the crackdown is actually over, or that any of the previously banned apps — which recently banded together to demand that Apple publicly release a new dedicated parental control API for them to use — will actually make it back into the store. A new API would certainly have been a more logical solution, if Apple truly believes that MDM is as inherently dangerous as it told the world in April. These changes make it seem like Apple’s fears were overblown, or that it’s willing to compromise on that belief to satisfy those developers.
There’s a key hedge, though: both of the new rules still allow Apple to pick and choose winners and losers. MDM is allowed “in limited cases,” while parental control apps can use VPN if they come “from approved providers.”
Other ripped-from-the-headlines changes you’ll find in Apple’s updated App Store Review Guidelines include that “apps intended for kids may not include third-party advertising or analytics,” after The Wall Street Journal’s Joanna Stern found that a Curious George app was sending her son’s name, age, and book choices to Facebook, and a pair of new rules that require apps to get explicit consent for any form of data collection, even anonymous or pulled from a public database, after The Washington Post’s Geoffrey Fowler shed light on how hidden app trackers were siphoning off his data overnight.
Yesterday, we also wrote how Apple is tightening up its rules for enterprise app certificates — another scandal that let app developers bypass the App Store entirely to create an illicit app underworld — and how Apple is using its ownership over the App Store to mandate that iOS developers embrace its new single sign-on feature.