At a time when every tech company is desperate to avoid news that third-parties got their hands on user data without their knowledge, Apple is reportedly cracking down on app developers who’ve been transmitting users’ locations without their consent. The practice has long been part of Apple’s guidelines, but apparently wasn’t being properly enforced.
According to 9to5 Mac, an unspecified number of developers have been receiving a legal notice from Apple that explains their app is in violation of the App Store Review Guidelines. Specifically, a section of the agreement, which states in part:
Data collected from apps may not be used or shared with third parties for purposes unrelated to improving the user experience or software/hardware performance connected to the app’s functionality, or to serve advertising in compliance with the Apple Developer Program License Agreement...
Use Location services in your app only when it is directly relevant to the features and services provided by the app...
Ensure that you notify and obtain consent before collecting, transmitting, or using location data.
This whole section has expanded over the years but existed in some way going as far back as 2014. Apple’s app review process is known for being relatively strict in comparison to its competitors. In the past, it has removed apps for violations as small as including the word “free” in their name and using Apple’s custom emoji without permission. Transmitting location data to a third-party without a user’s permission is a very big deal, and it’s more than surprising that these apps have been getting through the review process at all.
9to5 Mac cites several sources that have approached the publication after receiving their takedown notices and at least one person has tweeted a copy of the letter that was allegedly sent by Apple. The letter states that “upon re-evaluation” it was found the app wasn’t in compliance with the company’s guidelines and a compliant version will have to be resubmitted.
The move comes just ahead of the GDPR privacy protections coming into effect in the European Union. On May 25, tech companies will have to begin giving users much more control over their data and gain their consent in more situations. While the new law only applies in the E.U., many companies have bolstered their policies across the board.
It’s also potentially bad news for MoviePass. The subscription service that allows you to see a movie-a-day for dirt cheap caused a bit of controversy in March when its CEO, Mitch Lowe, said, “We watch how you drive from home to the movies. We watch where you go afterward.” That was news to many users, but not particularly surprising since the company’s business model has been aimed at monetizing data collection since the beginning. After the news broke, the company quickly clarified that it was just “exploring utilizing location-based marketing” and certain location tracking had been disabled. Now that MoviePass is struggling with limited cash to continue its operations, it will need to convince more investors that there’s a pot of gold to be found at the end of the data rainbow. That could be a harder sell with Apple’s crackdown.
Gizmodo reached out to Apple for comment about this story and to ask what prompted this sudden “re-evaluation” of apps. We’ll update this post when we receive a reply.