Apple updated its App Store Review Guidelines this week atWWDC 2019— and many of those changes appear to be aimed squarely at the kinds of controversies that recently led us to askwhether Apple can be trusted with the App Storeto begin with.
Most prominently, asThe New York Timespoints out, the company appears to be backing away from its stance that screen time and parental control apps shouldn’t have access to the same powerful mobile device management (MDM) and VPN APIs that big companies do — which the company conveniently used earlier this yearto remove a whole bunch of those appsjust as it was coincidentally introducing it own Screen Time feature.
“It’s not clear why we should trust big enterprise companies to not steal customer data any more than these now-banned small ones,” we wrote last week, and apparently Apple agrees:according to Apple’s changelog, “companies utilizing MDM for parental controls” are now one of the groups that can use the feature, alongside “business organizations, educational institutions, or government agencies”.
As far as the VPN API goes, apps that offer “parental control, content blocking, and security” also have a tentative exemption.
Mind you, it’s not clear that the crackdown is actually over, or that any of the previously banned apps — whichrecently banded together to demandthat Apple publicly release a new dedicated parental control API for them to use — will actually make it back into the store. A new API would certainly have been a more logical solution, if Apple truly believes that MDM is as inherently dangerousas it told the world in April. These changes make it seem like Apple’s fears were overblown, or that it’s willing to compromise on that belief to satisfy those developers.
There’s a key hedge, though: both of the new rules still allow Apple to pick and choose winners and losers. MDM is allowed “in limited cases,” while parental control apps can use VPN if they come “from approved providers.”
Other ripped-from-the-headlines changes you’ll find in Apple’s updated App Store Review Guidelines include that“apps intended for kids may not include third-party advertising or analytics,”afterThe Wall Street Journal’s Joanna Stern foundthat a Curious George app was sending her son’s name, age, and book choices to Facebook, and a pair of new rules that require apps to get explicit consent for any form of data collection, even anonymous or pulled from a public database, afterThe Washington Post’sGeoffrey Fowler shed lighton how hidden app trackers were siphoning off his data overnight.
Yesterday, we also wrote how Apple istightening up its rules for enterprise app certificates— another scandal that let app developersbypass the App Store entirely to create an illicit app underworld— and how Apple is using its ownership over the App Store tomandate that iOS developers embrace its new single sign-on feature.