Apple recently revised its review guidelines to allow push notifications that include “advertising, promotions, or direct marketing.” This changes a prior -and longstanding- prohibition on push notices that contain such content. Customers must affirmatively opt in to get promotional push notices, though (“through consent language displayed in your app’s UI”). They must also be able to opt out through an in-app mechanism. Although promotional push notices were previously prohibited, many apps sent them. These modifications may be a step by Apple to acknowledge this use and put requirements in place around it.
The review guidelines also include other changes with an impact on information collection, use and sharing. These include for apps that provide services in “highly-regulated fields.” Such apps must be submitted by the regulated entity (i.e., the one providing the regulated services) rather than the app developer. For example, if a bank hires an app developer to create an app for the bank, the bank should submit the app to the Apple App Store, not the developer it hired to make the app.
Another change are the provisions for apps that provide users with Mobile Device Management (MDM) tools. Previously those apps were prohibited from “disclosing to third parties” any data. Now those apps can share information but only if it is about the “performance of the developer’s MDM app” and does not include user data (“data about the user, the user’s device, or other apps used on that device”).
Putting it into Practice: Apple’s modified guidelines may help companies that send push notices, as well as those that provide MDM apps. For companies in regulated areas, keep in mind the new requirement on who should be submitting apps to the Apple App Store.