Powered by

We will never spam you or give your email to others.

March 08, 2024

Updated policies, upcoming features and clarifications

Apple has updated their App Store Review Guidelines to support updated policies, upcoming features, and to provide clarification.

Apple’s own summary can be found here.

The complete set of changes can be seen below:

App Store Review Guidelines

Apps are changing the world, enriching people’s lives, and enabling developers like you to innovate like never before. As a result, the App Store has grown into an exciting and vibrant ecosystem for millions of developers and more than a billion users. Whether you are a first -time developer or a large team of experienced programmers, we are excited that you are creating apps for the App Storeour platforms, and want to help you understand our guidelines so you can be confident your app will get through the review process quickly.

Introduction

The guiding principle of the App Store is simple—we want to provide a safe experience for users to get apps and a great opportunity for all developers to be successful. We do this by offering a highly curated App Store where every app is reviewed by experts and an editorial team helps users discover new apps every day. We also scan each app for malware and other software that may impact user safety, security, and privacy. These efforts have made Apple’s platforms the safest for consumers around the world.

In the European Union, developers can also distribute notarized iOS apps from alternative app marketplaces. Learn more about alternative app marketplaces and Notarization for iOS apps. You can see which guidelines apply to Notarization for iOS apps by clicking on “Show Notarization Review Guidelines Only” in the menu to the left.

For everything else there is always the open Internet. If the App Store model and guidelines or alternative app marketplaces and Notarization for iOS apps are not best for your app or business idea that’s okay, we provide Safari for a great web experience too.

On the following pages you will find our latest guidelines arranged into five clear sections: Safety, Performance, Business, Design, and Legal. The App Store is always changing and improving to keep up with the needs of our customers and our products. Your apps should change and improve as well in order to stay on the App Store.

A few other points to keep in mind:mind about distributing your app on our platforms:

  • We have lots of kids downloading lots of apps. Parental controls work great to protect kids, but you have to do your part too. So know that we’re keeping an eye out for the kids.
  • The App Store is a great way to reach hundreds of millions of people around the world. If you build an app that you just want to show to family and friends, the App Store isn’t the best way to do that. Consider using Xcode to install your app on a device for free or use Ad Hoc distribution available to Apple Developer Program members. If you’re just getting started, learn more about the Apple Developer Program.
  • We strongly support all points of view being represented on the App Store, as long as the apps are respectful to users with differing opinions and the quality of the app experience is great. We will reject apps for any content or behavior that we believe is over the line. What line, you ask? Well, as a Supreme Court Justice once said, “I’ll know it when I see it”. And we think that you will also know it when you cross it.
  • If you attempt to cheat the system (for example, by trying to trick the review process, steal user data, copy another developer’s work, manipulate ratings or App Store discovery) your apps will be removed from the store and you will be expelled from the Apple Developer Program.
  • You are responsible for making sure everything in your app complies with these guidelines, including ad networks, analytics services, and third-party SDKs, so review and choose them carefully.
  • Some features and technologies that are not generally available to developers may be offered as an entitlement for limited use cases. For example, we offer entitlements for CarPlay Audio, HyperVisor, and Privileged File Operations. Review our documentation on developer.apple.com to learn more about entitlements.

We hope these guidelines help you sail through the App Reviewreview process, and that approvals and rejections remain consistent across the board. This is a living document; new apps presenting new questions may result in new rules at any time. Perhaps your app will trigger this. We love this stuff too, and honor what you do. We’re really trying our best to create the best platform in the world for you to express your talents and make a living, too.

1. Safety

When people install an app from the App Store, they want to feel confident that it’s safe to do so—that the app doesn’t contain upsetting or offensive content, won’t damage their device, and isn’t likely to cause physical harm from its use. We’ve outlined the major pitfalls below, but if you’re looking to shock and offend people, the App Store isn’t the right place for your app. Some of these rules are also included in Notarization for iOS apps.

  • 2.3 Accurate MetadataASR & NR
    • 2.3.1
      • (a)ASR & NR Don’t include any hidden, dormant, or undocumented features in your app; your app’s functionality should be clear to end users and App Review. All new features, functionality, and product changes must be described with specificity in the Notes for Review section of App Store Connect (generic descriptions will be rejected) and accessible for review. Similarly, marketing your app in a misleading way, such as by promoting content or services that it does not actually offer (e.g. iOS-based virus and malware scanners) or promoting a false price, whether within or outside of the App Store, is grounds for removal of your app from the App Store or a block from installing via alternative distribution and termination of your developer account.
      • (b) Egregious or repeated behavior is grounds for removal from the Apple Developer Program. We work hard to make the App Store a trustworthy ecosystem and expect our app developers to follow suit; if you’re dishonest, we don’t want to do business with you.
    • 2.3.8ASR & NR Metadata should be appropriate for all audiences, so make sure your app and in-app purchase icons, screenshots, and previews adhere to a 4+ age rating even if your app is rated higher. For example, if your app is a game that includes violence, select images that don’t depict a gruesome death or a gun pointed at a specific character. Use of terms like “For Kids” and “For Children” in app metadata is reserved in the App Store for the Kids Category. Remember to ensure your metadata, including app name and icons (small, large, Apple Watch app, alternate icons, etc.), are similar to avoid creating confusion.
    • 2.3.10 Make sure your app is focused on the iOS, iPadOS, macOS, tvOS or watchOS experience, and don’t include names, icons, or imagery of other mobile platforms or alternative app marketplaces in your app or metadata, unless there is specific, approved interactive functionality. Make sure your app metadata is focused on the app itself and its experience. Don’t include irrelevant information.
  • 2.5 Software Requirements
    • 2.5.18ASR & NR Display advertising should be limited to your main app binary, and should not be included in extensions, App Clips, widgets, notifications, keyboards, watchOS apps, etc. Ads displayed in an app must be appropriate for the app’s age rating, allow the user to see all information used to target them for that ad (without requiring the user to leave the app), and may not engage in targeted or behavioral advertising based on sensitive user data such as health/medical data (e.g. from the HealthKit APIs), school and classroom data (e.g. from ClassKit), or from kids (e.g. from apps in the App Store’s Kids Category), etc. Interstitial ads or ads that interrupt or block the user experience must clearly indicate that they are an ad, must not manipulate or trick users into tapping into them, and must provide easily accessible and visible close/skip buttons large enough for people to easily dismiss the ad. Apps that contain ads must also include the ability for users to report any inappropriate or age-inappropriate ads.
  • 4.4 ExtensionsASR & NR

    Apps hosting or containing extensions must comply with the App Extension Programming Guide, the Safari App Extensionsapp extensions documentation, or the Safari Web Extensionsweb extensions documentation and should include some functionality, such as help screens and settings interfaces where possible. You should clearly and accurately disclose what extensions are made available in the app’s marketing text, and the extensions may not include marketing, advertising, or in-app purchases.

  • 4.5ASR & NR Apple Sites and Services
    • 4.5.2ASR & NR Apple Music
      • (ii) Using the MusicKit APIs is not a replacement for securing the licenses you might need for a deeper or more complex music integration. For example, if you want your app to play a specific song at a particular moment, or to create audio or video files that can be shared to social media, you’ll need to contact rights-holders directly to get their permission (e.g. synchronization or adaptation rights) and assets. Cover art and other metadata may only be used in connection with music playback or playlists (including App Store screenshots displaying your app’s functionality), and should not be used in any marketing or advertising without getting specific authorization from rights-holders. Make sure to follow the Apple Music Identity Guidelines when integrating Apple Music services in your app.
  • 4.8 Login ServicesASR & NR

    Apps that use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer as an equivalent option another login service with the following features:

    • the login service limits data collection to the user’s name and email address;
    • the login service allows users to keep their email address private as part of setting up their account; and
    • the login service does not track users ascollect interactions with your app for advertising purposes without consent.

    A user’s primary account is the account they interactestablish with your app A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.

    Another login service is not required if:

    • Your app exclusively uses your company’s own account setup and sign-in systems.
    • Your app is an alternative app marketplace, or an app distributed from an alternative app marketplace, that uses a marketplace-specific login for account, download, and commerce features.
    • Your app is an education, enterprise, or business app that requires the user to sign in with an existing education or enterprise account.
    • Your app uses a government or industry-backed citizen identification system or electronic ID to authenticate users.
    • Your app is a client for a specific third-party service and users are required to sign in to their mail, social media, or other third-party account directly to access their content.

  • 5.1 PrivacyASR & NR
    • 5.1.1 Data Collection and StorageASR & NR
      • (v) Account Sign-In: If your app doesn’t include significant account-based features, let people use it without a login. If your app supports account creation, you must also offer account deletion within the app. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, TwitterX, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or inviting friends to use the app are not considered core app functionality. The app must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app. An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.
      • (viii) Apps that compile personal information from any source that is not directly from the user or without the user’s explicit consent, even public databases, are not permitted on the App Store or alternative app marketplaces.
    • 5.1.5 Location ServicesASR & NR

      Use Location Services in your app only when it is directly relevant to the features and services in your app only when it is directly relevant to the features and services provided by the app. Location-based APIs shouldn’t be used to provide emergency services or autonomous control over vehicles, aircraft, and other devices, except for small devices such as lightweight drones and toys, or remote control car alarm systems, etc. Ensure that you notify and obtain consent before collecting, transmitting, or using location data. If your app uses location servicesLocation Services, be sure to explain the purpose in your app; refer to the Human Interface Guidelines for best practices for doing so.

  • 5.4 VPN AppsASR & NR

    Apps offering VPN services must utilize the NEVPNManager API and may only be offered by developers enrolled as an organization. You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. Apps offering VPN services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. VPN apps must not violate local laws, and if you choose to make your VPN app available in a territory that requires a VPN license, you must provide your license information in the App Review Notes field. Parental control, content blocking, and security apps, among others, from approved providers may also use the NEVPNManager API. Apps that do not comply with this guideline will be removed from the App Store and blocked from installing via alternative distribution and you may be removed from the Apple Developer Program.

  • 5.5 Mobile Device ManagementASR & NR

    Mobile Device Management Apps that offer Mobile Device Management (MDM) services must request this capability from Apple. Such apps may only be offered by commercial enterprises, educational institutions, or government agencies, and in limited cases, companies using MDM for parental control services or device security. You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. MDM apps must not violate any applicable laws. Apps offering MDM services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. In limited cases, third-party analytics may be permitted provided that the services only collect or transmit data about the performance of the developer’s MDM app, and not any data about the user, the user’s device, or other apps used on that device. Apps offering configuration profiles must also adhere to these requirements. Apps that do not comply with this guideline will be removed from the App Store and blocked from installing via alternative distribution and you may be removed from the Apple Developer Program.

  • 5.6 Developer Code of ConductASR & NR

    Customer trust is thea cornerstone of the App Store’s successecosystem. Apps should never prey on users or attempt to rip off customers, trick them into making unwanted purchases, force them to share unnecessary data, raise prices in a tricky manner, charge for features or content that are not delivered, or engage in any other manipulative practices within or outside of the app.

    • 5.6.2 Developer IdentityASR & NR

      Providing verifiable information to Apple and customers is critical to customer trust. Your representation of yourself, your business, and your offerings on the App Store or alternative app marketplaces must be accurate. The information you provide must be truthful, relevant, and up-to-date so that Apple and customers understand who they are engaging with and can contact you regarding any issues.

  • After You Submit

    • Timing: App Review will examine your app as soon as we can. However, if your app is complex or presents new issues, it may require greater scrutiny and consideration. And remember that if your app is repeatedly rejected for the same guideline violation or you’ve attempted to manipulate the App Reviewreview process, review of your app will take longer to complete. Learn more about App Review.
    • Bug Fix Submissions: For apps that are already on the App Store or an alternative app marketplace, bug fixes will no longernot be delayed over guideline violations except for those related to legal or safety issues. If your app has been rejected, and qualifies for this process, please use App Store Connect to communicate directly with the App Review team indicating that you would like to take advantage of this process and plan to address the issue in your next submission.

    January 29, 2024

    Updated rules on app distribution in the European Union and more

    Apple has updated their App Store Review Guidelines to support updated policies, upcoming features, and to provide clarification. They now also indicate which guidelines only apply to Notarization for iOS apps in the European Union.

    As you will see in the changes, Apple is now indicating which guidelines apply to Notarization with a small key icon. To better understand the context, we are showing the full guidelines for a section that has a key icon, even though the guidelines themselves nay not have changed.

    For sections where only some guidelines apply for Notarization, only those guidelines have been included, unless they have changed in some other way. For example, guideline 2.5.15 is not included, since it is does not apply for Notarization even though some of the other guidelines under section 2.5 do.

    Apple’s own summary can be found here.

    The complete set of changes can be seen below:

    Before You Submit

    Guidelines that include ASR & NR apply to Notarization for iOS apps in the EU.

  • 1.1 Objectionable Content
    • 1.1.6ASR & NR False information and features, including inaccurate device data or trick/joke functionality, such as fake location trackers. Stating that the app is “for entertainment purposes” won’t overcome this guideline. Apps that enable anonymous or prank phone calls or SMS/MMS messaging will be rejected.
  • 1.4 Physical HarmASR & NR

    If your app behaves in a way that risks physical harm, we may reject it. For example:

    • 1.4.1ASR & NR Medical apps that could provide inaccurate data or information, or that could be used for diagnosing or treating patients may be reviewed with greater scrutiny.
      • Apps must clearly disclose data and methodology to support accuracy claims relating to health measurements, and if the level of accuracy or methodology cannot be validated, we will reject your app. For example, apps that claim to take x-rays, measure blood pressure, body temperature, blood glucose levels, or blood oxygen levels using only the sensors on the device are not permitted.
      • Apps should remind users to check with a doctor in addition to using the app and before making medical decisions.
      If your medical app has received regulatory clearance, please submit a link to that documentation with your app.
    • 1.4.2ASR & NR Drug dosage calculators must come from the drug manufacturer, a hospital, university, health insurance company, pharmacy or other approved entity, or receive approval by the FDA or one of its international counterparts. Given the potential harm to patients, we need to be sure that the app will be supported and updated over the long term.
    • 1.4.3ASR & NR Apps that encourage consumption of tobacco and vape products, illegal drugs, or excessive amounts of alcohol are not permitted on the App Store. Apps that encourage minors to consume any of these substances will be rejected. Facilitating the sale of controlled substances (except for licensed pharmacies and licensed or otherwise legal cannabis dispensaries), or tobacco is not allowed.
    • 1.4.4ASR & NR Apps may only display DUI checkpoints that are published by law enforcement agencies, and should never encourage drunk driving or other reckless behavior such as excessive speed.
    • 1.4.5ASR & NR Apps should not urge customers to participate in activities (like bets, challenges, etc.) or use their devices in a way that risks physical harm to themselves or others.
  • 1.5 Developer InformationASR & NR

    People need to know how to reach you with questions and support issues. Make sure your app and its Support URL include an easy way to contact you; this is particularly important for apps that may be used in the classroom. Failure to include accurate and up-to-date contact information not only frustrates customers, but may violate the law in some countries or regions. Also ensure that Wallet passes include valid contact information from the issuer and are signed with a dedicated certificate assigned to the brand or trademark owner of the pass.

  • 1.6 Data SecurityASR & NR

    Apps should implement appropriate security measures to ensure proper handling of user information collected pursuant to the Apple Developer Program License Agreement and these Guidelines (see Guideline 5.1 for more information) and prevent its unauthorized use, disclosure, or access by third parties.

  • 2.3 Accurate MetadataASR & NR

    Customers should know what they’re getting when they download or buy your app, so make sure all your app metadata, including privacy information, your app description, screenshots, and previews accurately reflect the app’s core experience and remember to keep them up-to-date with new versions.

    • 2.3.1
      • (a)ASR & NR Don’t include any hidden, dormant, or undocumented features in your app; your app’s functionality should be clear to end users and App Review. All new features, functionality, and product changes must be described with specificity in the Notes for Review section of App Store Connect (generic descriptions will be rejected) and accessible for review. Similarly, marketing your app in a misleading way, such as by promoting content or services that it does not actually offer (e.g. iOS-based virus and malware scanners) or promoting a false price, whether within or outside of the App Store, is grounds for removal of your app from the App Store and termination of your developer account.
      • (b) Egregious or repeated behavior is grounds for removal from the Apple Developer Program. We work hard to make the App Store a trustworthy ecosystem and expect our app developers to follow suit; if you’re dishonest, we don’t want to do business with you.
    • 2.3.5ASR & NR Select the most appropriate category for your app, and check out the App Store Category Definitions if you need help. If you’re way off base, we may change the category for you.
    • 2.3.6ASR & NR Answer the age rating questions in App Store Connect honestly so that your app aligns properly with parental controls. If your app is mis-rated, customers might be surprised by what they get, or it could trigger an inquiry from government regulators. If your app includes media that requires the display of content ratings or warnings (e.g. films, music, games, etc.), you are responsible for complying with local requirements in each territory where your app is available.
    • 2.3.7ASR & NR Choose a unique app name, assign keywords that accurately describe your app, and don’t try to pack any of your metadata with trademarked terms, popular app names, pricing information, or other irrelevant phrases just to game the system. App names must be limited to 30 characters. Metadata such as app names, subtitles, screenshots, and previews should not include prices, terms, or descriptions that are not specific to the metadata type. App subtitles are a great way to provide additional context for your app; they must follow our standard metadata rules and should not include inappropriate content, reference other apps, or make unverifiable product claims. Apple may modify inappropriate keywords at any time or take other appropriate steps to prevent abuse.
    • 2.3.8ASR & NR Metadata should be appropriate for all audiences, so make sure your app and in-app purchase icons, screenshots, and previews adhere to a 4+ age rating even if your app is rated higher. For example, if your app is a game that includes violence, select images that don’t depict a gruesome death or a gun pointed at a specific character. Use of terms like “For Kids” and “For Children” in app metadata is reserved for the Kids Category. Remember to ensure your metadata, including app name and icons (small, large, Apple Watch app, alternate icons, etc.), are similar to avoid creating confusion.
  • 2.4 Hardware Compatibility
    • 2.4.2ASR & NR Design your app to use power efficiently and be used in a way that does not risk damage to the device. Apps should not rapidly drain battery, generate excessive heat, or put unnecessary strain on device resources. For example, apps should not encourage placing the device under a mattress or pillow while charging or perform excessive write cycles to the solid state drive. Apps, including any third-party advertisements displayed within them, may not run unrelated background processes, such as cryptocurrency mining.
    • 2.4.4ASR & NR Apps should never suggest or require a restart of the device or modifications to system settings unrelated to the core functionality of the app. For example, don’t encourage users to turn off Wi-Fi, disable security features, etc.
  • 2.5 Software Requirements
    • 2.5.1ASR & NR Apps may only use public APIs and must run on the currently shipping OS. Learn more about public APIs. Keep your apps up-to-date and make sure you phase out any deprecated features, frameworks or technologies that will no longer be supported in future versions of an OS. Apps should use APIs and frameworks for their intended purposes and indicate that integration in their app description. For example, the HomeKit framework should provide home automation services; and HealthKit should be used for health and fitness purposes and integrate with the Health app.
    • 2.5.2ASR & NR Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces or changes features or functionality of the app, including other apps. Educational apps designed to teach, develop, or allow students to test executable code may, in limited circumstances, download code provided that such code is not used for other purposes. Such apps must make the source code provided by the app completely viewable and editable by the user.
    • 2.5.3ASR & NR Apps that transmit viruses, files, computer code, or programs that may harm or disrupt the normal operation of the operating system and/or hardware features, including Push Notifications and Game Center, will be rejected. Egregious violations and repeat behavior will result in removal from the Apple Developer Program.
    • 2.5.4ASR & NR Multitasking apps may only use background services for their intended purposes: VoIP, audio playback, location, task completion, local notifications, etc.
    • 2.5.6 Apps that browse the web must use the appropriate WebKit framework and WebKit JavaScript. You may apply for an entitlement to use an alternative web browser engine in your app. Learn more about these entitlements.
    • 2.5.7 Video streaming content over a cellular network longer than 10 minutes must use HTTP Live Streaming and include a baseline 192 kbps HTTP Live streamIntentionally omitted.
    • 2.5.9ASR & NR Apps that alter or disable the functions of standard switches, such as the Volume Up/Down and Ring/Silent switches, or other native user interface elements or behaviors will be rejected. For example, apps should not block links out to other apps or other features that users would expect to work a certain way. Learn more about proper handling of links.
    • 2.5.11ASR & NR SiriKit and Shortcuts
      • (i) Apps integrating SiriKit and Shortcuts should only sign up for intents they can handle without the support of an additional app and that users would expect from the stated functionality. For example, if your app is a meal planning app, you should not incorporate an intent to start a workout, even if the app shares integration with a fitness app.
      • (ii) Ensure that the vocabulary and phrases in your plist pertains to your app and the Siri functionality of the intents the app has registered for. Aliases must relate directly to your app or company name and should not be generic terms or include third-party app names or services.
      • (iii) Resolve the Siri request or Shortcut in the most direct way possible and do not insert ads or other marketing between the request and its fulfillment. Only request a disambiguation when required to complete the task (e.g. asking the user to specify a particular type of workout).
    • 2.5.12ASR & NR Apps using CallKit or including an SMS Fraud Extension should only block phone numbers that are confirmed spam. Apps that include call-, SMS-, and MMS- blocking functionality or spam identification must clearly identify these features in their marketing text and explain the criteria for their blocked and spam lists. You may not use the data accessed via these tools for any purpose not directly related to operating or improving your app or extension (e.g. you may not use, share, or sell it for tracking purposes, creating user profiles, etc.).
    • 2.5.13ASR & NR Apps using facial recognition for account authentication must use LocalAuthentication (and not ARKit or other facial recognition technology) where possible, and must use an alternate authentication method for users under 13 years old.
    • 2.5.14ASR & NR Apps must request explicit user consent and provide a clear visual and/or audible indication when recording, logging, or otherwise making a record of user activity. This includes any use of the device camera, microphone, screen recordings, or other user inputs.
    • 2.5.16ASR & NR Widgets, extensions, and notifications should be related to the content and functionality of your app.
      • (a) Additionally, all App Clips,Clip widgets, extensions, and notifications should be related to the contentfeatures and functionality of yourmust be included in the main app binary. Additionally, all App Clip features and functionality must be included in the main app binary. App Clips cannot contain advertising.
    • 2.5.17ASR & NR Apps that support Matter must use Apple’s support framework for Matter to initiate pairing. In addition, if you choose to use any Matter software component in your app other than the Matter SDK provided by Apple, the software component must be certified by the Connectivity Standards Alliance for the platform it runs on.
    • 2.5.18ASR & NR Display advertising should be limited to your main app binary, and should not be included in extensions, App Clips, widgets, notifications, keyboards, watchOS apps, etc. Ads displayed in an app must be appropriate for the app’s age rating, allow the user to see all information used to target them for that ad (without requiring the user to leave the app), and may not engage in targeted or behavioral advertising based on sensitive user data such as health/medical data (e.g. from the HealthKit APIs), school and classroom data (e.g. from ClassKit), or from kids (e.g. from apps in the Kids Category), etc. Interstitial ads or ads that interrupt or block the user experience must clearly indicate that they are an ad, must not manipulate or trick users into tapping into them, and must provide easily accessible and visible close/skip buttons large enough for people to easily dismiss the ad. Apps that contain ads must also include the ability for users to report any inappropriate or age-inappropriate ads.
  • 3.1 Payments
    • 3.1.2 Subscriptions: Apps may offer auto-renewingrenewable in-app purchase subscriptions, regardless of category on the App Store. When incorporating auto-renewable subscriptions into your app, be sure to follow the guidelines below.
    • 3.1.2(a) Permissible uses: If you offer an auto-renewingrenewable subscription, you must provide ongoing value to the customer, and the subscription period must last at least seven days and be available across all of the user’s devices. While the following list is not exhaustive, examples of appropriate subscriptions include: new game levels; episodic content; multiplayer support; apps that offer consistent, substantive updates; access to large collections of, or continually updated, media content; software as a service (“SAAS”); and cloud support. In addition:
      • Auto-renewingrenewable subscription apps may offer a free trial period to customers by providing the relevant information set forth in App Store Connect. Learn more about providing subscription offers.
      • Cellular carrier apps may include auto-renewingrenewable music and video subscriptions when purchased in bundles with new cellular data plans, with prior approval by Apple. Other auto-renewingrenewable subscriptions may also be included in bundles when purchased with new cellular data plans, with prior approval by Apple, if the cellular carrier apps support in-app purchase for users. Such subscriptions cannot include access to or discounts on consumable items, and the subscriptions must terminate coincident with the cellular data plan.
    • 3.1.2(c) Subscription Information: Before asking a customer to subscribe, you should clearly describe what the user will get for the price. How many issues per month? How much cloud storage? What kind of access to your service? Ensure you clearly communicate the requirements described in Schedule 2 of the Apple Developer Program License Agreement, found in Agreements, Tax, and Banking.
    • 3.1.6 Apple Pay: Apps using Apple Pay must provide all material purchase information to the user prior to sale of any good or service and must use Apple Pay branding and user interface elements correctly, as described in the Apple Pay Marketing Guidelines and Human Interface Guidelines. Apps using Apple Pay to offer recurring payments must, at a minimum, disclose the following information:
      • The length of the renewal term and the fact that it will continue until canceled
      • What will be provided during each period
      • The actual charges that will be billed to the customer
      • How to cancel
  • 3.2 Other Business Model Issues
    • 3.2.2 Unacceptable
      • (ii) Monetizing built-in capabilities provided by the hardware or operating system, such as Push Notifications, the camera, or the gyroscope; or Apple services, such as Apple Music access or iCloud storageIntentionally omitted.
      • (vi) Apps should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc. Apps should not require users to rate the app, review the app, watch videos, download other apps, tap on advertisements, enable tracking, or take other similar actions in order to access functionality, content, use the app, or receive monetary or other compensation, including but not limited to gift cards and codesIntentionally omitted.
  • 4.1 Copycats
    • (a) Come up with your own ideas. We know you have them, so make yours come to life. Don’t simply copy the latest popular app on the App Store, or make some minor changes to another app’s name or UI and pass it off as your own. In addition to risking an intellectual property infringement claim, it makes the App Store harder to navigate and just isn’t fair to your fellow developers.
    • (b)ASR & NR Submitting apps which impersonate other apps or services is considered a violation of the Developer Code of Conduct and may result in removal from the Apple Developer Program.
  • 4.2 Minimum Functionality
    • 4.2.4 Apple Watch apps that appear to be a watch face are confusing, because people will expect them to work with device features such as swipes, notifications, and third-party complications. Creative ways of expressing time as an app interface is great (say, a tide clock for surfers), but if your app comes too close to resembling a watch face, we will reject itIntentionally omitted.
    • 4.2.5 Apps that are primarily iCloud and iCloud Drive file managers need to include additional app functionality to be approvedIntentionally omitted.
  • 4.3 Spam
    • (a)ASR & NR Don’t create multiple Bundle IDs of the same app. If your app has different versions for specific locations, sports teams, universities, etc., consider submitting a single app and provide the variations using in-app purchase.
    • (b) Also avoid piling on to a category that is already saturated; the App Store has enough fart, burp, flashlight, fortune telling, dating, drinking games, and Kama Sutra apps, etc. already. We will reject these apps unless they provide a unique, high-quality experience. Spamming the store may lead to your removal from the Apple Developer Program.
  • 4.4 ExtensionsASR & NR

    Apps hosting or containing extensions must comply with the App Extension Programming Guide, the Safari App Extensions documentation, or the Safari Web Extensions documentation and should include some functionality, such as help screens and settings interfaces where possible. You should clearly and accurately disclose what extensions are made available in the app’s marketing text, and the extensions may not include marketing, advertising, or in-app purchases.

    • 4.4.1ASR & NR Keyboard extensions have some additional rules.

      They must:

      • Provide keyboard input functionality (e.g. typed characters);
      • Follow Sticker guidelines if the keyboard includes images or emoji;
      • Provide a method for progressing to the next keyboard;
      • Remain functional without full network access and without requiring full access;
      • Collect user activity only to enhance the functionality of the user’s keyboard extension on the iOS device.

      They must not:

      • Launch other apps besides Settings; or
      • Repurpose keyboard buttons for other behaviors (e.g. holding down the “return” key to launch the camera).
    • 4.4.2ASR & NR Safari extensions must run on the current version of Safari on the relevant Apple operating system. They may not interfere with System or Safari UI elements and must never include malicious or misleading content or code. Violating this rule will lead to removal from the Apple Developer Program. Safari extensions should not claim access to more websites than strictly necessary to function.
    • 4.4.3 Stickers Stickers are a great way to make Messages more dynamic and fun, letting people express themselves in clever, funny, meaningful ways. Whether your app contains a sticker extension or you’re creating free-standing sticker packs, its content shouldn’t offend users, create a negative experience, or violate the law.
      • (i) In general, if it wouldn’t be suitable for the App Store, it doesn’t belong in a stickerIntentionally omitted.
      • (ii) Consider regional sensitivities, and do not make your sticker pack available in a country or region where it could be poorly received or violate local law.
      • (iii) If we don’t understand what your stickers mean, include a clear explanation in your review notes to avoid any delays in the review process.
      • (iv) Ensure your stickers have relevance beyond your friends and family; they should not be specific to personal events, groups, or relationships.
      • (v) You must have all the necessary copyright, trademark, publicity rights, and permissions for the content in your stickers, and shouldn’t submit anything unless you’re authorized to do so. Keep in mind that you must be able to provide verifiable documentation upon request. Apps with sticker content you don’t have rights to use will be removed from the App Store and repeat offenders will be removed from the Apple Developer Program. If you believe your content has been infringed by another provider, submit a claim here.
  • 4.5 Apple Sites and Services
    • 4.5.1ASR & NR Apps may use approved Apple RSS feeds such as the iTunes Store RSS feed, but may not scrape any information from Apple sites (e.g. apple.com, the iTunes Store, App Store, App Store Connect, developer portal, etc.) or create rankings using this information.
    • 4.5.2ASR & NR Apple Music
      • (i) MusicKit on iOS lets users play Apple Music and their local music library natively from your apps and games. When a user provides permission to their Apple Music account, your app can create playlists, add songs to their library, and play any of the millions of songs in the Apple Music catalog. Users must initiate the playback of an Apple Music stream and be able to navigate using standard media controls such as “play,” “pause,” and “skip.” Moreover, your app may not require payment or indirectly monetize access to the Apple Music service (e.g. in-app purchase, advertising, requesting user info, etc.). Do not download, upload, or enable sharing of music files sourced from the MusicKit APIs, except as explicitly permitted in MusicKit documentation.
      • (ii) Using the MusicKit APIs is not a replacement for securing the licenses you might need for a deeper or more complex music integration. For example, if you want your app to play a specific song at a particular moment, or to create audio or video files that can be shared to social media, you’ll need to contact rights-holders directly to get their permission (e.g. synchronization or adaptation rights) and assets. Cover art and other metadata may only be used in connection with music playback or playlists (including App Store screenshots displaying your app’s functionality), and should not be used in any marketing or advertising without getting specific authorization from rights-holders. Make sure to follow the Apple Music Identity Guidelines when integrating Apple Music services in your app.
      • (iii) Apps that access Apple Music user data, such as playlists and favorites, must clearly disclose this access in the purpose string. Any data collected may not be shared with third parties for any purpose other than supporting or improving the app experience. This data may not be used to identify users or devices, or to target advertising.
    • 4.5.3ASR & NR Do not use Apple Services to spam, phish, or send unsolicited messages to customers, including Game Center, Push Notifications, etc. Do not attempt to reverse lookup, trace, relate, associate, mine, harvest, or otherwise exploit Player IDs, aliases, or other information obtained through Game Center, or you will be removed from the Apple Developer Program.
    • 4.5.4ASR & NR Push Notifications must not be required for the app to function, and should not be used to send sensitive personal or confidential information. Push Notifications should not be used for promotions or direct marketing purposes unless customers have explicitly opted in to receive them via consent language displayed in your app’s UI, and you provide a method in your app for a user to opt out from receiving such messages. Abuse of these services may result in revocation of your privileges.
    • 4.5.5ASR & NR Only use Game Center Player IDs in a manner approved by the Game Center terms and do not display them in the app or to any third party.
    • 4.5.6ASR & NR Apps may use Unicode characters that render as Apple emoji in their app and app metadata. Apple emoji may not be used on other platforms or embedded directly in your app binary.
  • 4.6 Alternate App IconsASR & NR

    Apps may display customized icons, for example, to reflect a sports team preference, provided that each change is initiated by the user and the app includes settings to revert to the original icon. All icon variants must relate to the content of the app and changes should be consistent across all system assets, so that the icons displayed in Settings, Notifications, etc. match the new springboard icon. This feature may not be used for dynamic, automatic, or serial changes, such as to reflect up-to-date weather information, calendar notifications, etc.

  • 4.7 HTML5 GamesMini apps, Botsmini games, etc.streaming games, chatbots, and plug-ins

    Apps may contain or run codeoffer certain software that is not embedded in the binary (e.g. HTML5-based, specifically mini apps, mini games, botsstreaming games, etcchatbots, and plug-ins.), as long as code distribution isn’t the main purpose of the You are responsible for all such software offered in your app, the code isincluding ensuring that such software complies with these Guidelines and all applicable laws. Software that does not offered in a store or store-like interface, and providedcomply with one or more guidelines will lead to the rejection of your app. You must also ensure that the software adheres to the additional rules that follow in 4.7.1 and 4.7.25. These additional rules are important to preserve the experience that App Store customers expect, and to help ensure user safety.

    • 4.7.1 Software offered in apps under this rule must:
      • be free or purchased usingfollow all privacy guidelines, including but not limited to the rules set forth in Guideline 5.1 concerning collection, use, and sharing of data, and sensitive data (such as health and personal data from kids);
      • include a method for filtering objectionable material, a mechanism to report content and timely responses to concerns, and the ability to block abusive users; and
      • use in-app purchase; only use capabilities available in a standard WebKit view (e.g. it must open and run natively in Safari without modifications or additional software); and use WebKit and JavaScript Core to run third-party software and should not attempt to extend or expose native platform APIs to third-party software; be offered by developers that have joined the Apple Developer Program and signed the Apple Developer Program License Agreement; not provide access to real money gaming; adhere to the terms of these App Store Review Guidelines (e.g. do not include objectionable content); and not in order to offer digital goods or services for saleto end users.
    • 4.7.2 Upon request, youYour app may not extend or expose native platform APIs to the software without prior permission from Apple.
    • 4.7.3 Your app may not share data or privacy permissions to any individual software offered in your app without explicit user consent in each instance.
    • 4.7.4 You must provide an index of software and metadata available in your app. It must include Apple Developer Program Team IDs for the providersuniversal links that lead to all of the software along with a URL which App Review can use to confirm that the software complies with the requirements aboveoffered in your app.
    • 4.7.5 Your app must share the age rating of the highest age-rated content available in your app.
  • 4.8 Sign in with AppleLogin ServicesASR & NR

    Apps that use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option. A another login service with the following features:

    • the login service limits data collection to the user’s name and email address
    • the login service allows users to keep their email address private as part of setting up their account
    • the login service does not track users as they interact with your app

    A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.

    Sign in with AppleAnother login service is not required if:

    • Your app exclusively uses your company’s own account setup and sign-in systems.
    • Your app is an education, enterprise, or business app that requires the user to sign in with an existing education or enterprise account.
    • Your app uses a government or industry-backed citizen identification system or electronic ID to authenticate users.
    • Your app is a client for a specific third-party service and users are required to sign in to their mail, social media, or other third-party account directly to access their content.

  • 4.9 Streaming gamesApple PayASR & NR

    Streaming games are permitted so long as they adhere toApps using Apple Pay must provide all guidelines—for examplematerial purchase information to the user prior to sale of any good or service and must use Apple Pay branding and user interface elements correctly, as described in the Apple Pay Marketing Guidelines and Human Interface Guidelines. Apps using Apple Pay to offer recurring payments must, at a minimum, disclose the following information:

    • The length of the renewal term and the fact that it will continue until canceled
    • What will be provided during each game update must be submitted for review, developers must provide appropriate metadata for search, games must use in-app purchase to unlock features or functionality, etc. Of course, there is always the open Internet and web browser apps to reach all users outside of the App Store.period
    • The actual charges that will be billed to the customer
    • How to cancel
  • 4.910 Monetizing Built-In CapabilitiesASR & NR

    You may not monetize built-in capabilities provided by the hardware or operating system, such as Push Notifications, the camera, or the gyroscope; or Apple services and technologies, such as Apple Music access, iCloud storage, or Screen Time APIs.1 Each streaming game must be submitted to the App Store as an individual app so that it has an App Store product page, appears in charts and search, has user ratings and review, can be managed with ScreenTime and other parental control apps, appears on the user’s device, etc.

  • 4.9.2 Streaming game services may offer a catalog app on the App Store to help users sign up for the service and find the games on the App Store, provided that the app adheres to all guidelines, including offering users the option to pay for a subscription with in-app purchase and use Sign in with Apple. All the games included in the catalog app must link to an individual App Store product page.
  • Apps must comply with all legal requirements in any location where you make them available (if you’re not sure, check with a lawyer). We know this stuff is complicated, but it is your responsibility to understand and make sure your app conforms with all local laws, not just the guidelines below. And of course, apps that solicit, promote, or encourage criminal or clearly reckless behavior will be rejected. In extreme cases, such as apps that are found to facilitate human trafficking and/or the exploitation of children, appropriate authorities will be notified.

    • 5.1 PrivacyASR & NR

      Protecting user privacy is paramount in the Apple ecosystem, and you should use care when handling personal data to ensure you’ve complied with privacy best practices, applicable laws, and the terms of the Apple Developer Program License Agreement, not to mention customer expectations. More particularly:

      • 5.1.1 Data Collection and StorageASR & NR
        • (i) Privacy Policies: All apps must include a link to their privacy policy in the App Store Connect metadata field and within the app in an easily accessible manner. The privacy policy must clearly and explicitly:
          • Identify what data, if any, the app/service collects, how it collects that data, and all uses of that data.
          • Confirm that any third party with whom an app shares user data (in compliance with these Guidelines)—such as analytics tools, advertising networks and third-party SDKs, as well as any parent, subsidiary or other related entities that will have access to user data—will provide the same or equal protection of user data as stated in the app’s privacy policy and required by these Guidelines.
          • Explain its data retention/deletion policies and describe how a user can revoke consent and/or request deletion of the user’s data.
        • (ii) Permission: Apps that collect user or usage data must secure user consent for the collection, even if such data is considered to be anonymous at the time of or immediately following collection. Paid functionality must not be dependent on or require a user to grant access to this data. Apps must also provide the customer with an easily accessible and understandable way to withdraw consent. Ensure your purpose strings clearly and completely describe your use of the data. Apps that collect data for a legitimate interest without consent by relying on the terms of the European Union’s General Data Protection Regulation (“GDPR”) or similar statute must comply with all terms of that law. Learn more about Requesting Permission.
        • (iii) Data Minimization: Apps should only request access to data relevant to the core functionality of the app and should only collect and use data that is required to accomplish the relevant task. Where possible, use the out-of-process picker or a share sheet rather than requesting full access to protected resources like Photos or Contacts.
        • (iv) Access: Apps must respect the user’s permission settings and not attempt to manipulate, trick, or force people to consent to unnecessary data access. For example, apps that include the ability to post photos to a social network must not also require microphone access before allowing the user to upload photos. Where possible, provide alternative solutions for users who don’t grant consent. For example, if a user declines to share Location, offer the ability to manually enter an address.
        • (v) Account Sign-In: If your app doesn’t include significant account-based features, let people use it without a login. If your app supports account creation, you must also offer account deletion within the app. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or inviting friends to use the app are not considered core app functionality. The app must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app. An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.
        • (vi) Developers that use their apps to surreptitiously discover passwords or other private data will be removed from the Apple Developer Program.
        • (vii) SafariViewController must be used to visibly present information to users; the controller may not be hidden or obscured by other views or layers. Additionally, an app may not use SafariViewController to track users without their knowledge and consent.
        • (viii) Apps that compile personal information from any source that is not directly from the user or without the user’s explicit consent, even public databases, are not permitted on the App Store.
        • (ix) Apps that provide services in highly regulated fields (such as banking and financial services, healthcare, gambling, legal cannabis use, and air travel) or that require sensitive user information should be submitted by a legal entity that provides the services, and not by an individual developer. Apps that facilitate the legal sale of cannabis must be geo-restricted to the corresponding legal jurisdiction.
        • (x) Apps may request basic contact information (such as name and email address) so long as the request is optional for the user, features and services are not conditional on providing the information, and it complies with all other provisions of these guidelines, including limitations on collecting information from kids.
      • 5.1.2 Data Use and SharingASR & NR
        • (i) Unless otherwise permitted by law, you may not use, transmit, or share someone’s personal data without first obtaining their permission. You must provide access to information about how and where the data will be used. Data collected from apps may only be shared with third parties to improve the app or serve advertising (in compliance with the Apple Developer Program License Agreement). You must receive explicit permission from users via the App Tracking Transparency APIs to track their activity. Learn more about tracking. Your app may not require users to enable system functionalities (e.g., push notifications, location services, tracking) in order to access functionality, content, use the app, or receive monetary or other compensation, including but not limited to gift cards and codes. Apps that share user data without user consent or otherwise complying with data privacy laws may be removed from sale and may result in your removal from the Apple Developer Program.
        • (ii) Data collected for one purpose may not be repurposed without further consent unless otherwise explicitly permitted by law.
        • (iii) Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way.
        • (iv) Do not use information from Contacts, Photos, or other APIs that access user data to build a contact database for your own use or for sale/distribution to third parties, and don’t collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing.
        • (v) Do not contact people using information collected via a user’s Contacts or Photos, except at the explicit initiative of that user on an individualized basis; do not include a Select All option or default the selection of all contacts. You must provide the user with a clear description of how the message will appear to the recipient before sending it (e.g. What will the message say? Who will appear to be the sender?).
        • (vi) Data gathered from the HomeKit API, HealthKit, Clinical Health Records API, MovementDisorder APIs, ClassKit or from depth and/or facial mapping tools (e.g. ARKit, Camera APIs, or Photo APIs) may not be used for marketing, advertising or use-based data mining, including by third parties. Learn more about best practices for implementing CallKit, HealthKit, ClassKit, and ARKit.
        • (vii) Apps using Apple Pay may only share user data acquired via Apple Pay with third parties to facilitate or improve delivery of goods and services.
      • 5.1.4 Kids
        • (a)ASR & NR For many reasons, it is critical to use care when dealing with personal data from kids, and we encourage you to carefully review all the requirements for complying with laws like the Children’s Online Privacy Protection Act (“COPPA”), the European Union’s General Data Protection Regulation (“GDPR”), and any other applicable regulations or laws.

          Apps may ask for birthdate and parental contact information only for the purpose of complying with these statutes, but must include some useful functionality or entertainment value regardless of a person’s age.

          Apps intended primarily for kids should not include third-party analytics or third-party advertising. This provides a safer experience for kids.

        • (b) In limited cases, third-party analytics and third-party advertising may be permitted provided that the services adhere to the same terms set forth in Guideline 1.3.

          Moreover, apps in the Kids Category or those that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must include a privacy policy and must comply with all applicable children’s privacy statutes. For the sake of clarity, the parental gate requirement for the Kid’s Category is generally not the same as securing parental consent to collect personal data under these privacy statutes.

          As a reminder, Guideline 2.3.8 requires that use of terms like “For Kids” and “For Children” in app metadata is reserved for the Kids Category. Apps not in the Kids Category cannot include any terms in app name, subtitle, icon, screenshots or description that imply the main audience for the app is children.

      • 5.1.5 Location ServicesASR & NR

        Use Location services in your app only when it is directly relevant to the features and services provided by the app. Location-based APIs shouldn’t be used to provide emergency services or autonomous control over vehicles, aircraft, and other devices, except for small devices such as lightweight drones and toys, or remote control car alarm systems, etc. Ensure that you notify and obtain consent before collecting, transmitting, or using location data. If your app uses location services, be sure to explain the purpose in your app; refer to the Human Interface Guidelines for best practices for doing so.

    • 5.2 Intellectual Property
      • 5.2.4 Apple Endorsements:Endorsements
        • (a)ASR & NR Don’t suggest or imply that Apple is a source or supplier of the App, or that Apple endorses any particular representation regarding quality or functionality.
        • (b) If your app is selected as an “Editor’s Choice,” Apple will apply the badge automatically.
      • 5.2.5 Apple Products:ProductsASR & NR Don’t create an app that appears confusingly similar to an existing Apple product, interface (e.g. Finder), app (such as the App Store, iTunes Store, or Messages) or advertising theme. Apps and extensions, including third-party keyboards and Sticker packs, may not include Apple emoji. Music from iTunes and Apple Music previews may not be used for their entertainment value (e.g. as the background music to a photo collage or the soundtrack to a game) or in any other unauthorized manner. If you provide music previews from iTunes or Apple Music, you must display a link to the corresponding music in iTunes or Apple Music. If your app displays Activity rings, they should not visualize Move, Exercise, or Stand data in a way that resembles the Activity control. The Human Interface Guidelines have more information on how to use Activity rings. If your app displays Apple Weather data, it should follow the attribution requirements provided in the WeatherKit documentation.
    • 5.4 VPN AppsASR & NR

      Apps offering VPN services must utilize the NEVPNManager API and may only be offered by developers enrolled as an organization. You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. Apps offering VPN services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. VPN apps must not violate local laws, and if you choose to make your VPN app available in a territory that requires a VPN license, you must provide your license information in the App Review Notes field. Parental control, content blocking, and security apps, among others, from approved providers may also use the NEVPNManager API. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program.

    • 5.5 Mobile Device ManagementASR & NR

      Mobile Device Management Apps that offer Mobile Device Management (MDM) services must request this capability from Apple. Such apps may only be offered by commercial enterprises, educational institutions, or government agencies, and in limited cases, companies using MDM for parental control services or device security. You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. MDM apps must not violate any applicable laws. Apps offering MDM services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. In limited cases, third-party analytics may be permitted provided that the services only collect or transmit data about the performance of the developer’s MDM app, and not any data about the user, the user’s device, or other apps used on that device. Apps offering configuration profiles must also adhere to these requirements. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program.

    • 5.6 Developer Code of ConductASR & NR

      Please treat everyone with respect, whether in your responses to App Store reviews, customer support requests, or when communicating with Apple, including your responses in App Store Connect. Do not engage in harassment of any kind, discriminatory practices, intimidation, bullying, and don’t encourage others to engage in any of the above. Repeated manipulative or misleading behavior or other fraudulent conduct will lead to your removal from the Apple Developer Program.

      Customer trust is the cornerstone of the App Store’s success. Apps should never prey on users or attempt to rip off customers, trick them into making unwanted purchases, force them to share unnecessary data, raise prices in a tricky manner, charge for features or content that are not delivered, or engage in any other manipulative practices within or outside of the app.

      Your Developer Program account will be terminated if you engage in activities or actions that are not in accordance with the Developer Code of Conduct. To restore your account, you may provide a written statement detailing the improvements you plan to make. If your plan is approved by Apple and we confirm the changes have been made, your account may be restored.

      • 5.6.2 Developer IdentityASR & NR

        Providing verifiable information to Apple and customers is critical to customer trust. Your representation of yourself, your business, and your offerings on the App Store must be accurate. The information you provide must be truthful, relevant, and up-to-date so that Apple and customers understand who they are engaging with and can contact you regarding any issues.

    After You Submit

    • Appeals: If you disagree with the outcome of your review, or would like to suggest a change to the guideline itself, please submit an appeal. This may help get your app on the store, and it can. You may also suggest changes to the guidelines themselves to help us improve the App Review process or identify a need for clarity in our policies.

    January 17, 2024

    US apps can now link to payment options on developer's website

    Apple has updated their App Store Review Guidelines to now allow apps in the United States, that offer in-app purchases, the ability to include a link to the developer’s website that informs users of other ways to purchase digital goods or services.

    Apple’s full summary can be found here.

    The complete set of changes can be seen below:

  • 3.1 Payments
    • 3.1.1 In-App Purchase:
      • Apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other thanuse in-app purchase, except as set forth in 3.1.3(a). Apps may use in-app purchase currencies to enable customers to “tip” the developer or digital content providers in the app.
  • June 06, 2023

    Ads reporting requirements, consequences of impersonating apps, spelling error fixes and clarifications

    Apple has updated their App Store Review Guidelines on reporting requirements for apps with ads, consequences of impersonating other apps, and more.

    Apple’s full summary can be found here.

    The complete set of changes can be seen below:

  • 2.5 Software Requirements
    • 2.5.6 Apps that browse the web must use the appropriate WebKit framework and WebKit JavascriptJavaScript.
    • 2.5.18 Display advertising should be limited to your main app binary, and should not be included in extensions, App Clips, widgets, notifications, keyboards, watchOS apps, etc. Ads displayed in an app must be appropriate for the app’s age rating, allow the user to see all information used to target them for that ad (without requiring the user to leave the app), and may not engage in targeted or behavioral advertising based on sensitive user data such as health/medical data (e.g. from the HealthKit APIs), school and classroom data (e.g. from ClassKit), or from kids (e.g. from apps in the Kids Category), etc. Interstitial ads or ads that interrupt or block the user experience must clearly indicate that they are an ad, must not manipulate or trick users into tapping into them, and must provide easily accessible and visible close/skip buttons large enough for people to easily dismiss the ad. Apps that contain ads must also include the ability for users to report any inappropriate or age-inappropriate ads.
  • 3.1 Payments
    • 3.1.2(a) Permissible uses: If you offer an auto-renewing subscription, you must provide ongoing value to the customer, and the subscription period must last at least seven days and be available across all of the user’s devices. While the following list is not exhaustive, examples of appropriate subscriptions include: new game levels; episodic content; multiplayer support; apps that offer consistent, substantive updates; access to large collections of, or continually updated, media content; software as a service (“SAAS”); and cloud support. In addition:
      • Cellular carrier apps may include auto-renewing music and video subscriptions in pre-definedwhen purchased in bundles with new cellular data plans, with prior approval by Apple. Other auto-renewing subscriptions may also be included in pre-defined bundles withwhen purchased with new cellular data plans, with prior approval by Apple, if the cellular carrier apps support in-app purchase for new users and the carrier provides a mechanism for customers to revert to in-app purchase upon termination of the customer’s bundled service. Such subscriptions cannot include access to or discounts on consumable items, and the subscriptions must terminate coincident with the cellular data plan.
  • 4.1 Copycats

    Come up with your own ideas. We know you have them, so make yours come to life. Don’t simply copy the latest popular app on the App Store, or make some minor changes to another app’s name or UI and pass it off as your own. In addition to risking an intellectual property infringement claim, it makes the App Store harder to navigate and just isn’t fair to your fellow developers. Submitting apps which impersonate other apps or services is considered a violation of the Developer Code of Conduct and may result in removal from the Apple Developer Program.

  • 4.4 Extensions

    Apps hosting or containing extensions must comply with the App Extension Programming Guide or the , the Safari App Extensions Guidedocumentation, or the Safari Web Extensions documentation and should include some functionality, such as help screens and settings interfaces where possible. You should clearly and accurately disclose what extensions are made available in the app’s marketing text, and the extensions may not include marketing, advertising, or in-app purchases.

    • 4.4.2 Safari extensions must run on the current version of Safari on macOSthe relevant Apple operating system. They may not interfere with System or Safari UI elements and must never include malicious or misleading content or code. Violating this rule will lead to removal from the Apple Developer Program. Safari extensions should not claim access to more websites than strictly necessary to function.
  • 5.1 Privacy
    • 5.1.3 Health and Health Research

      Health, fitness, and medical data are especially sensitive and apps in this space have some additional rules to make sure customer privacy is protected:

      • (i) Apps may not use or disclose to third parties data gathered in the health, fitness, and medical research context—including from the Clinical Health Records API, HealthKit API, Motion and Fitness, MovementDisorderAPIsMovementDisorder APIs, or health-related human subject research—for advertising, marketing, or other use-based data mining purposes other than improving health management, or for the purpose of health research, and then only with permission. Apps may, however, use a user’s health or fitness data to provide a benefit directly to that user (such as a reduced insurance premium), provided that the app is submitted by the entity providing the benefit, and the data is not shared with a third party. You must disclose the specific health data that you are collecting from the device.
  • 5.2 Intellectual Property
    • 5.2.3 Audio/Video Downloading: Apps should not facilitate illegal file sharing or include the ability to save, convert, or download media from third-party sources (e.g. Apple Music, YouTube, SoundCloud, Vimeo, etc.) without explicit authorization from those sources. Streaming of audio/video content may also violate Terms of Use, so be sure to check before your app accesses those services. DocumentationAuthorization must be provided upon request.
  • October 25, 2022

    App Review clarification, new harmful content rule and info about Matter and selling NFTs

    Apple has updated their App Store Review Guidelines expanding more on how to get through App Review, adding a new rule about harmful content, and adding new information about apps that support Matter, and about using in-app purchases to sell NFTs and services related to NFTs.

    Apple’s full summary can be found here.

    The complete set of changes can be seen below:

    Before You Submit

    Make sure you:

    • Provide App Review with full access to your app. If your app includes account-based features, provide either an active demo account and login informationor fully-featured demo mode, plus any other hardware or resources that might be needed to review your app (e.g. login credentials or a sample QR code)
    1.1 Objectionable Content
    • 1.1.4 Overtly sexual or pornographic material, defined as “explicit descriptions or displays of sexual organs or activities intended to stimulate erotic rather than aesthetic or emotional feelings.” This includes “hookup” apps and other apps that may include pornography or be used to facilitate prostitution, or human trafficking and exploitation.
    • 1.1.7 Harmful concepts which capitalize or seek to profit on recent or current events, such as violent conflicts, terrorist attacks, and epidemics.
    2.1 App Completeness

    Submissions to App Review, including apps you make available for pre-order, should be final versions with all necessary metadata and fully functional URLs included; placeholder text, empty websites, and other temporary content should be scrubbed before submission. Make sure your app has been tested on-device for bugs and stability before you submit it, and include demo account info (and turn on your back-end service!) if your app includes a login. If you are unable to provide a demo account due to legal or security obligations, you may include a built-in demo mode in lieu of a demo account with prior approval by Apple. Ensure the demo mode exhibits your app’s full features and functionality. If you offer in-app purchases in your app, make sure they are complete, up-to-date, and visible to the reviewer, or that you explain why not in your review notes. Please don’t treat App Review as a software testing service. We will reject incomplete app bundles and binaries that crash or exhibit obvious technical problems.

    2.5 Software Requirements
    • 2.5.17 Apps that support Matter must use Apple’s support framework for Matter to initiate pairing. In addition, if you choose to use any Matter software component in your app other than the Matter SDK provided by Apple, the software component must be certified by the Connectivity Standards Alliance for the platform it runs on.
    • 2.5.18 Display advertising should be limited to your main app binary, and should not be included in extensions, App Clips, widgets, notifications, keyboards, watchOS apps, etc. Ads displayed in an app must be appropriate for the app’s age rating, allow the user to see all information used to target them for that ad (without requiring the user to leave the app), and may not engage in targeted or behavioral advertising based on sensitive user data such as health/medical data (e.g. from the HealthKit APIs), school and classroom data (e.g. from ClassKit), or from kids (e.g. from apps in the Kids Category), etc. Interstitial ads or ads that interrupt or block the user experience must clearly indicate that they are an ad, must not manipulate or trick users into tapping into them, and must provide easily accessible and visible close/skip buttons large enough for people to easily dismiss the ad.
    3.1 Payments
    • 3.1.1 In-App Purchase:
      • If you want to unlock features or functionality within your app, (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, cryptocurrencies and cryptocurrency wallets, etc. Apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase, except as set forth in 3.1.3(a).
      • Apps may use in-app purchase to sell and sell services related to non-fungible tokens (NFTs), such as minting, listing, and transferring. Apps may allow users to view their own NFTs, provided that NFT ownership does not unlock features or functionality within the app. Apps may allow users to browse NFT collections owned by others, provided that the apps may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase.
    • 3.1.3(g) Advertising Management Apps: Apps for the sole purpose of allowing advertisers (persons or companies that advertise a product, service, or event) to purchase and manage advertising campaigns across media types (television, outdoor, websites, apps, etc.) do not need to use in-app purchase. These apps are intended for campaign management purposes and do not display the advertisements themselves. Digital purchases for content that is experienced or consumed in an app, including buying advertisements to display in the same app (such as sales of “boosts” for posts in a social media app) must use in-app purchase.
    • 3.1.5 Cryptocurrencies:
      • (iii) Exchanges: Apps may facilitate transactions or transmissions of cryptocurrency on an approved exchange, provided they are offered by theonly in countries or regions where the app has appropriate licensing and permissions to provide a cryptocurrency exchange itself.
    • 3.1.7 Advertising: Display advertising should be limited to your main app binary, and should not be included in extensions, App Clips, widgets, notifications, keyboards, watchOS apps, etc. Ads displayed in an app must be appropriate for the app’s age rating, allow the user to see all information used to target them for that ad (without requiring the user to leave the app), and may not engage in targeted or behavioral advertising based on sensitive user data such as health/medical data (e.g. from the HealthKit APIs), school and classroom data (e.g. from ClassKit), or from kids (e.g. from apps in the Kids Category), etc. Interstitial ads or ads that interrupt or block the user experience must clearly indicate that they are an ad, must not manipulate or trick users into tapping into them, and must provide easily accessible and visible close/skip buttons large enough for people to easily dismiss the ad.
    5.2 Intellectual Property
    • 5.2.5 Apple Products: Don’t create an app that appears confusingly similar to an existing Apple product, interface (e.g. Finder), app (such as the App Store, iTunes Store, or Messages) or advertising theme. Apps and extensions, including third-party keyboards and Sticker packs, may not include Apple emoji. Music from iTunes musicand Apple Music previews may not be used for their entertainment value (e.g. as the background music to a photo collage or the soundtrack to a game) or in any other unauthorized manner. If you provide music previews from iTunes or Apple Music, you must display a link to the corresponding music in iTunes or Apple Music. If your app displays Activity rings, they should not visualize Move, Exercise, or Stand data in a way that resembles the Activity control. The Human Interface Guidelines have more information on how to use Activity rings. If your app displays Apple Weather data, it should follow the attribution requirements provided in the WeatherKit documentation.

    June 08, 2022

    Updates in preparation for upcoming OS releases

    Apple has updated their App Store Review Guidelines in preparation of upcoming OS releases.

    Apple’s own summary can be found here.

    The complete set of changes can be seen below:

  • 1.1 Objectionable Content
    • 1.1.4 Overtly sexual or pornographic material, defined by Webster’s Dictionary as “explicit descriptions or displays of sexual organs or activities intended to stimulate erotic rather than aesthetic or emotional feelings.” This includes “hookup” apps that may include pornography or be used to facilitate prostitution.
  • 1.5 Developer Information

    People need to know how to reach you with questions and support issues. Make sure your app and its Support URL include an easy way to contact you; this is particularly important for apps that may be used in the classroom. Failure to include accurate and up-to-date contact information not only frustrates customers, but may violate the law in some countries or regions. Also ensure that Wallet passes include valid contact information from the issuer and are signed with a dedicated certificate assigned to the brand or trademark owner of the pass.

  • 1.7 Reporting Criminal Activity

    Apps for reporting alleged criminal activity must involve local law enforcement, and can only be offered in countries or regions where such involvement is active.

  • 2.5 Software Requirements
    • 2.5.4 Multitasking apps may only use background services for their intended purposes: VoIP, audio playback, location, task completion, local notifications, etc. If your app uses location background mode, include a reminder that doing so may dramatically decrease battery life.
  • 3.1 Payments
  • 4.2 Minimum Functionality
    • 4.2.3
      • (ii) Make sure you include sufficient content in the binary for theIf your app needs to download additional resources in order to function at launch. (iii) If your app needs to download additional resources in order to function on initial launch, disclose the size of the download and prompt users before doing so.
  • 4.4 Extensions
    • 4.4.3 Stickers
      • (ii) Consider regional sensitivities, and do not make your sticker pack available in a country or region where it could be poorly received or violate local law.
  • 4.7 HTML5 Games, Bots, etc.
    • 4.7.1 Software offered under this rule must:
      • not provide access to real money gaming, lotteries, or charitable donations;
  • 5.1.3 Health and Health Research
    • (i) Apps may not use or disclose to third parties data gathered in the health, fitness, and medical research context—including from the Clinical Health Records API, HealthKit API, Motion and Fitness, MovementDisorderAPIs, or health-related human subject research—for advertising, marketing, or other use-based data mining purposes other than improving health management, or for the purpose of health research, and then only with permission. Apps may, however, use a user’s health or fitness data to provide a benefit directly to that user (such as a reduced insurance premium), provided that the app is submitted by the entity providing the benefit, and the data is not be shared with a third party. You must disclose the specific health data that you are collecting from the device.
  • 5.2 Intellectual Property
    • 5.2.5 Apple Products: Don’t create an app that appears confusingly similar to an existing Apple product, interface (e.g. Finder), app (such as the App Store, iTunes Store, or Messages) or advertising theme. Apps and extensions, including third-party keyboards and Sticker packs, may not include Apple emoji. iTunes music previews may not be used for their entertainment value (e.g. as the background music to a photo collage or the soundtrack to a game) or in any other unauthorized manner. If your app displays Activity rings, they should not visualize Move, Exercise, or Stand data in a way that resembles the Activity control. The Human Interface Guidelines have more information on how to use Activity rings. If your app displays Apple Weather data, it should follow the attribution requirements provided in the WeatherKit documentation.
  • 5.3 Gaming, Gambling, and Lotteries
    • 5.3.3 Apps may not use in-app purchase to purchase credit or currency for use in conjunction with real money gaming of any kind, and may not enable people to purchase lottery or raffle tickets or initiate fund transfers in the app.
  • After You Submit

    Once you’ve submitted your app and metadata in App Store Connect and you’re in the review process, here are some things to keep in mind:

    • Rejections: Our goal is to apply these guidelines fairly and consistently, but nobody’s perfect. If your app has been rejected and you have questions or would like to provide additional information, please use App Store Connect to communicate directly with the App Review team. This may help get your app on the store, and it can help us improve the App Review process or identify a need for clarity in our policies. If you still disagree with the outcome, or would like to suggest a change to the guideline itself, please submit an appeal.

    April 05, 2022

    Update on "reader" app distribution

    Apple has updated their App Store Review Guidelines to now allow developers of “reader” apps to include an in-app link to their website for account creation and management purposes.

    Apple’s own summary can be found here.

    The complete set of changes can be seen below:

  • 3.1 Payments
    • 3.1.1 In-App Purchase:
      • If you want to unlock features or functionality within your app, (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc. Apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase, except as set forth in 3.1.3(a).
    • 3.1.3 Other Purchase Methods: The following apps may use purchase methods other than in-app purchase. Apps in this section cannot, within the app, encourage users to use a purchasing method other than in-app purchase, except as set forth in 3.1.3(a). Developers can send communications outside of the app to their user base about purchasing methods other than in-app purchase.
    • 3.1.3(a) “Reader” Apps: Apps may allow a user to access previously purchased content or content subscriptions (specifically: magazines, newspapers, books, audio, music, and video). Reader apps may offer account creation for free tiers, and account management functionality for existing customers. Reader app developers may apply for the External Link Account Entitlement to provide an informational link in their app to a web site the developer owns or maintains responsibility for in order to create or manage an account. Learn more about the External Link Account Entitlement.
  • 5.6 Developer Code of Conduct

    Please treat everyone with respect, whether in your responses to App Store reviews, customer support requests, or when communicating with Apple, including your responses in Resolution CenterApp Store Connect. Do not engage in harassment of any kind, discriminatory practices, intimidation, bullying, and don’t encourage others to engage in any of the above. Repeated manipulative or misleading behavior or other fraudulent conduct will lead to your removal from the Apple Developer Program.

  • After You Submit

    Once you’ve submitted your app and metadata in App Store Connect and you’re in the review process, here are some things to keep in mind:

    • Rejections: Our goal is to apply these guidelines fairly and consistently, but nobody’s perfect. If your app has been rejected and you have questions or would like to provide additional information, please use the Resolution Center to communicate directly with the App Store Connect to communicate directly with the App Review team. This may help get your app on the store, and it can help us improve the App Review process or identify a need for clarity in our policies. If you still disagree with the outcome, or would like to suggest a change to the guideline itself, please submit an appeal.
    • Bug Fix Submissions: For apps that are already on the App Store, bug fixes will no longer be delayed over guideline violations except for those related to legal or safety issues. If your app has been rejected, and qualifies for this process, please use the Resolution Center to communicate directly with the App Store Connect to communicate directly with the App Review team indicating that you would like to take advantage of this process and plan to address the issue in your next submission.

    October 25, 2021

    In-app events, changed purchasing rules and basic contact information requests

    Apple has updated their App Store Review Guidelines with new info about in-app events, changes to rules about targeting individuals regarding purchasing methods other than in-app purchases and new info about requests for basic contact information.

    Apple’s own summary can be found here.

    The complete set of changes can be seen below:

  • 2.3 Accurate Metadata
    • 2.3.13 In-app events are timely events that happen within your app. To feature your event on the App Store, it must fall within an event type provided in App Store Connect. All event metadata must be accurate and pertain to the event itself, rather than the app more generally. Events must happen at the times and dates you select in App Store Connect, including across multiple storefronts. You may monetize your event so long as you follow the rules set forth in Section 3 on Business. And your event deep link must direct users to the proper destination within your app. Read In-App Events for detailed guidance on acceptable event metadata and event deep links.
  • 3.1 Payments
    • 3.1.3 Other Purchase Methods: The following apps may use purchase methods other than in-app purchase. Apps in this section cannot, within the app, encourage users to use a purchasing method other than in-app purchase. Developers cannot use information obtained withincan send communications outside of the app to target individual users outside of the app to usetheir user base about purchasing methods other than in-app purchase (such as sending an individual user an email about other purchasing methods after that individual signs up for an account within the app). Developers can send communications outside of the app to their user base about purchasing methods other than in-app purchase.
  • 5.1 Privacy
    • 5.1.1 Data Collection and Storage
      • (x) Apps may request basic contact information (such as name and email address) so long as the request is optional for the user, features and services are not conditional on providing the information, and it complies with all other provisions of these guidelines, including limitations on collecting information from kids.
  • June 07, 2021

    WWDC 2021

    On the back of this year’s Worldwide Developers Conference, Apple has updated the App Store Review Guidelines with clarifications of existing guidelines, new prohibitions regarding apps facilitating prostitution and reporting crime activity, and much more.

    The complete set of changes can be seen below:

    Introduction

    A few other points to keep in mind:

    • If you attempt to cheat the system (for example, by trying to trick the review process, steal user data, copy another developer’s work, manipulate ratings or App Store discovery) your apps will be removed from the store and you will be expelled from the Apple Developer Program.

    1. Safety

    • 1.1 Objectionable Content
      • 1.1.4 Overtly sexual or pornographic material, defined by Webster’s Dictionary as “explicit descriptions or displays of sexual organs or activities intended to stimulate erotic rather than aesthetic or emotional feelings."” This includes “hookup” apps that may include pornography or be used to facilitate prostitution.
    • 1.2 User -Generated Content
      • 1.2.1 Creator Content
        Apps which feature content from a specific community of users called “creators” are a great opportunity if properly moderated. These apps present a singular, unified experience for customers to interact with various kinds of creator content. They offer tools and programs to help this community of non-developer creators to author, share, and monetize user-generated experiences. These experiences must not change the core features and functionality of the native app—rather, they add content to those structured experiences. These experiences are not native “apps” coded by developers—they are content within the app itself and are treated as user-generated content by App Review. Such creator content may include video, articles, audio, and even casual games. The App Store supports apps offering such user-generated content so long as they follow all Guidelines, including Guideline 1.2 for moderating user-generated content and Guideline 3.1.1 for payments and in-app purchases. Creator apps should share the age rating of the highest age-rated creator content available in the app, and communicate to users which content requires additional purchases.
    • 1.4 Physical Harm

      If your app behaves in a way that risks physical harm, we may reject it. For example:

      • 1.4.3 Apps that encourage consumption of tobacco and vape products, illegal drugs, or excessive amounts of alcohol are not permitted on the App Store. Apps that encourage minors to consume any of these substances will be rejected. Facilitating the sale of controlled substances (except for licensed pharmacies and licensed or otherwise legal cannabis dispensaries), marijuana, or tobacco is not allowed.
    • 1.7 Reporting Criminal Activity

      Apps for reporting alleged criminal activity must involve local law enforcement, and can only be offered in countries where such involvement is active.

    2. Performance

    • 2.2 Beta Testing

      Demos, betas, and trial versions of your app don’t belong on the App Store – use TestFlight instead. Any app submitted for beta distribution via TestFlight should be intended for public distribution and should comply with the App Review Guidelines. Note, however, that apps using TestFlight cannot be distributed to testers in exchange for compensation of any kind, including as a reward for crowd-sourced funding. Significant updates to your beta build should be submitted to TestFlight App Review before being distributed to your testers. To learn more, visit the TestFlight Beta Testing page.

    • 2.3 Accurate Metadata
      • 2.3.1 Don’t include any hidden, dormant, or undocumented features in your app; your app’s functionality should be clear to end users and App Review. All new features, functionality, and product changes must be described with specificity in the Notes for Review section of App Review. All new features, functionality, and product changes must be described with specificity in the Notes for Review section of App Store Connect (generic descriptions will be rejected) and accessible for review. Similarly, you shouldmarketing your app in a misleading way, such as by promoting content or services that it does not market your app on the App Store or offline as including content or services that it does not actually offer (e.g. iOS-based virus and malware scanners) or promoting a false price, whether within or outside of the App Store, is grounds for removal of your app from the App Store and termination of your developer account. Egregious or repeated behavior is grounds for removal from the Apple Developer Program. We work hard to make the App Store a trustworthy ecosystem and expect our app developers to follow suit; if you’re dishonest, we don’t want to do business with you.
      • 2.3.3 Screenshots should show the app in use, and not merely the title art, login page, or splash screen. They may also include text and image overlays (e.g. to demonstrate input mechanisms, such as an animated touch point or Apple Pencil) and show extended functionality on device, such as Touch Bar.
      • 2.3.10 Make sure your app is focused on the iOS, MaciPadOS, Apple TV or Apple WatchmacOS, tvOS or watchOS experience, and don’t include names, icons, or imagery of other mobile platforms in your app or metadata, unless there is specific, approved interactive functionality. Make sure your app metadata is focused on the app itself and its experience. Don’t include irrelevant information, including but not limited to information about Apple or the development process.
    • 2.4 Hardware Compatibility
      • 2.4.4 Apps should never suggest or require a restart of the device or modifications to system settings unrelated to the core functionality of the applicationapp. For example, don’t encourage users to turn off Wi-Fi, disable security features, etc.
      • 2.4.5 Apps distributed via the Mac App Store have some additional requirements to keep in mind:
        • (ii) They must be packaged and submitted using technologies provided in Xcode; no third-party installers allowed. They must also be self-contained, single applicationapp installation bundles and cannot install code or resources in shared locations.
        • (iii) They may not auto-launch or have other code run automatically at startup or login without consent nor spawn processes that continue to run without consent after a user has quit the app. They should not automatically add their icons to the Dock or leave shortcuts on the user desktop.
    • 2.5 Software Requirements
      • 2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces or changes features or functionality of the app, including other apps. Educational apps designed to teach, develop, or allow students to test executable code may, in limited circumstances, download code provided that such code is not used for other purposes. Such apps must make the source code provided by the Applicationapp completely viewable and editable by the user.
      • 2.5.3 Apps that transmit viruses, files, computer code, or programs that may harm or disrupt the normal operation of the operating system and/or hardware features, including Push Notifications and Game Center, will be rejected. Egregious violations and repeat behavior will result in removal from the Apple Developer Program.

    3. Business

    If we find that you have attempted to manipulate reviews, inflate your chart rankings with paid, incentivized, filtered, or fake feedback, or engage with third-party services to do so on your behalf, we will take steps to preserve the integrity of the App Store, which may include expelling you from the Apple Developer Program.

    • 3.1 Payments
      • 3.1.1 In-App Purchase:
        • GiftDigital gift cards, certificates, vouchers, and coupons which can be redeemed for digital goods or services can only be sold in your app using in-app purchase. Physical gift cards that are sold within an app and then mailed to customers may use payment methods other than in-app purchase.
      • 3.1.2(a) Permissible uses:
        • Auto-renewing subscription apps may offer a free trial period to customers by providing the relevant information set forth in App Store Connect. Learn more about Subscription Free Trials.
        • Apps that attempt to scam users will be removed from the App Store. This includes apps that attempt to trick users into purchasing a subscription under false pretenses or engage in bait-and-switch and scam practices; these will be removed from the App Store and you may be removed from the Apple Developer Program. Learn more about Subscription Free Trials.
        • Apps that offerCellular carrier apps may include auto-renewing music and video subscriptions with prior approval by Apple may also be included in pre-defined bundles with cellular data plans offered in, with prior approval by Apple. Other auto-renewing subscriptions may also be included in pre-defined bundles with cellular data plans, with prior approval by Apple, if the cellular carrier apps support in-app purchase for new users and the carrier provides a mechanism for customers to revert to in-app purchase upon termination of the customer’s bundled service. Such subscriptions cannot include access to or discounts on consumable items.
      • 3.1.3 Other Purchase Methods: The following apps may use purchase methods other than in-app purchase. Apps in this section cannot, either within the app or through communications sent to points of contact obtained from account registration within the app (like email or text), encourage users to use a purchasing method other than in-app purchase. Developers cannot use information obtained within the app to target individual users outside of the app to use purchasing methods other than in-app purchase (such as sending an individual user an email about other purchasing methods after that individual signs up for an account within the app). Developers can send communications outside of the app to their user base about purchasing methods other than in-app purchase.
      • 3.1.7 Advertising: Display advertising should be limited to your main app executablebinary, and should not be included in extensions, App Clips, widgets, notifications, keyboards, watchOS apps, etc. Ads displayed in an app must be appropriate for the app’s age rating, allow the user to see all information used to target them for that ad (without requiring the user to leave the app), and may not engage in targeted or behavioral advertising based on sensitive user data such as health/medical data (e.g. from the HealthKit APIs), school and classroom data (e.g. from ClassKit), or from kids (e.g. from apps in the Kids Category), etc. Interstitial ads or ads that interrupt or block the user experience must clearly indicate that they are an ad, must not manipulate or trick users into tapping into them, and must provide easily accessible and visible close/skip buttons large enough for people to easily dismiss the ad.
    • 3.2 Other Business Model Issues
      • 3.2.1 Acceptable
        • (viii) Apps used for financial trading, investing, or money management should come frombe submitted by the financial institution performing such services.

    4. Design

    • 4.2 Minimum Functionality

      Your app should include features, content, and UI that elevate it beyond a repackaged website. If your app is not particularly useful, unique, or “app-like,” it doesn’t belong on the App Store. If your App doesn’t provide some sort of lasting entertainment value or adequate utility, it may not be accepted. Apps that are simply a song or movie should be submitted to the iTunes Store. Apps that are simply a book or game guide should be submitted to the Apple Books Store.

    • 4.3 Spam

      Don’t create multiple Bundle IDs of the same app. If your app has different versions for specific locations, sports teams, universities, etc., consider submitting a single app and provide the variations using in-app purchase. Also avoid piling on to a category that is already saturated; the App Store has enough fart, burp, flashlight, fortune telling, dating, drinking games, and Kama Sutra apps, etc. already. We will reject these apps unless they provide a unique, high-quality experience. Spamming the store may lead to your removal from the Apple Developer Program.

    • 4.4 Extensions
      • 4.4.3 Stickers
        • (v) You must have all the necessary copyright, trademark, publicity rights, and permissions for the content in your stickers, and shouldn’t submit anything unless you’re authorized to do so. Keep in mind that you must be able to provide verifiable documentation upon request. Apps with sticker content you don’t have rights to use will be removed from the App Store and repeat offenders will be removed from the Apple Developer Program. If you believe your content has been infringed by another provider, submit a claim here.
    • 4.5 Apple Sites and Services
      • 4.5.3 Do not use Apple Services to spam, phish, or send unsolicited messages to customers, including Game Center, Push Notifications, etc. Do not attempt to reverse lookup, trace, relate, associate, mine, harvest, or otherwise exploit Player IDs, aliases, or other information obtained through Game Center, or you will be removed from the Apple Developer Program.
    • 4.7 HTML5 Games, Bots, etc.

      Apps may contain or run code that is not embedded in the binary (e.g. HTML5-based games, bots, etc.), as long as code distribution isn’t the main purpose of the app, the code is not offered in a store or store-like interface, and provided that the software (adheres to the additional rules that follow in 4.7.1) is and 4.7.2. These additional rules are important to preserve the experience that App Store customers expect, and to help ensure user safety.

      • 4.7.1 Software offered under this rule must:
        • be free or purchased using in-app purchase; (2)
        • only usesuse capabilities available in a standard WebKit view (e.g. it must open and run natively in Safari without modifications or additional software); your app mustand use WebKit and JavaScript Core to run third-party software and should not attempt to extend or expose native platform APIs to third-party software; (3) is
        • be offered by developers that have joined the Apple Developer Program and signed the Apple Developer Program License Agreement; (4) does
        • not provide access to real money gaming, lotteries, or charitable donations; (5) adheres
        • adhere to the terms of these App Store Review Guidelines (e.g. doesdo not include objectionable content); and (6) does
        • not offer digital goods or services for sale.
      • 4.7.2 Upon request, you must provide an index of software and metadata available in your app. It must include Apple Developer Program Team IDs for the providers of the software along with a URL which App Review can use to confirm that the software complies with the requirements above.
    • 5.1 Privacy
      • 5.1.1 Data Collection and Storage
        • (v) Account Sign-In: If your app doesn’t include significant account-based features, let people use it without a login. If your app supports account creation, you must also offer account deletion within the app. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or inviting friends to use the app are not considered core app functionality. The app must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app. An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.
        • (vi) Developers that use their apps to surreptitiously discover passwords or other private data will be removed from the Apple Developer Program.
        • (ix) Apps that provide services in highly-regulated fields (such as banking and financial services, healthcare, gambling, legal cannabis use, and air travel) or that require sensitive user information should be submitted by a legal entity that provides the services, and not by an individual developer. Apps that facilitate the legal sale of cannabis must be geo-restricted to the corresponding legal jurisdiction.
    • 5.3 Gaming, Gambling, and Lotteries

      GamblingGaming, gaminggambling, and lotteries can be tricky to manage and tend to be one of the most regulated offerings on the App Store. Only include this functionality if you’ve fully vetted your legal obligations everywhere you make your app available and are prepared for extra time during the review process. Some things to keep in mind:

    • 5.5 Mobile Device Management

      Mobile Device Management Apps that offer Mobile Device Management (MDM) services must request this capability from Apple. Such apps may only be offered by commercial enterprises (such as business organizations, educational institutions, or government agencies), and in limited cases, companies using MDM for parental control services or device security. You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. MDM apps must not violate any applicable laws. Apps offering MDM services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. In limited cases, third-party analytics may be permitted provided that the services only collect or transmit data about the performance of the developer’s MDM app, and not any data about the user, the user’s device, or other apps used on that device. Apps offering configuration profiles must also adhere to these requirements. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program.

    • 5.6 Developer Code of Conduct

      Please treat everyone with respect, whether in your responses to App Store reviews, customer support requests, or when communicating with Apple, including your responses in Resolution Center. Do not engage in harassment of any kind, discriminatory practices, intimidation, bullying, and don’t encourage others to engage in any of the above. Repeated manipulative or misleading behavior or other fraudulent conduct will lead to your removal from the Apple Developer Program.

      Your Developer Program account will be terminated if you engage in activities or actions that are not in accordance with the Developer Code of Conduct. To restore your account, you may provide a written statement detailing the improvements you plan to make. If your plan is approved by Apple and we confirm the changes have been made, your account may be restored.

      • 5.6.2 Developer Identity

        Providing verifiable information to Apple and customers is critical to customer trust. Your representation of yourself, your business, and your offerings on the App Store must be accurate. The information you provide must be truthful, relevant, and up-to-date so that Apple and customers understand who they are engaging with and can contact you regarding any issues.

      • 5.6.3 Discovery Fraud

        Participating in the App Store requires integrity and a commitment to building and maintaining customer trust. Manipulating any element of the App Store customer experience such as charts, search reviews, or referrals to your app erodes customer trust and is not permitted.

      • 5.6.4 App Quality

        Customers expect the highest quality from the App Store, and maintaining high quality content, services, and experiences promotes customer trust. Indications that this expectation is not being met include excessive customer reports about concerns with your app, such as negative customer reviews, and excessive refund requests. Inability to maintain high quality may be a factor in deciding whether a developer is abiding by the Developer Code of Conduct.

    After You Submit

    • Bug Fix Submissions: For apps that are already on the App Store, bug fixes will no longer be delayed over guideline violations except for those related to legal or safety issues. If your app has been rejected, and qualifies for this process, please use the Resolution Center to communicate directly with the App Review team indicating that you would like to take advantage of this process and plan to address the issue in your next submission.

    February 02, 2021

    Clarifications and App Tracking Transparency

    Apple has updated the App Store Review Guidelines with support for new features in upcoming OS releases, e.g. App Tracking Transparency, better protection of customers, and more help to get your apps through the review process as smoothly as possible.

    The complete set of changes can be seen below:

  • 1.4 Physical Harm

    If your app behaves in a way that risks physical harm, we may reject it. For example:

    • 1.4.3 Apps that encourage consumption of tobacco and vape products, illegal drugs, or excessive amounts of alcohol are not permitted on the App Store. Apps that encourage minors to consume any of these substances will be rejected. Facilitating the sale of controlled substances (except for licensed pharmacies), marijuana, or tobacco, or controlled substances (except for licensed pharmacies) isn’t is not allowed.
    • 2.3 Accurate Metadata

      Customers should know what they’re getting when they download or buy your app, so make sure all your app metadata, including privacy information, your app description, screenshots, and previews accurately reflect the app’s core experience and remember to keep them up-to-date with new versions.

      • 2.3.7 Choose a unique app name, assign keywords that accurately describe your app, and don’t try to pack any of your metadata with trademarked terms, popular app names, pricing information, or other irrelevant phrases just to game the system. App names must be limited to 30 characters and. Metadata such as app names, subtitles, screenshots, and previews should not include prices, terms, or descriptions that are not the name of the appspecific to the metadata type. App subtitles are a great way to provide additional context for your app; they must follow our standard metadata rules and should not include inappropriate content, reference other apps, or make unverifiable product claims. Apple may modify inappropriate keywords at any time or take other appropriate steps to prevent abuse.
    • 2.4 Hardware Compatibility
      • 2.4.5 Apps distributed via the Mac App Store have some additional requirements to keep in mind:
        • (viii) Apps should run on the currently shipping OS and may not use deprecated or optionally installed technologies (e.g. Java, Rosetta)
    • 3.1 Payments
      • 3.1.1 In-App Purchase:
        • Apps may use in-app purchase currencies to enable customers to “tip” the developer or digital content providers in the app.
        • Any credits or in-game currencies purchased via in-app purchase may not expire, and you should make sure you have a restore mechanism for any restorable in-app purchases.
        • Remember to assign the correct purchasability type or your app will be rejected.
        • Gift cards, certificates, vouchers, and coupons which can be redeemed for digital goods or services can only be sold in your app using in-app purchase.
      • 3.1.2(a) Permissible uses: If you offer an auto-renewing subscription, you must provide ongoing value to the customer, and the subscription period must last at least seven days and be available across all of the user’s devices. While the following list is not exhaustive, examples of appropriate subscriptions include: new game levels; episodic content; multiplayer support; apps that offer consistent, substantive updates; access to large collections of, or continually updated, media content; software as a service (“SAAS”); and cloud support. In addition:
        • Games offered in a streaming game service subscription may offer a single subscription that is shared across third-party apps and services; however, they must be downloaded directly from the App Store, must be designed to avoid duplicate payment by a subscriber, and should not disadvantage non-subscriber customers.
      • 3.1.3(c) Enterprise Services: If your app is only sold directly by you to organizations or groups for their employees or students (for example professional databases and classroom management tools), you may allow enterprise users to access previously-purchased content or subscriptions. Consumer, single user, or family sales must use purchase methods in addition to in-app purchase to collect those payments. Consumer, single user, or family sales must use in-app purchase.
      • 3.1.3(d) Person-to-Person Experiences:Services: If your app enables the purchase of realtime person-to-person experiencesservices between two individuals (for example tutoring students, medical consultations, real estate tours, or fitness training), you may use purchase methods other than in-app purchase to collect those payments. One-to-few and one-to-many realtime experiencesservices must use in-app purchase.
    • 3.2 Other Business Model Issues

      The lists below are not exhaustive, and your submission may trigger a change or update to our policies, but here are some additional dos and don’ts to keep in mind:

      • 3.2.1 Acceptable
        • (vii) Apps may enable individual users to give a monetary gift to another individual without using in-app purchase, provided that (a) the gift is a completely optional choice by the giver, and (b) 100% of the funds go to the receiver of the gift. However, a gift that is connected to or associated at any point in time with receiving digital content or services must use in-app purchase.
        • (viii) Apps used for financial trading, investing, or money management should come from the financial institution performing such services or must use a public API offered by the institution in compliance with its Terms & Conditions.
      • 3.2.2 Unacceptable
        • (ix) Apps offering personal loans must not force users to rate the app, review the app, download other apps, or perform other similar actions in order to access functionality, content, or use of the app. (x) Apps offering personal loans must clearly and conspicuously disclose all loan terms, including but not limited to equivalent maximum Annual Percentage Rate (APR) and payment due date. Apps may not charge a maximum APR higher than 36%, including costs and fees, and may not require repayment in full in 60 days or less.
  • 4.2 Minimum Functionality
    • 4.2.3
      • (iii) If your app needs to download additional resources in order to function on initial launch, disclose the size of the download and prompt users before doing so.
  • 5.1 Privacy
    • 5.1.1 Data Collection and Storage
      • (ix) Apps that provide services in highly-regulated fields (such as banking and financial services, healthcare, gambling, and air travel) or that require sensitive user information should be submitted by a legal entity that provides the services, and not by an individual developer.
    • 5.1.2 Data Use and Sharing
      • (i) Unless otherwise permitted by law, you may not use, transmit, or share someone’s personal data without first obtaining their permission. You must provide access to information about how and where the data will be used. Data collected from apps may only be shared with third parties to improve the app or serve advertising (in compliance with the Apple Developer Program License Agreement). You must receive explicit permission from users via the App Tracking Transparency APIs to track their activity. Learn more about tracking. Apps that share user data without user consent or otherwise complying with data privacy laws may be removed from sale and may result in your removal from the Apple Developer Program.
      • (vii) Apps using Apple Pay may only share user data acquired via Apple Pay may only share user data acquired via Apple Pay with third parties to facilitate or improve delivery of goods and services.
  • After You Submit

    • Appeals: If you disagree with the outcome of your review, or would like to suggest a change to the guideline itself, please submit an appeal. This may help get your app on the store, and it can help us improve the App Review process or identify a need for clarity in our policies.

    September 11, 2020

    New rules for streaming game services and more

    Apple has updated the App Store Review Guidelines with changes to rules related to streaming game services, hidden functionality in apps, and more.

    Mainly, Apple now allows for streaming game services as long as the included games can be downloaded directly from the App Store. Apple has also clarified that so-called “Reader apps”, like Netflix, can offer account creation for free tiers, and they’ve now made it more clear that having hidden, dormant or undocumented features in apps are not allowed, an obvious reference to the Fortnite situation.

    The complete changes can be seen below:

  • 2.3 Accurate Metadata

    Customers should know what they’re getting when they download or buy your app, so make sure your app description, screenshots, and previews accurately reflect the app’s core experience and remember to keep them up-to-date with new versions.

    • 2.3.1 Don’t include any hidden, dormant, or undocumented features in your app; your app’s functionality should be clear to end- users and App Review. All new features, functionality, and product changes must be described with specificity in the Notes for Review section of App Store Connect (generic descriptions will be rejected) and accessible for review. Similarly, you should not market your app on the App Store or offline as including content or services that it does not actually offer (e.g. iOS-based virus and malware scanners). Egregious or repeated behavior is grounds for removal from the Developer Program. We work hard to make the App Store a trustworthy ecosystem and expect our app developers to follow suit; if you’re dishonest, we don’t want to do business with you.
    • 2.3.7 Choose a unique app name, assign keywords that accurately describe your app, and don’t try to pack any of your metadata with trademarked terms, popular app names, pricing information, or other irrelevant phrases just to game the system. App names must be limited to 30 characters and should not include prices, terms, or descriptions that are not the name of the app. App subtitles are a great way to provide additional context for your app; they must follow our standard metadata rules and should not include inappropriate content, reference other apps, or make unverifiable product claims. Apple may modify inappropriate keywords at any time or take other appropriate steps to prevent abuse.
  • 2.5 Software Requirements
    • 2.5.16 App Clips, widgets, extensions, and notifications should be related to the content and functionality of your app. Additionally, all App Clip features and functionality must be included in the main app binary. App Clips cannot contain advertising.
  • 3.1 Payments
    • 3.1.2(a) Permissible uses: If you offer an auto-renewing subscription, you must provide ongoing value to the customer, and the subscription period must last at least seven days and be available across all of the user’s devices. While the following list is not exhaustive, examples of appropriate subscriptions include: new game levels; episodic content; multiplayer support; apps that offer consistent, substantive updates; access to large collections of, or continually updated, media content; software as a service (“SAAS”); and cloud support. In addition:
      • You may offer a single subscription that is shared across your own apps and services, but these subscriptions may not extend to third-party apps or services. Games offered in a streaming game service subscription must be owned or exclusively licensed by the developerdownloaded directly from the App Store, must be designed to avoid duplicate payment by a subscriber, and should not disadvantage non-subscriber customers.
      • Subscriptions must work on all of the user’s devices where the app is available. Learn more about sharing a subscription across your apps.
      • Apps must not force users to rate the app, review the app, download other apps, or other similar actions in order to access functionality, content, or use of the app.
      • As with all apps, those offering subscriptions should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc.
      • Subscriptions may include consumable credits, gems, in-game currencies, etc., and you may offer subscriptions that include access to discounted consumable goods (e.g. not part of a game publishing platform). Each game must be downloaded directly from the App Store, must be designed to avoid duplicate payment by a subscriber, and should not disadvantage non-subscriber customers. Subscriptions must work on all of the user’s devices where the app is available. Learn more about sharing a subscription across your apps. Apps must not force users to rate the app, review the app, download other apps, or other similar actions in order to access functionality, content, or use of the app. As with all apps, those offering subscriptions should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc. Subscriptions may include consumable credits, gems, in-game currencies, etc., and you may offer subscriptions that include access to discounted consumable goods (e.g. a platinum membership that exposes gem-packs for a reduced price).
      • Apps that offer auto-renewing music and video subscriptions with prior approval by Apple may also be included in pre-defined bundles with cellular data plans offered in cellular carrier apps.
    • 3.1.3 Other Purchase Methods: The following apps may use purchase methods other than in-app purchase. Apps in this section cannot, either within the app or through communications sent to points of contact obtained from account registration within the app (like email or text), encourage users to use a purchasing method other than in-app purchase.
    • 3.1.3(a) “Reader” Apps: Apps may allow a user to access previously purchased content or content subscriptions (specifically: magazines, newspapers, books, audio, music, and video). Reader apps may offer account creation for free tiers, access to professional databases, VoIP, cloud storage, and approved services such as classroomand account management apps), provided that you agree not to directly or indirectly target iOS users to use a purchasing method other than in-app purchase, and your general communications about other purchasing methods are not designed to discourage use of in-app purchasefunctionality for existing customers.
    • 3.1.3(b) Multiplatform Services: Apps that operate across multiple platforms may allow users to access content, subscriptions, or features they have acquired in your app on other platforms or your web site, including consumable items in multiplatformmulti-platform games, provided those items are also available as in-app purchases within the app. You must not
    • 3.1.3(c) Enterprise Services: If your app is only sold directly or indirectly target iOS users toby you to organizations or groups for their employees or students (for example professional databases and classroom management tools), you may use a purchasing method other thanpurchase methods in addition to in-app purchase to collect those payments. Consumer, and your general communications about other purchasing methodssingle user, or family sales must not discourage use of in-app purchase.
    • 3.1.3(d) Person-to-Person Experiences: If your app enables the purchase of realtime person-to-person experiences between two individuals (for example tutoring students, medical consultations, real estate tours, or fitness training), you may use purchase methods other than in-app purchase to collect those payments. One-to-few and one-to-many realtime experiences must use in-app purchase.
    • 3.1.3(e) Goods and Services Outside of the App: If your app enables people to purchase physical goods or services that will be consumed outside of the app, you must use purchase methods other than in-app purchase to collect those payments, such as Apple Pay or traditional credit card entry.
    • 3.1.3(f) Free Stand-alone Apps: Free apps acting as a stand-alone companion to a paid web based tool (eg. VOIP, Cloud Storage, Email Services, Web Hosting) do not need to use in-app purchase, provided there is no purchasing inside the app, or calls to action for purchase outside of the app.
    • 3.1.5(a) Goods and Services Outside of the App: If your app enables people to purchase goods or services that will be consumed outside of the app, you must use purchase methods other than in-app purchase to collect those payments, such as Apple Pay or traditional credit card entry.
    • 3.1.5(b) Cryptocurrencies:
    • 3.1.7 Advertising: Display advertising should be limited to your main app executable, and should not be included in extensions, App Clips, widgets, notifications, keyboards, watchOS apps, etc. Ads displayed in an app must be appropriate for the app’s age rating, allow the user to see all information used to target them for that ad (without requiring the user to leave the app), and may not engage in targeted or behavioral advertising based on sensitive user data such as health/medical data (e.g. from the HealthKit APIs), school and classroom data (e.g. from ClassKit), or from kids (e.g. from apps in the Kids Category), etc. Interstitial ads or ads that interrupt or block the user experience must clearly indicate that they are an ad, must not manipulate or trick users into tapping into them, and must provide easily accessible and visible close/skip buttons large enough for people to easily dismiss the ad.
  • 3.2 Other Business Model Issues
    • 3.2.2 Unacceptable
      • (vi) Apps should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc. Apps should not require users to rate the app, review the app, watch videos, download other apps, tap on advertisements, enable tracking, or take other similar actions in order to access functionality, content, use the app, or receive monetary or other compensation, including but not limited to gift cards and codes.
      • (x) Apps offering personal loans must clearly and conspicuously disclose all loan terms, including but not limited to equivalent maximum Annual Percentage Rate (APR) and payment due date. Apps may not charge a maximum APR higher than 36%, including costs and fees, and may not require repayment in full in 60 days or less.
  • 4.5 Apple Sites and Services
    • 4.5.2 Apple Music
      • (i) The MusicKit APIs let customers accesson iOS lets users play Apple Music and their subscription whilelocal music library natively from your apps and games. When a user provides permission to their Apple Music account, your app can create playlists, add songs to their library, and play any of the millions of songs in the Apple Music catalog. Users must initiate the playback of an Apple Music stream and be able to navigate using your app. They are intended for simple music playback by Apple Music subscribers. Users must initiate the playback of an Apple Music stream and be able to navigate using standard media controls such as “play,” “pause,” and “skip.” Moreover, your app may not require payment or indirectly monetize access to the Apple Music service (e.g. in-app purchase, advertising, requesting user info, etc.). Do not download, upload, or enable sharing of music files sourced from the MusicKit APIs, except as explicitly permitted in MusicKit documentation.
  • 4.9 Streaming games

    Streaming games are permitted so long as they adhere to all guidelines — for example, each game update must be submitted for review, developers must provide appropriate metadata for search, games must use in-app purchase to unlock features or functionality, etc. Of course, there is always the open Internet and web browser apps to reach all users outside of the App Store.

    • 4.9.1 Each streaming game must be submitted to the App Store as an individual app so that it has an App Store product page, appears in charts and search, has user ratings and review, can be managed with ScreenTime and other parental control apps, appears on the user’s device, etc.
    • 4.9.2 Streaming game services may offer a catalog app on the App Store to help users sign up for the service and find the games on the App Store, provided that the app adheres to all guidelines, including offering users the option to pay for a subscription with in-app purchase and use Sign in with Apple. All the games included in the catalog app must link to an individual App Store product page.
  • 5.1 Privacy
    • 5.1.2 Data Use and Sharing
      • (vi) Data gathered from the HomeKit API, HealthKit, ConsumerClinical Health Records API, MovementDisorder APIs, ClassKit or from depth and/or facial mapping tools (e.g. ARKit, Camera APIs, or Photo APIs) may not be used for marketing, advertising or use-based data mining, including by third parties. Learn more about best practices for implementing CallKit, HealthKit, ClassKit, and ARKit.
  • After You Submit

    Once you’ve submitted your app and metadata in App Store Connect and you’re in the review process, here are some things to keep in mind:

    • Rejections: Our goal is to apply these guidelines fairly and consistently, but nobody’s perfect. If your app has been rejected and you have questions or would like to provide additional information, please use the Resolution Center to communicate directly with the App Review team. This may help get your app on the store, and it can help us improve the App Review process or identify a need for clarity in our policies. If you still disagree with the outcome, or would like to suggest a change to the guideline itself, please submit an appeal.
    • Bug Fix Submissions: For apps that are already on the App Store, bug fixes will no longer be delayed over guideline violations except for those related to legal issues. If your app has been rejected, and qualifies for this process, please use the Resolution Center to communicate directly with the App Review team indicating that you would like to take advantage of this process and plan to address the issue in your next submission.

    March 04, 2020

    Push Notifications for marketing purposes, a 'Sign in with Apple' clarification and more

    Apple has updated the App Store Review Guidelines with changes to rules related to replies to reviews, spam, push notifications, Sign in with Apple, data collection and storage, mobile device management, and more.

    Specifically, Apple now allows for marketing Push Notifications if the user has opted in to these and the guidelines related to Sign in with Apple are now clearer, Apple having removed “exclusively”, which was used in a way that made it sound like you were only required to offer Sign in with Apple if you exclusively used third-party login systems, which is not the case.

    The complete changes can be seen below:

    1.1 Objectionable Content

    Apps should not include content that is offensive, insensitive, upsetting, intended to disgust, in exceptionally poor taste, or just plain creepy. Examples of such content include:

    • 1.1.1 Defamatory, discriminatory, or mean-spirited content, including references or commentary about religion, race, sexual orientation, gender, national/ethnic origin, or other targeted groups, particularly if the app is likely to humiliate, intimidate, or placeharm a targeted individual or group in harm’s way. Professional political satirists and humorists are generally exempt from this requirement.
    • 1.1.7 App Store Reviews:
    • App Store customer reviews can be an integral part of the app experience, so you should treat customers with respect when responding to their comments. Keep your responses targeted to the user’s comments and do not include personal information, spam, or marketing in your response.
    • Use the provided API to prompt users to review your app; this functionality allows customers to provide an App Store rating and review without the inconvenience of leaving your app, and we will disallow custom review prompts.
    1.2 User Generated Content

    Apps with user-generated content or services that end up being used primarily for pornographic content, Chatroulette-style experiences, objectification of real people (e.g. “hot-or-not” voting), making physical threats, or bullying do not belong on the App Store and may be removed without notice. If your app includes user-generated content from a web-based service, it may display incidental mature “NSFW” content, provided that the content is hidden by default and only displayed when the user turns it on via your website.

    3.1 Payments
    • 3.1.3(b) Multiplatform Services: Apps that operate across multiple platforms may allow users to access content, subscriptions, or features they have acquired elsewherein your app on other platforms or your web site, including consumable items in multiplatform games, provided those items are also available as in-app purchases within the app. You must not directly or indirectly target iOS users to use a purchasing method other than in-app purchase, and your general communications about other purchasing methods must not discourage use of in-app purchase.
    4.2 Minimum Functionality
    • 4.2.3
      • (iii) If your app needs to download additional resources, disclose the size of the download and prompt users before doing so. Existing apps must comply with this guideline in any update submitted after January 1, 2019.
    4.3 Spam

    Don’t create multiple Bundle IDs of the same app. If your app has different versions for specific locations, sports teams, universities, etc., consider submitting a single app and provide the variations using in-app purchase. Also avoid piling on to a category that is already saturated; the App Store has enough fart, burp, flashlight, fortune telling, dating, and Kama Sutra apps, etc. already. We will reject these apps unless they provide a unique, high-quality experience. Spamming the store may lead to your removal from the Developer Program.

    4.5 Apple Sites and Services
    • 4.5.4 Push Notifications must not be required for the app to function, and should not be used for advertising, promotions, or direct marketing purposes or to send sensitive personal or confidential information. Push Notifications should not be used for promotions or direct marketing purposes unless customers have explicitly opted in to receive them via consent language displayed in your app’s UI, and you provide a method in your app for a user to opt out from receiving such messages. Abuse of these services may result in revocation of your privileges.
    4.7 HTML5 Games, Bots, etc.

    Apps may contain or run code that is not embedded in the binary (e.g. HTML5-based games, bots, etc.), as long as code distribution isn’t the main purpose of the app, the code is not offered in a store or store-like interface, and provided that the software (1) is free or purchased using in-app purchase; (2) only uses capabilities available in a standard WebKit view (e.g. it must open and run natively in Safari without modifications or additional software); your app must use WebKit and JavaScript Core to run third-party software and should not attempt to extend or expose native platform APIs to third-party software; (3) is offered by developers that have joined the Apple Developer Program and signed the Apple Developer Program License Agreement; (4) does not provide access to real money gaming, lotteries, or charitable donations; (5) adheres to the terms of these App Review Guidelines (e.g. does not include objectionable content); and (6) does not supportoffer digital commercegoods or services for sale. Upon request, you must provide an index of software and metadata available in your app. It must include Apple Developer Program Team IDs for the providers of the software along with a URL which App Review can use to confirm that the software complies with the requirements above.

    4.8 Sign in with Apple

    Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option. A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.

    September 14, 2019

    Third-party analytics, ads in kids apps and 'Sign in with Apple'

    Apple has updated the App Store Review Guidelines with changes to rules regarding ads, data collection and privacy in kids apps, and new rules about Sign in with Apple.

    Specifically, it is now, in limited cases, permissible to show ads and include third-party analytics in kids apps and creators of kids apps must now comply with all applicable children’s privacy statutes. Newly submitted kids apps must follow these guidelines immediately, while existing apps will have until March 3, 2020 to be fully compliant. Regarding Sign in with Apple, the guidelines now state that any apps that use a third-party login service, e.g. Facebook or Google, must also offer Sign in with Apple.

    The complete changes can be seen below:

    1.3 Kids Category

    You must comply with applicable privacy laws around the world relating to the collection of data from children online. Be sure to review the Privacy section of these guidelines for more information. In addition, Kids Category apps may not send personally identifiable information or device information to third parties. Apps in the Kids Category mayshould not include third-party analytics or third-party advertising or. This provides a safer experience for kids. In limited cases, third-party analytics may be permitted provided that the services do not collect or transmit the IDFA or any identifiable information about children (such as name, date of birth, email address), their location, or their devices. You shouldThis includes any device, network, or other information that could be used directly or combined with other information to identify users and their devices. Third-party contextual advertising may also pay particular attention to privacy laws around the world relating to the collection of data from children online. Be sure tobe permitted in limited cases provided that the services have publicly documented practices and policies for Kids Category apps that include human review the Privacy section of these guidelines for more informationof ad creatives for age appropriateness.

    4.2 Minimum Functionality

    Your app should include features, content, and UI that elevate it beyond a repackaged website. If your app is not particularly useful, unique, or “app-like,” it doesn’t belong on the App Store. If your App doesn’t provide some sort of lasting entertainment value, it may not be accepted. Apps that are simply a song or movie should be submitted to the iTunes Store. If your App doesn’t provide some sort of lasting entertainment value, it may not be accepted. Apps that are simply a song or moviebook or game guide should be submitted to the iTunes Store. Apps that are simply a book or game guide should be submitted to the Apple Books Store.

    4.8 Sign in with Apple

    Apps that exclusively use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option. A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.

    Sign in with Apple is not required if:

    • Your app exclusively uses your company’s own account setup and sign-in systems.
    • Your app is an education, enterprise, or business app that requires the user to sign in with an existing education or enterprise account.
    • Your app uses a government or industry-backed citizen identification system or electronic ID to authenticate users.
    • Your app is a client for a specific third-party service and users are required to sign in to their mail, social media, or other third-party account directly to access their content.
    5.1 Privacy
    • 5.1.1 Data Collection and Storage
      • (i) Privacy Policies:
        • Confirm that any third party with whom an app shares user data (in compliance with these Guidelines) — such as analytics tools, advertising networks and third-party with whom an app shares user data (in compliance with these Guidelines) — such as analytics tools, advertising networks and third-party SDKs, as well as any parent, subsidiary or other related entities that will have access to user data — will provide the same or equal protection of user data as stated in the app’s privacy policy and required by these Guidelines.
    5.1.4 Kids

    For many reasons, it is critical to use care when dealing with personal data from kids, and we encourage you to carefully review all the requirements for complying with laws like the Children’s Online Privacy Protection Act (“COPPA”), the European Union’s General Data Protection Regulation (“GDPR”), and any international or local equivalentsother applicable regulations or laws.

    Apps may ask for birthdate and parental contact information only for the purpose of complying with these statutes, but must include some useful functionality or entertainment value regardless of a person’s age.

    Apps intended primarily for kids mayshould not include third-party analytics or third-party advertising or. This provides a safer experience for kids. In limited cases, third-party analytics and third-party advertising may be permitted provided that the services adhere to the same terms set forth in Guideline 1.3.

    Moreover, apps in the Kids Category or those that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must include a privacy policy and must comply with all applicable children’s privacy statutes. For the sake of clarity, the parental gate requirement for the Kid’s Category is generally not the same as securing parental consent to collect personal data under these privacy statutes. Collecting and transmitting data to third parties from apps in

    As a reminder, Guideline 2.3.8 requires that use of terms like “For Kids” and “For Children” in app metadata is reserved for the Kids category isCategory. Apps not allowedin the Kids Category cannot include any terms in app name, subtitle, icon, screenshots or description that imply the main audience for the app is children.

    June 06, 2019

    Restrictions to tracking of data in VPN apps and apps for kids, ban of HTML5 apps supporting digital commerce, and more

    Apple has updated the App Store Review Guidelines with some significant changes, primarily focusing on rules surrounding data collection. Here’s Apple’s own summary:

    • Guidelines 1.3 and 5.1.4. In order to help keep kids’ data private, apps in the kids category and apps intended for kids cannot include third-party advertising or analytics software and may not transmit data to third parties. This guideline is now enforced for new apps. Existing apps must follow this guideline by September 3, 2019.
    • Guideline 4.7. HTML5 games distributed in apps may not provide access to real money gaming, lotteries, or charitable donations, and may not support digital commerce. This functionality is only appropriate for code that’s embedded in the binary and can be reviewed by Apple. This guideline is now enforced for new apps. Existing apps must follow this guideline by September 3, 2019.
    • Guideline 5.4. Because VPN provides access to sensitive data, VPN apps may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. Certain types of apps — such as those for parental control, content blocking, and security — from approved providers may use the NEVPNManager API.
    • Guideline 5.5. (New) Because MDM provides access to sensitive data, MDM apps must request the mobile device management capability, and may only be offered by commercial enterprises, such as business organizations, educational institutions, or government agencies, and, in limited cases, companies utilizing MDM for parental controls. MDM apps may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy.
    • Guideline 5.1.3(i). Apps may use a user’s health or fitness data to provide a benefit directly to that user, such as a reduced insurance premium, if the app is submitted by the entity providing the benefit and the data is not shared with a third party. The developer must also disclose to the user the specific health data collected from the device.
    • Guideline 5.1.1(viii) (New). Apps that compile information from any source that is not directly from the user or without the user’s explicit consent, even public databases, are not permitted on the App Store.
    • Guideline 5.1.1(ii). Apps must get consent for data collection, even if the data is considered anonymous at the time of or immediately following collection.
    • Guideline 1.1.3. Apps may not facilitate purchase of ammunition.
    • Guideline 4.2.7. Remote desktop clients now include game consoles owned by the user. Software appearing in the client must be fully executed on the host device. Demo videos of app functionality that is geo-locked or otherwise restricted are not accepted. Developers must provide a fully functional app for review.

    The full changes can be seen below.

    Introduction

    The guiding principle of the App Store is simple - we want to provide a safe experience for users to get apps and a great opportunity for all developers to be successful. We do this by offering a highly curated App Store where every app is reviewed by experts and an editorial team helps users discover new apps every day. For everything else there is always the open Internet. If the App Store model and guidelines are not best for your app or business idea that’s okay, we provide Safari for a great web experience too.

    On the following pages you will find our latest guidelines arranged into five clear sections: Safety, Performance, Business, Design, and Legal. The App Store is always changing and improving to keep up with the needs of our customers and our products. Your apps should change and improve as well in order to stay on the App Store.

    A few other points to keep in mind:

    • If you attempt to cheat the system (for example, by trying to trick the review process, steal user data, copy another developer’s work, or manipulate ratings or App Store discovery) your apps will be removed from the store and you will be expelled from the Developer Program.
    • Some features and technologies that are not generally available to developers may be offered as an entitlement for limited use cases. For example, we offer entitlements for CarPlay Audio, HyperVisor, and Privileged File Operations. Review our documentation on developer.apple.com to learn more about entitlements.

    Before You Submit

    Make sure you:

    • Include detailed explanations of non-obvious features and in-app purchases in the App Review notes, including supporting documentation where appropriate. If we’re not able to access part of your app because it’s geo-locked or otherwise restricted, provide a link to a video of the functionality
    1.1 Objectionable Content

    Apps should not include content that is offensive, insensitive, upsetting, intended to disgust, or in exceptionally poor taste, or just plain creepy. Examples of such content include:

    • 1.1.3 Depictions that encourage illegal or reckless use of weapons and dangerous objects, or facilitate the purchase of firearms or ammunition.
    1.3 Kids Category

    Apps in the Kids Category may not include behavioralthird-party advertising (eor analytics.g. the advertiser may not serve ads based on the user’s activity), and any contextual ads must be appropriate for young audiences. You should also pay particular attention to privacy laws around the world relating to the collection of data from children online. Be sure to review the Privacy section of these guidelines for more information.

    1.4 Physical Harm

    If your app behaves in a way that risks physical harm, we may reject it. For example:

    • 1.4.3 Apps that encourage consumption of tobacco and vape products, illegal drugs, or excessive amounts of alcohol are not permitted on the App Store. Apps that encourage minors to consume any of these substances will be rejected. Facilitating the sale of marijuana, tobacco, or controlled substances (except for licensed pharmacies) isn’t allowed.
    • 1.4.5 Apps should not urge customers to participate in activities (like bets, challenges, etc.) or use their devices in a way that contradicts safety documentation for Apple hardware, risking damage to the device orrisks physical harm to people. For example, apps should not encourage placing the device under a mattress or pillow while charging or perform excessive write cycles to the solid state drive. Review device documentationthemselves or others.
    2.3 Accurate Metadata
    • 2.3.10 Make sure your app is focused on the iOS, Mac, Apple TV or or Apple Watch experience, and don’t include names, icons, or imagery of other mobile platforms in your app or metadata, unless there is specific, approved interactive functionality. Make sure your app metadata is focused on the app itself and its experience. Don’t include irrelevant information, including but not limited to information about Apple or the development process.
    2.4 Hardware Compatibility
    • 2.4.2 Design your app to use power efficiently and be used in a way that does not risk damage to the device. Apps should not rapidly drain battery, generate excessive heat, or put unnecessary strain on device resources. For example, apps should not encourage placing the device under a mattress or pillow while charging or perform excessive write cycles to the solid state drive. Apps, including any third -party advertisements displayed within them, may not run unrelated background processes, such as cryptocurrency mining.
    2.5 Software Requirements
    • 2.5.5 We will be reviewing on anApps must be fully functional on IPv6 network, so if your app isn’t compatible with the IPv6 addressing, it may fail during review-only networks.
    • 2.5.14 Apps must request explicit user consent and provide a clear visual and/or audible indication when recording, logging, or otherwise making a record of user activity. This includes any use of the device camera, microphone, screen recordings, or other user inputs.
    3.1 Payments
    • 3.1.2(a) Permissible uses:
      • Apps that attempt to scam users will be removed from the App Store. This includes apps that attempt to trick users into purchasing a subscription under false pretenses or engage in bait-and-switch and scam practices will be removed from the App Store and you may be removed from the Apple Developer Program. Learn more about Subscription Free Trials.
    3.2 Other Business Model Issues
    • 3.2.2 Unacceptable
      • (vi) Apps should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc. Apps should not require users to rate the app, review the app, watch videos, download other apps, tap on advertisements, or take other similar actions in order to access functionality, content, use the app, or receive monetary or other compensation, including but not limited to gift cards and codes.
    4.2 Minimum Functionality

    Your app should include features, content, and UI that elevate it beyond a repackaged website. If your app is not particularly useful, unique, or “app-like,” it doesn’t belong on the App Store. If your App doesn'tdoesn’t provide some sort of lasting entertainment value, or is just plain creepy, it may not be accepted. Apps that are simply a song or movie should be submitted to the iTunes Store. Apps that are simply a book or game guide should be submitted to the iBooksApple Books Store.

    • 4.2.7 Remote Application Mirroring:Desktop Clients:
      • (a) The app must only connect to a user-owned host device that is a personal computer or dedicated game console owned by the user, and both the host device and client must be connected on a local and LAN-based network.
      • (b) Any software or services appearing in the client are fully rendered on the screen ofexecuted on the host device, rendered on the screen of the host device, and may not use APIs or platform features beyond what is required to stream the Remote Desktop.
      • (e) Thin clients for cloud-based apps are not appropriate for the App Store.
    4.3 Spam

    Don’t create multiple Bundle IDs of the same app. If your app has different versions for specific locations, sports teams, universities, etc., consider submitting a single app and provide the variations using in-app purchase. Also avoid piling on to a category that is already saturated; the App Store has enough fart, burp, flashlight, and Kama Sutra apps, etc. already. Spamming the store may lead to your removal from the Developer Program.

    4.7 HTML5 Games, Bots, etc.

    Apps may contain or run code that is not embedded in the binary (e.g. HTML5-based games, bots, etc.), as long as code distribution isn’t the main purpose of the app, the code is not offered in a store or store-like interface, and provided that the software (1) is free or purchased using in-app purchase; (2) only uses capabilities available in a standard WebKit view (e.g. it must open and run natively in Safari without modifications or additional software); your app must use WebKit and JavaScript Core to run third -party software and should not attempt to extend or expose native platform APIs to third -party software; (3) is offered by developers that have joined the Apple Developer Program and signed the Apple Developer Program License Agreement; and (4) does not provide access to real money gaming, lotteries, or charitable donations; (5) adheres to the terms of these App Review Guidelines (e.g. does not include objectionable content); and (6) does not support digital commerce. Upon request, you must provide an index of software and metadata available in your app. It must include Apple Developer Program Team IDs for the providers of the software along with a URL which App Review can use to confirm that the software complies with the requirements above.

    5.1 Privacy
    • 5.1.1 Data Collection and Storage
      • (ii) Permission Apps that collect user or usage data must secure user consent for the collection, even if such data is considered to be anonymous at the time of or immediately following collection. Paid functionality must not be dependent on or require a user to grant access to this data. Apps must also provide the customer with an easily accessible and understandable way to withdraw consent. Ensure your purpose strings clearly and completely describe your use of the data. Apps that collect data for a legitimate interest without consent by relying on the terms of the European Union’s General Data Protection Regulation (“GDPR”) or similar statute must comply with all terms of that law. Learn more about Requesting Permission.
      • (viii) Apps that compile personal information from any source that is not directly from the user or without the user’s explicit consent, even public databases, are not permitted on the App Store.
    • 5.1.3 Health and Health Research

      Health, fitness, and medical data are especially sensitive and apps in this space have some additional rules to make sure customer privacy is protected:

      • (i) Apps may not use or disclose to third parties data gathered in the health, fitness, and medical research context—including from the Clinical Health Records API, HealthKit API, Motion and Fitness, MovementDisorderAPIs, or health-related human subject research—for advertising, marketing, or other use-based data mining purposes other than improving health management, or for the purpose of health research, and then only with permission. Apps may, however, use a user’s health or fitness data to provide a benefit directly to that user (such as a reduced insurance premium), provided that the app is submitted by the entity providing the benefit, and the data is not be shared with a third party. You must disclose the specific health data that you are collecting from the device.
    • 5.1.4 Kids

      Apps intended for kids may not include third-party advertising or analytics.

      Moreover, apps in the Kids Category or those that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must include a privacy policy and must comply with all applicable children’s privacy statutes. For the sake of clarity, the parental gate requirement for the Kid’s Category is generally not the same as securing parental consent to collect personal data under these privacy statutes. Collecting and transmitting data to third parties from apps in the Kids category is not allowed.

    5.4 VPN Apps

    Apps offering VPN services must utilize the NEVPNManager API and may only be offered by developers enrolled as an organization. You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. Apps offering VPN services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. VPN apps must not violate local laws, and if you choose to make your VPN app available in a territory that requires a VPN license, you must provide your license information in the App Review Notes field. Parental control, content blocking, and security apps, among others, from approved providers may also use the NEVPNManager API. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program.

    5.5 Mobile Device Management

    Mobile Device Management Apps that offer Mobile Device Management (MDM) services must request this capability from Apple. Such apps may only be offered by commercial enterprises (such as business organizations, educational institutions, or government agencies), and in limited cases, companies using MDM for parental control services. You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. MDM apps must not violate local laws. Apps offering MDM services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program.

    December 20, 2018

    Gifting in-app purchases

    Apple has updated the App Store Review Guidelines, adding some minor changes, the most important being a small change to now allow gifting in-app purchases:

    Introduction

    The guiding principle of the App Store is simple - we want to provide a safe experience for users to get apps and a great opportunity for all developers to be successful. On the following pages you will find guidelines arranged into five clear sections: Safety, Performance, Business, Design, and Legal. A few other points to keep in mind:

    • The App Store is a great way to reach hundreds of millions of people around the world. If you build an app that you just want to show to family and friends, the App Store isn’t the best way to do that. Consider using Xcode to install your app on a device for free or use Ad Hoc distribution or the Enterpriseavailable to Apple Developer Program members. If you’re just getting started, learn more about the Apple Developer Program.
    3.1 Payments
    • 3.1.1 In-App Purchase:
    • Apps should not directly or indirectlymay enable gifting of items that are eligible for in-app purchase content, features, or consumable items to others. Such gifts may only be refunded to the original purchaser and may not be exchanged.

    June 04, 2018

    Changes after WWDC 2018

    After the keynote of the World Wide Developers Conference 2018, Apple updated the App Store Review Guidelines with a bunch of changes and new rules. It is clear that the theme of this update is user privacy and data protection. You can check out all the additions (marked with green) and removals (marked with red) below, but a few noteworthy changes include:

    • Apps now must clearly describe new features and changes in the “What’s New” section of the App Store. Several of the large social network companies have been using a practice where they reuse a generic update text for every release and then enable new features remotely on a per-user basis. This appears to no longer be permitted.
    • Developers are now allowed to provide time based free trials for non-subscription apps.
    • Several new rules for apps dealing with cryptocurrencies. Apps are not allowed to mine coins, but in return cryptocurrencies no longer need to be “approved”.
    • New rules for apps and games with advertising. Users now must be able to see all information used to target an ad without leaving the app.
    • New rules for apps that enable Remote Desktop access.
    • Emojis are back! Section 4.5.6 says that it is ok to use Unicode characters that render as Apple emojis inside apps and app metadata.
    • All apps must include a link to their privacy policy in the App Store Connect metadata field and within the app
    • Apps must respect the user’s permission settings and not attempt to manipulate, trick, or force people to consent to unnecessary data access. For example, apps that include the ability to post photos to a social network must not also require microphone access before allowing the user to upload photos.
    • Apps that enable sign in using a 3rd party social network must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app.
    • There is a new Developer Code of Conduct section.

    Check out all the changes yourself below.

    Introduction

    The guiding principle of the App Store is simple - we want to provide a safe experience for users to get apps and a great opportunity for all developers to be successful. We have updated the App Review Guidelines with that principle in mind. The On the following pages you will find guidelines themselves haven’t changed, but they are better organized and provide more context. On the following pages you will find guidelines arranged into five clear sections: Safety, Performance, Business, Design, and Legal. A few other points to keep in mind:

    • You are responsible for making sure everything in your app complies with these guidelines, including ad networks, analytics services, and third-party SDKs, so review and choose them carefully.

    We hope these new guidelines help you sail through the App Review process, and that approvals and rejections are more remain consistent across the board. This is a living document; new apps presenting new questions may result in new rules at any time. Perhaps your app will trigger this. We love this stuff too, and honor what you do. We're We’re really trying our best to create the best platform in the world for you to express your talents and make a living, too.

    1.5 Developer Information

    People need to know how to reach you with questions and support issues. Make sure your app and its Support URL includes include an easy way to reach contact you ; this is particularly important for apps that may be used in the classroom. Failure to include accurate and up-to-date contact information not only frustrates customers, but may violate the law in some countries. Also ensure that Wallet passes include valid contact information from the issuer and are signed with a dedicated certificate assigned to the brand or trademark owner of the pass.

    1.6 Data Security

    Apps should implement appropriate security measures to ensure proper handling of user information collected pursuant to the Apple Developer Program License Agreement and these Guidelines (see Guideline 5.1 for more information) and prevent its unauthorized use, disclosure, or access by third parties.

    2.3 Accurate Metadata
    • 2.3.6 Answer the age rating questions in iTunes App Store Connect honestly so that your app aligns properly with parental controls. If your app is mis-rated, customers might be surprised by what they get, or it could trigger an inquiry from government regulators. If your app includes media that requires the display of content ratings or warnings (e.g. films, music, games, etc.), you are responsible for complying with local requirements in each territory where your app is available.
    • 2.3.12 Apps must clearly describe new features and product changes in their “What’s New” text. Simple bug fixes, security updates, and performance improvements may rely on a generic description, but more significant changes must be listed in the notes.
    2.4 Hardware Compatibility
    • 2.4.2 Design your app to use power efficiently. Apps should not rapidly drain battery, generate excessive heat, or put unnecessary strain on device resources. Apps, including any third party advertisements displayed within them, may not run unrelated background processes, such as cryptocurrency mining.
    • 2.4.4 Apps should never suggest or require a restart of the device or modifications to system settings unrelated to the core functionality of the application. For example, don’t encourage users to turn off Wi-Fi, disable security features, etc.
    2.5 Software Requirements
    • 2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces or changes features or functionality of the app, including other apps.
    • 2.5.11 SiriKit and Shortcuts
      • (i) Apps integrating SiriKit and Shortcuts should only sign up for intents they can handle without the support of an additional app and that users would expect from the stated functionality. For example, if your app is a meal planning app, you should not incorporate an intent to start a workout, even if the app shares integration with a fitness app.
      • (ii) Ensure that the vocabulary and phrases in your plist pertains to your app and the SiriKit Siri functionality of the intents the app has registered for. Aliases must relate directly to your app or company name and should not be generic terms or include third party app names or services.
      • (iii) Resolve the Siri request or Shortcut in the most direct way possible and do not insert ads or other marketing between the request and its fulfillment. Only present interstitial UI request a disambiguation when required to complete the task (e.g. asking the user to specify a particular type of workout).
    • 2.5.13 Apps using facial recognition for account authentication must use LocalAuthentication (and not ARKit or other facial recognition technology) where possible, and must use an alternate authentication method for users under 13 years old.
    • 2.5.14 Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity. This includes any use of the device camera, microphone, or other user inputs.
    • 2.5.15 Apps that enable users to view and select files should include items from the Files app and the user’s iCloud documents.
    3.1 Payments
    • 3.1.1 In-App Purchase:
      • If you want to unlock features or functionality within your app, (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc. Apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase currencies to enable customers to “tip” digital content providers in the app. Apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase.
      • Apps may use in-app purchase currencies to enable customers to “tip” digital content providers in the app.
      • Non-subscription apps may offer a free time-based trial period before presenting a full unlock option by setting up a Non-Consumable IAP item at Price Tier 0 that follows the naming convention: “XX-day Trial.” Prior to the start of the trial, your app must clearly identify its duration, the content or services that will no longer be accessible when the trial ends, and any downstream charges the user would need to pay for full functionality. Learn more about managing content access and the duration of the trial period using Receipts and Device Check .
    • 3.1.2(a) Permissible uses:
        Auto-renewing subscription apps may offer a free trial period to customers by providing the relevant information set forth in App Store Connect. Apps that attempt to trick users into purchasing a subscription under false pretenses or engage in bait-and-switch practices will be removed from the App Store and you may be removed from the Apple Developer Program. Learn more about Subscription Free Trials .
    • 3.1.3 (a) “Reader” Apps: Apps may allow a user to access previously purchased content or content subscriptions (specifically: magazines, newspapers, books, audio, music, video, access to professional databases, VoIP, cloud storage, and approved services such as educational classroom management apps that manage student grades and schedules), as well as provided that you agree not to directly or indirectly target iOS users to use a purchasing method other than in-app purchase, and your general communications about other purchasing methods are not designed to discourage use of in-app purchase.
    • 3.1.3(b) Multiplatform Services: Apps that operate across multiple platforms may allow users to access content, subscriptions, or features they have acquired elsewhere, including consumable items in multi-platform games, provided that you agree not to directly or indirectly target iOS users to use a purchasing method other than those items are also available as in-app purchases within the app. You must not directly or indirectly target iOS users to use a purchasing method other than in-app purchase, and your general communications about other purchasing methods are must not designed to discourage use of in-app purchase.
    • 3.1.4 Content Codes: Hardware-Specific Content: Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc. In limited circumstances, such as when features are dependent upon specific hardware to function, the app may unlock that functionality without using in-app purchase (e.g. an astronomy app that adds features when synced with a telescope). App features that work in combination with an approved physical product (such as a toy) on an optional basis may unlock functionality without using in-app purchase, provided that an in-app purchase option is available as well. You may not, however, require users to purchase unrelated products or engage in advertising or marketing activities to unlock app functionality.
    • 3.1.5 (a) Physical Goods and Services Outside of the App: If your app enables people to purchase goods or services that will be consumed outside of the app, you must use purchase methods other than in-app purchase to collect those payments, such as Apple Pay or traditional credit card entry.
    • 3.1.5 (b) Cryptocurrencies:
      • (i) Wallets: Apps may facilitate transmission of approved virtual currencies currency storage, provided they are offered by developers enrolled as an organization.
      • (ii) Mining: Apps may not mine for cryptocurrencies unless the processing is performed off device (e.g. Bitcoin cloud-based mining).
      • (iii) Exchanges: Apps may facilitate transactions or transmissions of cryptocurrency on an approved exchange , DogeCoin provided they are offered by the exchange itself.
      • (iv) provided that they do so in compliance with all state and federal laws for the territories in which the app functions. Initial Coin Offerings: Apps facilitating Initial Coin Offerings (“ICOs”), cryptocurrency futures trading, and other crypto-securities or quasi-securities trading must come from established banks, securities firms, futures commission merchants (“FCM”), or other approved financial institutions and must comply with all applicable law.
      • (v) Cryptocurrency apps may not offer currency for completing tasks, such as downloading other apps, encouraging other users to download, posting to social networks, etc.
    • 3.1.7 Advertising: Ads displayed in an app must be appropriate for the app’s age rating, allow the user to see all information used to target them for that ad (without requiring the user to leave the app), and may not engage in targeted or behavioral advertising based on sensitive user data such as health/medical data (e.g. from the HealthKit APIs), school and classroom data (e.g. from ClassKit), or from kids (e.g. from apps in the Kids Category), etc. Interstitial ads or ads that interrupt or block the user experience must clearly indicate that they are an ad, must not manipulate or trick users into tapping into them, and must provide easily accessible and visible close/skip buttons large enough for people to easily dismiss the ad.
    3.2 Other Business Model Issues
    • 3.2.2 Unacceptable
      • (ix) Apps must not force users to rate the app, review the app, download other apps, or perform other similar actions in order to access functionality, content, or use of the app.
    4.2 Minimum Functionality
    • 4.2.3
      • (i) Your app should work on its own without requiring installation of another app to function.
      • (ii) Make sure you include sufficient content in the binary for the app to function at launch.
      • (iii) If your app needs to download additional resources, disclose the size of the download and prompt users before doing so. Existing apps must comply with this guideline in any update submitted after January 1, 2019.
    • 4.2.7 Remote Application Mirroring: If your remote desktop app acts as a mirror of specific software or services rather than a generic mirror of the host device, it must comply with the following:
      • (a) The host device is a personal computer owned by the user, and both the host and client must be connected on a local and LAN-based network.
      • (b) Any software or services appearing in the client are fully rendered on the screen of the host device, and may not use APIs or platform features beyond what is required to stream the Remote Desktop
      • (c) All account creation and management must be initiated from the host device.
      • (d) The UI appearing on the client does not resemble an iOS or App Store view, does not provide a store-like interface, or include the ability to browse, select, or purchase software not already owned or licensed by the user. For the sake of clarity, transactions taking place within mirrored software do not need to use in-app purchase, provided the transactions are processed on the host device.
    4.5 Apple Sites and Services
    • 4.5.4 Push Notifications must not be required for the app to function, and should not be used for advertising, promotions, or direct marketing purposes or to send sensitive personal or confidential information. Abuse of these services may result in revocation of your privileges.
    • 4.5.6 Apps may use Unicode characters that render as Apple emojis in their app and app metadata. Apple emojis may not be used on other platforms or embedded directly in your app binary.
    4.7 HTML5 Games, Bots, etc.

    Apps may contain or run code that is not embedded in the binary (e.g. HTML5-based games, bots, etc.), as long as code distribution isn’t the main purpose of the app, the code is not offered in a store or store-like interface, and provided that the software (1) is free or purchased using in-app purchase; (2) only uses capabilities available in a standard WebKit view; your app must use WebKit and JavaScript Core to run third party software and should not attempt to extend or expose native platform APIs to third party software; (3) is offered by developers that have joined the Apple Developer Program and signed the Apple Developer Program License Agreement; and (4) adheres to the terms of these App Review Guidelines (e.g. it must open and run natively in Safari without modifications or additional software); your app must use WebKit and JavaScript Core to run third party software and should not attempt to extend or expose native platform APIs to third party software; (3) is offered by developers that have joined the Apple Developer Program and signed the Apple Developer Program License Agreement; and (4) adheres to the terms of these App Review Guidelines (e.g. does not include objectionable content). YouUpon request, you must provide an index of software and metadata available in your app upon request. It must include Apple Developer Program Team IDs for the providers of the software along with a URL which App Review can use to confirm that the software complies with the requirements above.

    5.1 Privacy
    • 5.1.1 Data Collection and Storage
      • (i) Privacy Policies: All apps must include a link to their privacy policy in the App Store Connect metadata field and within the app in an easily accessible manner. The privacy policy must clearly and explicitly:
        • Identify what data, if any, the app/service collects, how it collects that data, and all uses of that data.
        • Confirm that any third party with whom an app shares user data (in compliance with these Guidelines) — such as analytics tools, advertising networks and third party SDKs, as well as any parent, subsidiary or other related entities that will have access to user data — will provide the same or equal protection of user data as stated in the app’s privacy policy and required by these Guidelines.
        • Explain its data retention/deletion policies and describe how a user can revoke consent and/or request deletion of the user’s data.
      • (ii) Permission Apps that collect user or usage data must have a privacy policy and secure user consent for the collection. This includes—but isn’t limited to—apps that implement HealthKit or other health/medical technologiesPaid functionality must not be dependent on or require a user to grant access to this data. Apps must also provide the customer with an easily accessible and understandable way to withdraw consent. Ensure your purpose strings clearly and completely describe your use of the data. Apps that collect data for a legitimate interest without consent by relying on the terms of the European Union’s General Data Protection Regulation (“GDPR”) or similar statute must comply with all terms of that law. Learn more about Requesting Permission.
      • (iii) Data Minimization: Apps should only request access to data relevant to the core functionality of the app and should only collect and use data that is required to accomplish the relevant task. Where possible, use the out-of-process picker or a share sheet rather than requesting full access to protected resources like Photos or Contacts.
      • (iv) Access Apps must respect the user’s permission settings and not attempt to manipulate, trick, or force people to consent to unnecessary data access. For example, apps that utilize ARKitinclude the ability to post photos to a social network must not also require microphone access before allowing the user to upload photos. Where possible, Camera APIsprovide alternative solutions for users who don’t grant consent. For example, Photo APIsif a user declines to share Location, or other software for depth of facial mappingoffer the ability to manually enter an address.
      • (v) Account Sign-In: If your app doesn’t include significant account-based features, let people use it without a log-in. Apps may not require users to enter personal information to function, HomeKit, Keyboard extensions, Apple Pay, Stickers and iMessage extensions, include a login, or access user data from the deviceexcept when directly relevant to the core functionality of the app or required by law. YourIf your core app description should let people know what types of accessfunctionality is not related to a specific social network (e.g. location, contacts, calendar, etc.) are requested by your app, and what aspects of the app won’t work if the user doesn’t grant permission. (ii) If your app doesn’t include significant account-based features, let people use it without a log-in. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or inviting friends to use the app are not considered core app functionality. The app must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app. An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.
      • (iiivi) Developers that use their apps to surreptitiously discover passwords or other private data will be removed from the Developer Program.
      • (ivvii) SafariViewContoller must be used to visibly present information to users; the controller may not be hidden or obscured by other views or layers. Additionally, an app may not use SafariViewController to track users without their knowledge and consent.
    • 5.1.2 Data Use and Sharing
      • (i) Unless otherwise permitted by law, you may not use, transmit, or share someone’s personal data without first obtaining their permission. You must provide access to information about how and where the data will be used. Data collected from apps may only be shared with third parties to improve the app or serve advertising (in compliance with the Apple Developer Program License Agreement.). Apps that share user data without user consent or otherwise complying with data privacy laws may be removed from sale and may result in your removal from the Apple Developer Program.
      • (ii) Data collected for one purpose may not be repurposed without further consent unless otherwise explicitly permitted by law.
      • (iii) Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from depth andApple-provided APIs or any data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way.
      • (iv) Do not use information from Contacts, Photos, or other APIs that access user data to build a contact database for your own use or for sale/or facial mapping toolsdistribution to third parties, and don’t collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing.
      • (v) Do not contact people using information collected via a user’s Contacts or Photos, except at the explicit initiative of that user on an individualized basis; do not include a Select All option or default the selection of all contacts. You must provide the user with a clear description of how the message will appear to the recipient before sending it (e.g. ARKit, Camera APIs, or Photo APIsWhat will the message say? Who will appear to be the sender?), or data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way. You may not use or transmit someone’s personal data without first obtaining their permission and providing access to information about how and where the data will be used.
      • (iivi) Data collected from apps may not be used or shared with third parties for purposes unrelated to improving the user experience or softwaregathered from the HomeKit API, HealthKit, Consumer Health Records API, MovementDisorder APIs, ClassKit or from depth and/hardware performance connected to the app’s functionality, or to serve advertising in compliance with the Apple Developer Program License Agreement. (iii) Data gathered from the HomeKit API or from depth and/or facial mapping tools (e.g. ARKit, Camera APIs, or Photo APIs) may not be used for marketing, advertising or other use-based data mining, including by third parties. Learn more about best practices for implementing CallKit, HealthKit, ClassKit, and ARKit.
      • (ivvii) Apps using Apple Pay may only share user data acquired via Apple Pay with third parties to facilitate or improve delivery of goods and services.
    • 5.1.4 Kids

      For many reasons, it is critical to use care when dealing with personal data from kids, and we encourage you to carefully review all the requirements for complying with laws like the Children’s Online Privacy Protection Act (“COPPA”), the European Union’s General Data Protection Regulation (“GDPR”), and any international or local equivalents.

    5.4 VPN Apps

    Apps offering VPN services must utilize the NEVPNManager API API andand may only be offered by developers enrolled as an organization. You must make a clear declaration of what user data will be collected and how it will be used. VPN apps must not violate local laws, and if you choose to make your VPN app available in a territory that requires a VPN license, you must provide your license information in the App Review Notes field.

    5.5 Developer Code of Conduct

    Please treat everyone with respect, whether in your responses to App Store reviews, customer support requests, or when communicating with Apple, including your responses in Resolution Center. Do not engage in harassment of any kind, discriminatory practices, intimidation, bullying, and don’t encourage others to engage in any of the above.

    Customer trust is the cornerstone of the App Store’s success. Apps should never prey on users or attempt to rip-off customers, trick them into making unwanted purchases, force them to share unnecessary data, raise prices in a tricky manner, charge for features or content that are not delivered, or engage in any other manipulative practices within or outside of the app.

    December 21, 2017

    Crypto currencies and ICOs, template apps, loot boxes and more

    Wednesday the App Store Review Guidelines was updated with quite a few changes. Besides some minor clarifications, new sections were introduced about:

    • Crypto currencies and ICOs now have a dedicated section.
    • The ban on template apps is clarified so its now more clear exactly what kinds of apps are affected. Techcrunch spotted this change too.
    • There is a few paragraphs on apps available for pre-order.
    • Details about what is allowed when offering so-called “loot boxes” in games.
    • Financial apps must come from the financial institutions performing the services or they should at least use public APIs.
    • A new section on VPN apps details some rules specific to this app type.

    Check out all the changes below.

    Introduction

    We strongly support all points of view being represented on the App Store, as long as the apps are respectful to users with differing opinions and the quality of the app experience is great. We will reject apps for any content or behavior that we believe is over the line. What line, you ask? Well, as a Supreme Court Justice once said, “I'll know it when I see it”. And we think that you will also know it when you cross it.

    2.1 App Completeness

    Submissions to App Review, including apps you make available for pre-order, should be final versions with all necessary metadata and fully functional URLs included; placeholder text, empty websites, and other temporary content should be scrubbed before submission. Make sure your app has been tested on-device for bugs and stability before you submit it, and include demo account info (and turn on your back-end service!) if your app includes a login. If you offer in-app purchases in your app, make sure they are complete, up-to-date, and visible to the reviewer, or that you explain why not in your review notes. Please don’t treat App Review as a software testing service. We will reject incomplete app bundles and binaries that crash or exhibit obvious technical problems.

    2.3 Accurate Metadata
    • 2.3.2 If your app includes in-app purchases, make sure your app description, screenshots, and previews clearly indicate whether any featured items, levels, subscriptions, etc. require additional purchases. If you decide to promote in-app purchases on the App Store, ensure that the in-app purchase Display Name, Screenshot and Description are appropriate for a public audience , that you follow the guidance found in Promoting Your In-App Purchases , and that your app properly handles the SKPaymentTransactionObserver method so that customers can seamlessly complete the purchase when your app launches.
    • 2.3.11 Apps you submit for pre-order on the App Store must be complete and deliverable as submitted. Ensure that the app you ultimately release is not materially different from what you advertise while the app is in a pre-order state. If you make material changes to the app (e.g. change business models), you should restart your pre-order sales.
    2.5 Software Requirements
    • 2.5.1 Apps may only use public APIs and must run on the currently shipping OS. Learn more about public APIs. Keep your apps up-to-date and make sure you phase out any deprecated features, frameworks or technologies that will no longer be supported in future versions of an OS. Apps should use APIs and frameworks for their intended purposes and indicate that integration in their app description. For example, the HomeKit framework should provide home automation services; and HealthKit should be used for health and fitness purposes and integrate with the Health app.
    3.1 Payments
    • 3.1.1 In-App Purchase:
      • Apps offering “loot boxes” or other mechanisms that provide randomized virtual items for purchase must disclose the odds of receiving each type of item to customers prior to purchase.
      • 3.1.2(a) Permissible uses:
        • You may offer a single subscription that is shared across your own apps and services, but these subscriptions may not extend to third party apps or services. Subscriptions Games offered in a game subscription must work on all of the user’s devices where the app is available. Learn more about sharing a subscription across your apps . Apps must not force users to rate the app, review the app, download other apps, or other similar actions in order to access functionality, content, or use of the app. As with all apps, those offering subscriptions should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc. Subscriptions may not include consumable credits, gems, in-game currencies, etc., even when combined with other offerings, but you may offer subscriptions that include access to discounted consumable goods be owned or exclusively licensed by the developer (e.g. not part of a game publishing platform). Each game must be downloaded directly from the App Store, must be designed to avoid duplicate payment by a subscriber, and should not disadvantage non-subscriber customers.
        • Subscriptions must work on all of the user’s devices where the app is available. Learn more about sharing a subscription across your apps .
        • Apps must not force users to rate the app, review the app, download other apps, or other similar actions in order to access functionality, content, or use of the app.
        • As with all apps, those offering subscriptions should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc.
        • Subscriptions may include consumable credits, gems, in-game currencies, etc., and you may offer subscriptions that include access to discounted consumable goods (e.g. a platinum membership that exposes gem-packs for a reduced price).
      • 3.1.5 (b) Cryptocurrencies:

        Apps may facilitate transmission of approved virtual currencies (e.g. Bitcoin, DogeCoin) provided that they do so in compliance with all state and federal laws for the territories in which the app functions. Apps facilitating Initial Coin Offerings (“ICOs”), cryptocurrency futures trading, and other crypto-securities or quasi-securities trading must come from established banks, securities firms, futures commission merchants (“FCM”), or other approved financial institutions and must comply with all applicable law.

      3.2 Other Business Model Issues
      • 3.2.1 Acceptable
        • (viii) Apps used for financial trading, investing, or money management should come from the financial institution performing such services or must use a public API offered by the institution in compliance with its Terms & Conditions.
      • 3.2.2 Unacceptable
        • (viii) Apps that facilitate binary options trading are not permitted on the App Store. Consider a web app instead. Apps that facilitate trading in contracts for difference (“CFDs”) or other derivatives (e.g. FOREX) must be properly licensed in all jurisdictions where the service is available.
      4.2 Minimum Functionality
      • 4.2.1 Apps using ARKit should use APIs and frameworks for their intended purposes and indicate that integration in their app description. For example, the HomeKit framework should provide home automation services; and HealthKit should be used for health and fitness purposes and integrate with the Health app. Apps using ARKit should provide rich and integrated augmented reality experiences; merely dropping a model into an AR view or replaying animation is not enough.
      • 4.2.6 Apps created from a commercialized template or app generation service will be rejected unless they are submitted directly by the provider of the app’s content. These services should not submit apps on behalf of their clients and should offer tools that let their clients create customized, innovative apps that provide unique customer experiences. Another acceptable option for template providers is to create a single binary to host all client content in an aggregated or “picker” model, for example as a restaurant finder app with separate customized entries or pages for each client restaurant, or as an event app with separate entries for each client event.
      4.4 Extensions
      • 4.4.1 Keyboard extensions have some additional rules.

        They must:

        • Remain functional without full network access and without requiring full access; Provide Number and Decimal keyboard types as described in the App Extension Programming Guide ;
      5.4 VPN Apps

      Apps offering VPN services must utilize the NEVPNManager API and must make a clear declaration of what user data will be collected and how it will be used. VPN apps must not violate local laws, and if you choose to make your VPN app available in a territory that requires a VPN license, you must provide your license information in the App Review Notes field.

      September 15, 2017

      New guidelines for Face ID, ARKit, privacy policies and more.

      With the imminent release of iOS 11 and the announcement of the iPhone X with Face ID it was only natural for Apple to update the App Store Review Guidelines. But this update is actually rather big and includes many changes that does not relate to the new products as such.

      A few notable changes and additions that caught my mind:

      • Don’t market your app with features or content it does not have (such as claimed “virus scanners”)
      • You must support in-app purchases initiated from the App Store
      • Facial recognition for authentication must be implemented using the official Apple API.
      • Apps may facilitate peer-to-peer payments and are not required to use in-app purchases for such payments as long as no digital content or services are offered in exchange for rhe payment.
      • “Apps using ARKit should provide rich and integrated augmented reality experiences; merely dropping a model into an AR view or replaying animation is not enough.”
      • Section 4.7 changes some wording in the context of downloading and running 3rd party code from an app.
      • The list of app types that must include a privacy policy has been extended to also include “apps that utilize ARKit, Camera APIs, Photo APIs, or other software for depth of facial mapping information”. So if your app falls into this category make sure you have the privacy policy in place and save yourself for a rejection.
      • Data gathered from depth and/or facial mapping tools (e.g. ARKit, Camera APIs, or Photo APIs) may not be used for advertising or other use-based data mining
      • Don’t visualize activity data in a way that resembles the Activity Rings in Activity control
      • IAP renamed to in-app purchases everywhere (not all cases included in the diff below)
      • Some typos were fixed (not all included in the diff below)
      • Various other changes; Check the details below.

      1.1 Objectionable Content
      • 1.1.1 Defamatory , discriminatory, or mean-spirited content, including references or commentary about religion, race, sexual orientation, gender, national/ethnic origin, or other targeted groups, particularly if the app is likely to humiliate, intimidate, or place a targeted individual or group in harm’s way. Professional political satirists and humorists are generally exempt from this requirement.
      2.3 Accurate Metadata
      • 2.3.1 Don’t include any hidden or undocumented features in your app; your app’s functionality should be clear to end-users and App Review. Similarly, you should not market your app on the App Store or offline as including content or services that it does not actually offer (e.g. iOS-based virus and malware scanners). Egregious or repeated behavior is grounds for removal from the Developer Program. We work hard to make the App Store a trustworthy ecosystem and expect our app developers to follow suit; if you’re dishonest, we don’t want to do business with you.
      • 2.3.2 If your app includes in-app purchases, make sure your app description, screenshots, and previews clearly indicate whether any featured items, levels, subscriptions, etc. require additional purchases. If you decide to promote in-app purchases on the App Store, ensure that the IAPin-app purchase Display Name, Screenshot and Description are writtenappropriate for a public audience and that your app properly handles the Purchase Intent APISKPaymentTransactionObserver method so that customers can seamlessly complete the purchase when your app launches.
      • 2.3.3 Screenshots should show the app in use, and not merely the title art, log-in page, or splash screen. They may also include text and image overlays (e.g. to demonstrate input mechanisms, such as an animated touch point or Apple Pencil) and show extended functionality on device, such as Touch Bar.
      2.5 Software Requirements
      • 2.5.13 Apps using facial recognition for account authentication must use LocalAuthentication (and not ARKit or other facial recognition technology), and must use an alternate authentication method for users under 13 years old.
      3.2 Other Business Model Issues
      • 3.2.1 Acceptable
        • (vii) Apps may enable individual users to give a monetary gift to another individual without using in-app purchase, provided that (a) the gift is a completely optional choice by the giver, and (b) 100% of the funds go to the receiver of the gift. However, a gift that is connected to or associated at any point in time with receiving digital content or services must use in-app purchase.
      4.2 Minimum Functionality
      • 4.2.1 Apps should use APIs and frameworks for their intended purposes and indicate that integration in their app description. For example, the HomeKit framework should provide home automation services; and HealthKit should be used for health and fitness purposes and integrate with the Health app. Apps using ARKit should provide rich and integrated augmented reality experiences; merely dropping a model into an AR view or replaying animation is not enough.
      4.7 Third-Party Software HTML5 Games, Bots, etc.

      Apps may contain or run code provided by third party developersthat is not embedded in the binary (e.g. HTML5-based games, bots, etc.), as long as the code distribution isn’t the main purpose of the app, the code is not offered in a store or store-like interface, and provided that the software (1) is free or purchased using in-app purchase; (2) only uses capabilities available in a standard WebKit view; your app must use WebKit and JavaScript Core to run third party software and should not attempt to extend or expose native platform APIs to third party software; (3) is offered by developers that have joined the Apple Developer Program and signed the Apple Developer Program License Agreement; and (4) adheres to the terms of these App Review Guidelines (e.g. does not include objectionable content; uses IAPin-app purchase to unlock features and functionality). You must provide an index of third party software and metadata available in your app upon request.

      Apps must comply with all legal requirements in any location where you make them available (if you’re not sure, check with a lawyer). We know this stuff is complicated, but it is your responsibility to understand and make sure your app conforms with all local laws, not just the guidelines below. And of course, apps that solicit, promote, or encourage criminal or clearly reckless behavior will be rejected. In extreme cases, such as apps that are found to facilitate human trafficking and/or the exploitation of children, appropriate authorities will be notified.

      • 5.1 Privacy

        Protecting user privacy is paramount in the Apple ecosystem, and you should use care when handling personal data to ensure you’ve complied with applicable laws and the terms of the Apple Developer Program License Agreement, not to mention customer expectations. More particularly:

        • 5.1.1 Data Collection and Storage
          • (i) Apps that collect user or usage data must have a privacy policy and secure user consent for the collection. This includes—but isn’t limited to—apps that implement HealthKit or other health/medical technologies, apps that utilize ARKit, Camera APIs, Photo APIs, or other software for depth of facial mapping information, HomeKit, Keyboard extensions, Apple Pay, Stickers and iMessage extensions, include a login, or access user data from the device. Your app description should let people know what types of access (e.g. location, contacts, calendar, etc.) are requested by your app, and what aspects of the app won’t work if the user doesn’t grant permission.
        • 5.1.2 Data Use and Sharing
          • (i) You may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from depth and/or facial mapping tools (e.g. ARKit, Camera APIs, or Photo APIs), or data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way. You may not use or transmit someone’s personal data without first obtaining their permission and providing access to information about how and where the data will be used.
          • (iii) Data gathered from the HomeKit API or from depth and/or facial mapping tools (e.g. ARKit, Camera APIs, or Photo APIs) may not be used for advertising or other use-based data mining, including by third parties.
      • 5.2 Intellectual Property
        • 5.2.5 Apple Products: Don’t create an app that appears confusingly similar to an existing Apple product, interface (e.g. Finder), app (such as the App Store, iTunes Store, or Messages) or advertising theme, and don’t misspell Apple product names (i.e., GPS for Iphone, iTunz). Apps and extensions, including third party keyboards and Sticker packs, may not include Apple emoji. iTunes music previews may not be used for their entertainment value (e.g. as the background music to a photo collage or the soundtrack to a game) or in any other unauthorized manner. If your app displays Activity rings, dothey should not modify the look and feel of the rings themselves or thevisualize Move, Exercise, or Stand data they representin a way that resembles the Activity control. The Human Interface Guidelines have more information on how to use Activity rings.

      June 08, 2017

      New rules following WWDC 2017

      After a densely packed WWDC keynote with many new features for developers and user, Apple also published a new version of the App Store Review Guidelines. There are many changes ranging from minor rephrasings to totally new rules.

      A few notable changes and additions that caught my mind:

      • New note on how to respond to App Store customer reviews.
      • Note saying developers must now use the provided API to prompt users for reviews rather than link to the App Store page from a custom prompt.
      • App names can now only be 30 characters long. Previosly this limit was 50 characters. There is a new subtitle feature in iTunes Connect that we should use instead of long descriptive titles.
      • Apps that provide a programming interface may now (in some cases) download and run code from the Internet.
      • Clarifications regarding IAP and other purchasing methods for “reader” apps.
      • Binary options trading apps are no longer allowed.
      • Apps created from a commercialized template or app generation service will be rejected.
      • Your app description should let people know what types of access (e.g. location, contacts, calendar, etc.) are requested by your app, and what aspects of the app won’t work if the user doesn’t grant permission.

      All the changes are listed below. Additions have green highlight and deletions have red highlight and strikeout.

      Introduction
      • The App Store is a great way to reach hundreds of millions of people around the world. If you build an app that you just want to show to family and friends, the App Store isn’t the best way to do that. Consider Ad Hoc distribution or the Enterprise Program. If you’re just getting started, learn more about the Apple Developer Program.
      • If your app looks like it was cobbled together in a few days, or you're trying to get your first practice app into the store to impress your friends, please brace yourself for rejection. We have lots of serious developers who don't want their quality apps to be surrounded by amateur hour. We will reject apps for any content or behavior that we believe is over the line. What line, you ask? Well, as a Supreme Court Justice once said, "I'll know it when I see it". And we think that you will also know it when you cross it. If you attempt to cheat the system (for example, by trying to trick the review process, steal user data, copy another developer's work, or manipulate ratings) your apps will be removed from the store and you will be expelled from the Developer Program.
      Before you submit

      To help your app approval go as smoothly as possible, review the common missteps listed below that can slow down the review process or trigger a rejection. This doesn’t replace the guidelines or guarantee approval, but making sure you can check every item on the list is a good start. If your app no longer functions as intended or you’re no longer actively supporting it, it will be removed from the App Store. Learn More about App Store Improvements.

      1.1 Objectionable Content
      • 1.1.7 App Store Reviews:
        • App Store customer reviews can be an integral part of the app experience, so you should treat customers with respect when responding to their comments. Keep your responses targeted to the user’s comments and do not include personal information, spam, or marketing in your response.
        • Use the provided API to prompt users to review your app; this functionality allows customers to provide an App Store rating and review without the inconvenience of leaving your app, and we will disallow custom review prompts.
      1.4 Physical Harm

      If your app behaves in a way that risks physical harm, we may reject it. For example:

      • 1.4.1 Medical apps that could provide inaccurate data or information, or that could be used for diagnosing or treating patients may be reviewed with greater scrutiny. If your medical app has received regulatory clearance, please submit a link to that documentation with your app.
        • Apps must clearly disclose data and methodology to support accuracy claims relating to health measurements, and if the level of accuracy or methodology cannot be validated, we will reject your app. For example, apps that claim to take x-rays, measure blood pressure, body temperature, blood glucose levels, or blood oxygen levels using only the sensors on the device are not permitted.
        • Apps should remind users to check with a doctor in addition to using the app and before making medical decisions.
        If your medical app has received regulatory clearance, please submit a link to that documentation with your app.
      • 1.4.3 Apps should notthat encourage consumption of tobacco products, illegal or excessive consumption of drugs or alcohol; or encourage minors to consume drugs, or excessive amounts of alcohol are not permitted on the App Store. Apps that encourage minors to consume any of these substances will be rejected. Facilitating the sale of marijuana, or tobacco; and facilitating the sale of marijuana, or controlled substances (except for licensed pharmacies) isn’t allowed.
      • 1.4.5 Apps should not urge customers to use their devices in a way that contradicts safety documentation for Apple hardware, risking damage to the device or physical harm to people. For example, apps should not encourage placing the device under a mattress or pillow while charging or perform excessive write cycles to the solid state drive. Review device documentation.
      2.3 Accurate Metadata
      • 2.3.2 If your app includes in-app purchases, make sure your app description, screenshots, and previews clearly indicate whether any featured items, levels, subscriptions, etc. require additional purchases. If you decide to promote in-app purchases on the App Store, ensure that the IAP Display Name and Description are written for a public audience and that your app properly handles the Purchase Intent API so that customers can seamlessly complete the purchase when your app launches.
      • 2.3.3 Screenshots should show the app in use, and not merely the title art, log-in page, or splash screen. They may also include text overlays and show extended functionality on device, such as Touch Bar.
      • 2.3.7 Choose a unique app name, assign keywords that accurately describe your app, and don’t try to pack any of your metadata with trademarked terms, popular app names, or other irrelevant phrases just to game the system. App names must be limited to 5030 characters and should not include prices, terms, or descriptions that are not the name of the app. App subtitles are a great way to provide additional context for your app; they must follow our standard metadata rules and should not include inappropriate content, reference other apps, or make unverifiable product claims. Apple may modify inappropriate keywords at any time.
      • 2.3.8 Metadata should be appropriate for all audiences, so make sure your app and in-app purchase icons, screenshots, and previews adhere to a 4+ age rating even if your app is rated higher. For example, if your app is a game that includes violence, select images that don’t depict a gruesome death or a gun pointed at a specific character. Use of terms like “For Kids” and “For Children” in app names is reserved for the Kids Category. Remember to ensure your metadata, including app name and icons (small, large, Apple Watch app, etc.), are similar to avoid creating confusion.
      2.5 Software Requirements
      • 2.5.1 Apps may only use public APIs and must run on the currently shipping OS. Learn more about public APIs. Keep your apps up-to-date and make sure you phase out any deprecated features, frameworks or technologies that will no longer be supported in future versions of an OS.
      • 2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code, including other iOS, watchOS, macOS, or tvOS apps. Apps designed to teach, develop, or test executable code may, in limited circumstances, download code provided that such code is not used for other purposes. Such apps must make the source code provided by the Application completely viewable and editable by the user.
      • 2.5.9 Apps that alter or disable the functions of standard switches, such as the Volume Up/Down and Ring/Silent switches, or other native user interface elements or behaviors will be rejected. For example, apps should not block links out to other apps or other features that users would expect to work a certain way. Learn more about proper handling of links.
      • 2.5.11 SiriKit
        • (ii) Ensure that the vocabulary and phrases in your plist pertains to your app and the SiriKit functionality of the intents the app has registered for. Aliases must relate directly to your app or company name and should not be generic terms or include third party app names or services.
      • 2.5.12 Apps using CallKit or including an SMS Fraud Extension should only block phone numbers that are confirmed spam. Apps that include call-, SMS-, and MMS- blocking functionality or spam identification must clearly identify these features in their marketing text and explain the criteria for their blocked and spam lists. You may not use the data accessed via these tools for any purpose not directly related to operating or improving your app or extension (e.g. you may not use, share, or sell it for tracking purposes, creating user profiles, etc.)
      3.1 Payments
      • 3.1.1 In-App Purchase:
        • If you want to unlock features or functionality within your app, (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may use in-app purchase currencies to enable customers to “tip” digital content providers in the app. Apps may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than IAP.
        • Any credits or in-game currencies purchased via IAP must be consumed within the app and may not expire, and you should make sure you have a restore mechanism for any restorable in-app purchases.
      • 3.1.2(a) Permissible uses: If you offer an auto-renewing subscription, you must provide ongoing value to the customer, and the subscription period must last at least seven days and be available across all of the user’s devices.
      • 3.1.3 Content-based “Reader” Apps: Apps may allow a user to access previously purchased content or content subscriptions (specifically: magazines, newspapers, books, audio, music, video, access to professional databases, VoIP, cloud storage, and approved services such as educational apps that manage student grades and schedules), as well as consumable items in multi-platform games, provided the app doesthat you agree not directto directly or indirectly target iOS users to use a purchasing mechanismmethod other than IAP, and your general communications about other purchasing methods are not designed to discourage use of IAP.
      3.2 Other Business Model Issues
      • 3.2.1 Acceptable
        • (vi) Approved nonprofits may fundraise directly within their own apps usingor third-party apps, provided those fundraising campaigns adhere to all App Review Guidelines and offer Apple Pay, provided those fundraising campaigns adhere to all App Review Guidelines support. These apps must disclose how the funds will be used, abide by all required local and federal laws, and makeensure appropriate tax receipts are available to donors. Additional information shall be provided to App Review upon request. Nonprofit platforms that connect donors to other nonprofits must ensure that every nonprofit listed in the app has also gone through the nonprofit approval process. Learn more about becoming an approved nonprofit.
      • 3.2.2 Unacceptable
        • (iv) Unless you are an approved nonprofit or otherwise permitted under Section 3.2.1 (vi) above, collecting funds within the app for charities and fundraisers. Apps that seek to raise money for such causes must be free on the App Store and may only collect funds outside of the app, such as via Safari or SMS.
        • (vi) Apps should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc. Apps should not forcerequire users to rate the app, review the app, watch videos, download other apps, tap on advertisements, or take other similar actions in order to access functionality, content, or use of the app, or receive monetary or other compensation.
        • (vii) Artificially manipulating a user’s visibility, status, or rank on other services unless permitted by that service’s Terms and Conditions
        • (viii) Apps that facilitate binary options trading are not permitted on the App Store. Consider a web app instead.
      4.2 Minimum Functionality
      • 4.2.2 Other than catalogs, which have a dedicated category, apps shouldn’t primarily be marketing materials, advertisements, web clippings, content aggregators, or a collection of links.
      • 4.2.6 Apps created from a commercialized template or app generation service will be rejected.
      4.4 Extensions
      • 4.4.1 Keyboard extensions have some additional rules.

        They must:

        • Follow Sticker guidelines if the keyboard includes images or emojis
        • Remain functional without full network access and without requiring full access;
      4.5 Apple Sites and Services
      • 4.5.2 The Apple Music API lets
        • (i) The MusicKit APIs let customers access their subscription while using your app. They are intended for simple music playback by Apple Music subscribers. Users must initiate the playback of an Apple Music stream and be able to navigate playback using standard media controls such as “play,” “pause,” and “skip;. apps may not automate these actions. Moreover, your app may not require payment or indirectly monetize access to the Apple Music service (e.g. in-app purchase, advertising, requesting user info, etc.). Do not download, upload, or enable sharing of music files sourced from the MusicKit APIs, except as explicitly permitted in MusicKit documentation.
        • (ii) Using the MusicKit APIs is not a replacement for securing the licenses you might need for a deeper or more complex music integration. For example, if you want your app to play a specific song at a particular moment, or to create audio or video files that can be shared to social media, you’ll need to contact rights-holders directly to get their permission (e.g. synchronization or adaptation rights) and assets. Cover art and other metadata may only be used in connection with music playback or playlists (including App Store screenshots displaying your app’s functionality), and should not be used in any marketing or advertising without getting specific authorization from rights-holders. Make sure to follow the Apple Music Identity Guidelines when integrating Apple Music services in your app.
        • (iii) Apps that access Apple Music user data, such as playlists and favorites, must clearly disclose this access in the purpose string. Any data collected may not be shared with third parties for any purpose other than supporting or improving the app experience. This data may not be used to identify users or devices, or to target advertising.
      4.6 Alternate App Icons

      Apps may display customized icons, for example, to reflect a sports team preference, provided that each change is initiated by the user and the app includes settings to revert to the original icon. All icon variants must relate to the content of the app and changes should be consistent across all system assets, so that the icons displayed in Settings, Notifications, etc. match the new springboard icon. This feature may not be used for dynamic, automatic, or serial changes, such as to reflect up-to-date weather information, calendar notifications, etc.

      4.7 Third-Party Software

      Apps may contain or run code provided by third party developers (e.g. HTML5-based games), as long as the code is not offered in a store or store-like interface, and provided that the software (1) is free or purchased using in-app purchase; (2) only uses capabilities available in a standard WebKit view; your app must use WebKit and JavaScript Core to run third party software and should not attempt to extend or expose native platform APIs to third party software; (3) is offered by developers that have joined the Apple Developer Program and signed the Apple Developer Program License Agreement; and (4) adheres to the terms of these App Review Guidelines (e.g. does not include objectionable content; uses IAP to unlock features and functionality). You must provide an index of third party software and metadata available in your app upon request.

      5.1 Privacy
      • 5.1.1 Data Collection and Storage
        • (i) Apps that collect user or usage data must have a privacy policy and secure user consent for the collection. This includes—but isn’t limited to—apps that implement HealthKit or other health/medical technologies, HomeKit, Keyboard extensions, Apple Pay, Stickers and iMessage extensions, include a login, or access user data from the device. Your app description should let people know what types of access (e.g. location, contacts, calendar, etc.) are requested by your app, and what aspects of the app won’t work if the user doesn’t grant permission.
      • 5.1.2 Data Use and Sharing
        • (i) Apps cannotYou may not attempt, facilitate, or encourage others to identify users or reconstruct user profiles based on data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way. You may not use or transmit someone’s personal data without first obtaining their permission and providing access to information about how and where the data will be used.
      5.2 Intellectual Property
      • 5.2.1 Generally: Don’t use protected third party material such as trademarks, copyrighted works, or patented ideas in your app without permission, and don’t include misleading, false, or copycat representations, names, or metadata in your app bundle or developer name. Apps should be submitted by the person or legal entity that owns or has licensed the intellectual property and other relevant rights and is responsible for offering any services provided by the app.
      • 5.2.5 Apple Products: Don’t create an app that appears confusingly similar to an existing Apple product, interface (e.g. Finder), app (such as the App Store, iTunes Store, or Messages) or advertising theme, and don’t misspell Apple product names (i.e., GPS for Iphone, iTunz). Apps and extensions, including third party keyboards and Sticker packs, may not include Apple emoji. iTunes music previews may not be used for their entertainment value (e.g. as the background music to a photo collage or the soundtrack to a game) or in any other unauthorized manner. If your app displays Activity rings, do not modify the look and feel of the rings themselves or the data they represent. The Human Interface Guidelines have more information on how to use Activity rings.

      November 14, 2016

      Added nonprofit payment exception

      With this minor update to the App Store Review Guidelines Apple added a subsection saying that approved nonprofits may fundraise directly within their app using Apple Pay. There is also a link to a new page about how to become an approved nonprofit.

      The change followed an official press release from Apple that details the new program allowing Apple Pay donations to nonprofits.

      This change also included Apple renaming Mac OS X to its new name macOS in several places.

      3.2 Other Business Model Issues
      • 3.2.1 Acceptable
        • (vi) Approved nonprofits may fundraise directly within their own apps using Apple Pay, provided those fundraising campaigns adhere to all App Review Guidelines. These apps must disclose how the funds will be used, abide by all required local and federal laws, and make appropriate tax receipts available to donors. Nonprofit platforms that connect donors to other nonprofits must ensure that every nonprofit listed in the app has also gone through the nonprofit approval process. Learn more about becoming an approved nonprofit.
      • 3.2.2 Unacceptable
        • (iv) CollectingUnless you are an approved nonprofit, collecting funds within the app for charities and fundraisers. Apps that seek to raise money for such causes must be free on the App Store and may only collect funds outside of the app, such as via Safari or SMS.