Tags
Read time
7 min read
Last updated
July 16, 2024
[🔔 New] No-Code Rights Automation: unparalleled in DSR vendor market
The collection and use of data have become a double-edged sword. Data can be used to increase workload efficiency and business profit through data analysis and machine learning modeling. Data can also be used to steal personal information or to make a quick buck.
Indeed, many distrust how their data is being used, and that number continues to grow. This data unrest pushes companies and developers alike to divulge what data is being collected, why it is being collected, and what is being done to protect it.
The General Data Protection Regulation (GDPR) has spearheaded this push for privacy, passing several articles to protect the general population. Recently, this has extended into the world of mobile applications, where Apple implemented an IOS delete account requirement. This comes in the wake of the GDPR passing Chapter 3 Article 17, Right to erasure (‘right to be forgotten’), which states that everyone has the right to have their collected personal data removed or ‘forgotten’ as they see fit.
As a major provider in the tech and data market, this is where the Apple delete account requirement comes in.
As of June 30, 2022, Apple requires all applications submitted to the App Store the ability to allow users to delete their account and their data from any databases. The requirement further states that account deletion should be easy to access and allow deletion without delay.
The IOS delete account requirement is an important step towards data privacy, especially from a leading company in data collection. Whether a marketing ploy to win over the trust of the general populace or an honest step towards improvement, such a move has impacts in both the fields of data and the protection of personal information. This is backed by specific guidelines laid out by Apple in their terms of service.
Knowing the terms laid out in Apple’s delete account requirement will help extend widespread education on data privacy.
Data shows the Apple store contains roughly 1.6 million Apps available for downloaded.
With a significant number of applications requiring the collection and use of data, regulation can become incredibly difficult. Add that to the fact that many developers are good at silently collecting data and much of the general populace doesn’t fully understand how data collection works, and a privacy uproar seems inevitable.
Take, for example, a health application that tracks steps taken, heart rate monitoring, manual input (diet, weight, height), etc. Users of this application expect their health data to be collected, but they might not realize, or second guess, that such apps also tend to collect user location. This is something many applications do, including several that have no direct use for location tracking.
This is especially concerning if account creation is a significant part of the experience.
Account creation can provide both the developer and the user with several benefits. The user can keep track of personal statistics and progress depending on the purpose of the application while developers can keep track of user interest, user engagement, ways they can increase efficiency and interest within the app, etc. Yet having an account within a database means data is being collected, and where data is being collected, an app store delete account requirement should be implemented.
A database works by creating a table within which data can be stored. A table can include information such as:
This last option is where issues can lie.
Personal information held within a dataset includes personal email address, home address, billing address, current location, billing information, credit card information, etc. The ease this personal information can be stored should not be taken lightly. Any company can sell this information to third-party companies; this is generally not for malicious purposes, merely a hefty profit. The issue comes when a breach occurs and user data has become corrupted. Account deletion within apps plays a significant role in protecting your data, especially on iOS.
In the wrong hands, data can be a powerful tool for stealing identities, credit fraud, and human trafficking, amongst other questionable exploitations. While most major companies have a security system to avoid this, much of the public is better off not taking such risks, especially within such a vast library as Apple’s App Store.
Offering account deletion in your app is a significant way developers can help cut back on these issues.
The Apple account deletion guidelines state that as a developer applying to the App Store, if you allow or help a user create an account within the app, you are also required to include an option to delete the account. There are several guidelines that Apple outlines in regards to this Apple account deletion requirement, as well as a few caveats.
The following guidelines are given:
While not required, Apple also states the importance of including multiple options for users, including:
This latter account deletion request is useful in instances where users still have an active subscription that expires at some later date. In this case, communication with the user for when account deletion is expected and when the account has officially been deleted is expected.
Apple also states that the deletion requirement is not extended to applications that were created in the App Store before June 30, 2022; however, any future updates that are pushed to these pre-marketed applications will require the inclusion of user access to account deletion.
Read more: In-app account deletion for iOS and Android
Any technical update brings a fair share of questions. Let’s explore some of the most frequently asked about account deletion within apps here.
It depends on how regulated the industry is. Regulated industries are defined in App Store Review Guideline 5.1.1(ix):
Customer service flows may facilitate account deletion in the case of regulated industries, including phone calls, emails, or other support flows. Apps that do not fall within these regulation requirements should not require customer service flow options for account deletion.
Ensuring an account isn’t accidentally deleted should be a top priority, and Apple backs up this idea. Steps can be included to verify identity and confirm intent to delete the account. This can include entering a code sent via email or phone number.
Apple’s built-in API, Apple REST, should be used to revoke user tokens upon account deletion. This will remove any tokens that tie the user’s Apple account to the application.
Account deletion doesn’t have to be immediate or automatic but communication should be provided to the user. However, the time taken for the Apple delete user process should comply with local laws where the app is available.
All data associated with a user’s account must be deleted upon account deletion, which includes any content provided and shared by the user.
Note that some laws require data to be maintained, and users should be informed in such situations.
All users should be provided the same opportunity regardless of location. Any account deletion flows currently in place must extend to ALL users, so long as they meet the requirements of the App Store Review Guidelines.
Users should be notified upon account deletion that billing will continue through Apple regardless of their account deletion through the app.
It is the user’s responsibility to ensure any automatically renewing subscriptions through the App Store are canceled.
Ketch makes consent banner set-up a breeze with drag-and-drop tools that match your brand perfectly. Let us show you.
