[Free Guide] How to choose the right privacy management solution for your organization

Apple delete account requirement

How Apple highlights the significance of data privacy concerns in mobile applications through delete account requirement to address user distrust.
Tags
Read time
7 min read
Published
June 30, 2022
Ketch is simple,
automated and cost effective
Book a 30 min Demo

The collection and use of data have become a double-edged sword. Data can be used to increase workload efficiency and business profit through data analysis and machine learning modeling. Data can also be used to steal personal information or to make a quick buck. 

Data privacy remains a hot topic.

Indeed, many distrust how their data is being used, and that number continues to grow. This data unrest pushes companies and developers alike to divulge what data is being collected, why it is being collected, and what is being done to protect it. 

The General Data Protection Regulation (GDPR) has spearheaded this push for privacy, passing several articles to protect the general population. Recently, this has extended into the world of mobile applications, where Apple implemented an IOS delete account requirement. This comes in the wake of the GDPR passing Chapter 3 Article 17, Right to erasure (‘right to be forgotten’), which states that everyone has the right to have their collected personal data removed or ‘forgotten’ as they see fit. As a major provider in the tech and data market, this is where the Apple delete account requirement comes in. 

As of June 30, 2022, Apple requires all applications submitted to the App Store the ability to allow users to delete their account and their data from any databases. The requirement further states that account deletion should be easy to access and allow deletion without delay. 

The IOS delete account requirement is an important step towards data privacy, especially from a leading company in data collection. Whether a marketing ploy to win over the trust of the general populace or an honest step towards improvement, such a move has impacts in both the fields of data and the protection of personal information. This is backed by specific guidelines laid out by Apple in their terms of service. 

Knowing the terms laid out in Apple’s delete account requirement will help extend widespread education on data privacy.

Account Deletion Within IOS

Data shows the Apple store contains roughly 1.6 million Apps available for downloaded.

With a significant number of applications requiring the collection and use of data, regulation can become incredibly difficult. Add that to the fact that many developers are good at silently collecting data and much of the general populace doesn’t fully understand how data collection works, and a privacy uproar seems inevitable.

Take, for example, a health application that tracks steps taken, heart rate monitoring, manual input (diet, weight, height), etc. Users of this application expect their health data to be collected, but they might not realize, or second guess, that such apps also tend to collect user location. This is something many applications do, including several that have no direct use for location tracking. 

This is especially concerning if account creation is a significant part of the experience.

Account creation can provide both the developer and the user with several benefits. The user can keep track of personal statistics and progress depending on the purpose of the application while developers can keep track of user interest, user engagement, ways they can increase efficiency and interest within the app, etc. Yet having an account within a database means data is being collected, and where data is being collected, an app store delete account requirement should be implemented.

A database works by creating a table within which data can be stored. A table can include information such as:

  • Username
  • Password (hidden and hashed if you are dealing with a developer who knows what they’re doing)
  • Progress information
  • Personal information

This last option is where issues can lie. 

Personal information held within a dataset includes personal email address, home address, billing address, current location, billing information, credit card information, etc. The ease this personal information can be stored should not be taken lightly. Any company can sell this information to third-party companies; this is generally not for malicious purposes, merely a hefty profit. The issue comes when a breach occurs and user data has become corrupted. Account deletion within apps plays a significant role in protecting your data, especially on iOS.

In the wrong hands, data can be a powerful tool for stealing identities, credit fraud, and human trafficking, amongst other questionable exploitations. While most major companies have a security system to avoid this, much of the public is better off not taking such risks, especially within such a vast library as Apple’s App Store.

Offering account deletion in your app is a significant way developers can help cut back on these issues.

Apple Account Deletion Guidelines

The Apple account deletion guidelines state that as a developer applying to the App Store, if you allow or help a user create an account within the app, you are also required to include an option to delete the account. There are several guidelines that Apple outlines in regards to this Apple account deletion requirement, as well as a few caveats. 

The following guidelines are given:

  • Apple account creation must provide the capability for account deletion.
  • Information that is clear and easy to follow regarding account deletion is required.
  • Direct links must be provided if account deletion can only be done through a website.
  • External website links provided must be easy to find and not buried in the Terms of Service.
  • Tokens associated with accounts linked through Apple account creation must be revoked upon account deletion.
  • Account deletion should be consistent across both the website and the App Store application.
  • Users should be informed throughout the deletion process, including when account deletion is expected and when it has been completed.
  • Users should be educated on how billing works during account cancellation if in-app purchases are supported.

While not required, Apple also states the importance of including multiple options for users, including:

  • Immediate deletion of account records and personal data.
  • Temporary account deactivation.
  • Future account deletion. 

This latter account deletion request is useful in instances where users still have an active subscription that expires at some later date. In this case, communication with the user for when account deletion is expected and when the account has officially been deleted is expected. 

Apple also states that the deletion requirement is not extended to applications that were created in the App Store before June 30, 2022; however, any future updates that are pushed to these pre-marketed applications will require the inclusion of user access to account deletion.

Apple Account Deletion FAQs

Any technical update brings a fair share of questions. Let’s explore some of the most frequently asked about account deletion within apps here. 

Can I send users to our customer service for account deletion?

It depends on how regulated the industry is. Regulated industries are defined in App Store Review Guideline 5.1.1(ix):

  • Banking and financial services
  • Healthcare
  • Gambling
  • Legal cannabis use
  • Air travel

Customer service flows may facilitate account deletion in the case of regulated industries, including phone calls, emails, or other support flows. Apps that do not fall within these regulation requirements should not require customer service flow options for account deletion.

What can I do to make sure an account isn’t deleted by accident or by someone other than the account holder?

Ensuring an account isn’t accidentally deleted should be a top priority, and Apple backs up this idea. 

Steps can be included to verify identity and confirm intent to delete the account. This can include entering a code sent via email or phone number. 

How do I provide account deletion to users who sign in through their Apple account?

Apple’s built-in API, Apple REST, should be used to revoke user tokens upon account deletion. This will remove any tokens that tie the user’s Apple account to the application.

Does account deletion need to be immediate and automatic?

Account deletion doesn’t have to be immediate or automatic but communication should be provided to the user. However, the time taken for the Apple delete user process should comply with local laws where the app is available.

Does user-created content need to be deleted on an app that supports content creation?

All data associated with a user’s account must be deleted upon account deletion, which includes any content provided and shared by the user. 

Note that some laws require data to be maintained, and users should be informed in such situations.

My app follows CCPA/GDPR and some local laws, is this enough to meet the requirement?

All users should be provided the same opportunity regardless of location. Any account deletion flows currently in place must extend to ALL users, so long as they meet the requirements of the App Store Review Guidelines. 

How do I handle users with auto-renewable subscriptions?

Users should be notified upon account deletion that billing will continue through Apple regardless of their account deletion through the app. 

It is the user’s responsibility to ensure any automatically renewing subscriptions through the App Store are canceled.

Tags
Read time
7 min read
Published
June 30, 2022
Need an easy-to-use consent management solution?

Ketch makes consent banner set-up a breeze with drag-and-drop tools that match your brand perfectly. Let us show you.

Book a 30 min Demo

Continue reading

Product, Privacy tech, Top articles

Advertising on Google? You must use a Google Certified CMP

Sam Alexander
3 min read
Marketing, Privacy tech

3 major privacy challenges for retail & ecommerce brands

Colleen Barry
7 min read
Marketing, Privacy tech, Strategy

Navigating a cookieless future with Google Privacy Sandbox

Colleen Barry
7 min read
Get started
with Ketch
Begin your journey to simplified privacy operations and granular data control across the enterprise.
Book a Demo