Apple Is Cracking Down on Apps That Shares Geolocation

Reports are coming in from app developers that Apple has started cracking down on applications that share location data with third-party services.

The crackdown comes after Apple has updated its App Store Review Guidelines to include sharing location data with third-parties as a punishable offence.

Apple is removing offending apps from the App Store

The company’s App Store employees are currently inspecting apps, removing offending applications from the App Store, and emailing developers to let them know of the change.

A developer who received such a message shared the email on Twitter on Monday. Reporters from 9to5Mac confirmed the crackdown with other developers in private conversations.

However, Apple is not removing all apps that share location data with third-parties. According to the email, Apple is only going after apps that extract this information and then share it with third parties without the user’s explicit consent.

Apple is explicitly targeting apps that included SDKs, frameworks, or libraries that collect this info, sometimes even without the app developer’s knowledge.

Such SDKs are often the ones created by advertising companies. While developers include these SDKs and libraries to help with adding ads to their apps, advertising companies sometimes abuse them to secretly collect and siphon more data on the app’s users than the developer had initially planned to share.

In the email, Apple specifically cites section 5.1.1 and 5.1.2 of its App Store Review Guidelines.

Legal – 5.1.1 & Legal 5.1.2
The app transmits user location data to third parties without explicit consent from the user and for unapproved purposes.

For this reason, your app will be removed from sale on the App Store at this time. To return your app for sale on the App Store, remove any code, frameworks, or SDKs that fall in line with the functionality described above and resubmit your app for review. Once a compliant version has been submitted and approved, your app will be returned for sale on the App Store.

Some news publications suggested that Apple has embarked on this campaign as the GDPR deadline is nearing in the EU. This is incorrect, as Apple would need to take many more privacy-focused measures to be fully GDPR compliant, and “apps not sharing location data” is only scratching the surface in the face of GDPR compliance. This is most likely Apple doing it’s regular “thing” and actively going after intrusive apps, as it regularly does.

Credit: BleepingComputer

CEH Course In pune | Slink

Jai Prajapati

Jai Prajapati is a security analyst and author for Securityleaks, where he passion for covering latest happening in cybersecurity world such as malware, breaches, vulnerabilities, exploits, white-papers, hacking newsbytes, Dark Web, hacking tutorials and a few more.

Leave a Reply

Your email address will not be published. Required fields are marked *