Allowing apps without privacy policies is something of an obvious hole that Apple should have already plugged, given its generally protective nature over user data. But the change is even more critical now that Europe’s GDPR regulations have gone into effect. Though the app makers themselves would be ultimately responsible for their customers’ data, Apple, as the platform where those apps are hosted, has some responsibility here, too.
Platforms today are being held accountable for the behavior of their apps, and the data misuse that may occur as a result of their own policies around those apps.
Facebook CEO Mark Zuckerberg, for example, was dragged before the U.S. Senate about the Cambridge Analytica scandal, where data from 87 million Facebook users was inappropriately obtained by way of Facebook apps.
The new policy will be required for all apps and app updates across the App Store as well as through the TestFlight testing platform as of October 3, says Apple.
What’s not clear is if Apple itself will be reviewing all the privacy policies themselves as part of this change, in order to reject apps with questionable data use policies or user protections. If it does, App Store review times could increase, unless the company hires more staff.
Apple has already taken a stance on apps it finds questionable, like Facebook’s data-sucking VPN app Onavo, which it kicked out of the App Store earlier this month. The app had been live for years, however, and its App Store text did disclose the data it collected was shared with Facebook. The fact that Apple only booted it now seems to indicate it will take a tougher stance on apps which are designed to collect user data as one of their primary functions going forward.