Apple's demand for in-app account deletion: how does it affect your app?

Jul 14, 2022

Apple's demand for in-app account deletion: how does it affect your app?

Apple originally intended to push developers to support account deletion by January 31, 2022, however the regulation was applied as part of changes to the App Store that were announced in June 2021. The rule will now go into effect in June this year after being delayed in order to give developers more time to make improvements.

All apps that allow users to establish new accounts must, as of June 30, 2022, also include a means for users to erase those accounts if they so want. These modifications are described in App Store Review Guidelines 5.1.1(v), which also outlines what apps are permitted to do and are not permitted to do in relation to account sign-in.

“As stated in App Store Review Guideline 5.1.1, apps that offer account creation must provide users to initiate account deletion within the app as of June 30, 2022. (v).” 

What does this mean for your app is one of the first queries that app developers will have. There are many iOS apps that enable users to create accounts, although the particular instructions for doing so are a little hazy. It's crucial to know exactly what is needed because Apple will start rejecting apps that don't meet the requirements. Here are a few inquiries we made:

  • Is it sufficient to merely revoke account access?
  • Do you have to remove every piece of user information connected to the account?
  • What about accounts covered by commercial contracts that are impeachable by law?
  • What is covered by the "initiation of deletion"?

Apple provided further instructions highlighting factors developers should take into mind while creating their in-app account deletion functionality in the deadline extension notification, stating:

  • The in-app account deletion option must be simple to find for users
  • In addition to deactivating their account, users should be allowed to erase personal information
  • It is insufficient to only provide a method for momentary account deactivation
  • Apps in "highly regulated" businesses might need additional support flows
  • Apps should keep abiding by pertinent local legislation when maintaining user account information

This upgrade shouldn't worry you as a developer if your app doesn't demand account setup. If your app does demand account creation, you must guarantee that users can completely delete their accounts from within the app.

In terms of meeting Apple's requirement, you're already more than halfway there if you have automated deletion operations set up that don't require manual work from humans. The next step is to include that flow into the user interface of your program.

Potential Options to Comply with Apple Account Deletion Regulations

The first thing to think about is if your software enables end users to register for an account. You might not need to worry about this rule if your app only allows users to log in to their existing accounts, without allowing them to register for new ones.

However, if your software is one of the numerous that allow users to create accounts, you will probably be subject to this new regulation. You must therefore choose the best immediate course of action to comply or risk being excluded from upcoming App Store releases after the deadline.

Here are some options that could be taken into account:

Option 1. Permit the user to send a request through the app to a customer care agent, sending the user's data (login ID, account number, etc.) to them. This could be done by sending an email or posting a simple form. This would meet the demand that users be able to "initiate deletion" of the account.

Option 2. Create a feature that enables users to "delete my account" from the app's settings or account screens (after login). It might only take a single click to set a flag in your database to prevent that particular account from logging in. Please just make sure to ask the person. Check to see if the user hasn't mistakenly asked for their account to be deleted because this is a very destructive conduct.

Option 3. Remove all user account information. There will be some apps that do not need the retention of any user data for legal or other reasons, even though this is a fairly drastic option that most apps would not be able to support. If you fall into this category, you are in the lead and will find it much simpler to adhere to Apple's future data retention requirements. This strategy is excessive, though, as there are currently no regulations to destroy user data outside of the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) in Europe. Instead, we advise choosing one of the first two alternatives while you develop a more effective user data management approach.

You may get more information on deleting an in-app account on the Apple Developer Website

Risks of non-compliance

What will happen to apps that are found to be non-compliant is not yet known from Apple. However, it is widely believed that those programs will either have future upgrades banned or maybe be deleted.

In either case, it's reasonable to assume that any company that depends on in-app traffic and related income shouldn't run the danger of hitting a roadblock when their app's upcoming upgrade is being evaluated.

The significance of this change for your mobile development and engineering teams will primarily rely on whether your app currently has deletion mechanisms in place, if any.

How Innovation Feel can help

Finding a partner for engineered data privacy infrastructure like Innovation Feel makes sense if you lack a large or experienced privacy engineering team or are searching for a more effective method of privacy code development.

You'll be prepared to handle any variations or evolution of app guidelines with us. Additionally, it extends beyond app-based deletion.

Please contact us at letsgo@innovationfeel.com if you'd want to know more about how Innovation Feel  is guiding its partners through these new iOS requirements and how to develop compliant key options.