Any app in Apple’s App Store that requires account creation must provide an end-to-end pathway for in-app account deletion by June 30,2022. Announced at the 2021 Worldwide Developers Conference, Apple’s initial deadline for this functionality was January 31, 2022.
This post will outline what the new Apple deletion mandate requires, how developers can respond, and the potential impact on organizations who aren’t yet ready to efficiently address the influx of new account deletion requests.
At a glance: Apple’s new in-app deletion requirement
Who’s impacted? Any company with an app in the iOS App Store that offers account creation, but doesn’t yet offer an end-to-end option for in-app account deletion.
What’s the deadline? June 30, 2022
What’s the potential impact? Missing compliance could mean blocked updates or even removal of your iOS app.
Who will be involved in implementing this change?
- Privacy Engineering
- App Engineering
- Compliance or Legal
- UX/App Design
- Your data privacy infrastructure partner
The clock is ticking for iOS developers to offer in-app account deletion
In 2021, Apple updated its App Store Review Guidelines, stating that apps allowing for account creation must also allow users to delete their accounts from within the app.
The original deadline for in-app account deletion was January 31, 2022, but Apple has since extended the deadline to June 30, 2022. Despite this extension, the requirement itself remains unchanged.
“If your app doesn’t include significant account-based features, let people use it without a login. If your app supports account creation, you must also offer account deletion within the app.” - Apple App Store Review Guidelines
Unlike most regulatory regimes which allow companies to use manual processes (like forcing consumers to send a deletion request via email), Apple’s new requirement puts the onus on developers.
In the deadline extension announcement, Apple included additional guidelines outlining what developers should consider when building their in-app account deletion functionality, stating:
- The in-app account deletion option should be easy for users to find
- Users should be able to delete personal data while deleting their account
- Providing a mechanism for temporary account deactivation is insufficent
- Additional support flows may be required for apps in “highly-regulated” industries
- Apps should continue to follow relevant local laws in regards to storing user account information
Apple’s original memo on the policy change also reminds app owners to use this deadline to ensure that in-app privacy policies clearly explain, “what data your app collects, how it collects that data, all uses of that data, your data retention/deletion policies, and more…”
The new deadline for the in-app deletion requirement is June 30, 2022, and with only a few months left before the deadline, many popular iOS apps still don’t have the required functionality.
Want a shareable version of this post? Download the PDF version here!
Implications for non-compliance
Apple has yet to state what will happen to apps found to be non-compliant. However, the consensus speculation is that those apps will have future updates blocked or potentially face deletion.
Either way, it’s safe to say any organization relying on in-app traffic and associated revenue shouldn’t risk a roadblock when their app’s next update is up for review.
In terms of next steps for your mobile development and engineering teams, the implications of this shift largely depend on what, if any, deletion workflows already exist in your app.
Updated guidance on full deletion vs. initation
If your app doesn’t require account creation, this update is no cause for concern. However, if your app does require account creation, you must ensure users can complete full account deletion from within the app.
This emphasis on an end-to-end in-app mechanism represents another shift from the original guidance, in which Apple stated that:
“…all apps that allow for account creation must also allow users to initiate deletion of their account from within the app.” (our emphasis added)
This statement led to speculation that, if developers provided a way to initiate account deletion within the app, they wouldn’t necessarily need to provide a mechanism for full deletion. However, it’s since been made clear that the focus must be on building out a full in-app account deletion flow.
Apple also noted in it’s original guidance that for those apps requiring account creation, developers should take a data minimization approach and evaluate if a login is even necessary. For some, removing account creation functionality could be the best option.
Alternatively, if you’re using a privacy infrastructure platform like Transcend that encodes and automates this process throughout your tech stack, you’re in a strong position already.
Manual account deletion workflows will not be enough
For those who don’t have an automated in-app account deletion workflow in place, the work needs to start now.
Under the original guidance, where it seemed like deletion initiation may be enough, manual workflows could have been an effective stop gap measure–a user initiates deletion within the app and then an internal team manually fulfills the request.
However, with the latest clarification, it’s clear that manual workflows are incompatible with an end-to-end in-app deletion process.
Want a shareable version of this post? Download the PDF version here!
There’s some conjecture as to whether Apple’s guidance refers to merely automating account deletion to your main authentication/user database, or to the complete deletion of an account holder’s personal data i.e. closer to how GDPR and CCPA define deletion.
Our recommendation is to choose the latter path for two reasons. For one, it ensures you’re building for the widest possible compliance scenario. Remember, outside GDPR and CCPA, there are over 15 state privacy laws being considered in 2022, with three (California, Colorado, and Virginia) coming into full force in 2023.
More importantly, it shows respect for your user’s data agency. At the end of the day, it’s reasonable for your account holders to expect that when they hit delete, they mean delete — and a marketing email the next day could very well destroy any hope of a user returning in the future.
Good news for those who already have automated account deletion
If you have programmatic deletion workflows already in place, that don’t involve humans completing manual steps, you’re more than halfway there in terms of complying with Apple’s requirement. Your attention then turns to integrating that flow into your in-app surface.
You’ll want to expose an interface that allows your account holders to prove their identity and tap a button or link to initiate their account deletion within your application. Your UX/UI teammates will be able to assist in terms of placement within existing navigation, but the path of least resistance would be to embed the interface you’ve already built in your web application for this same purpose.
When redirecting the user from within your mobile app to such a web view, you will likely want to maintain the session between the mobile app and the web browser. One way to do this would be to use a JWT (JSON Web Token) magic link.
Once the user is logged in on your mobile app, your backend can sign a short-lived JWT that attests to the user’s authenticated session and serve up that JWT to the iOS client.
Going a level deeper, your deletion button or link that initiates account deletion could be implemented as a simple redirect to your web client (for example, to redirect to https://my.company.website.com/account-deletion#JWT). Your browser could then parse out the JWT from the hash URL parameter, verify that it was signed by your backend, and if so, automatically log that user into the web client where they can initiate the account deletion.
Once the deletion is triggered, your chosen workflows can then go to work actioning the deletion across your internal databases and other connected data systems, with a confirmation of deletion sent to the user most likely via email once the job is automatically completed.
Watch out! With a likely increase in deletion request traffic, if you haven’t already enabled in-app deletion, use this moment to make sure your current workflow is checking these two boxes:
You’re deleting personal data across all systems in use, so don’t forget SaaS vendors (like the ones you use to send marketing emails)
You have appropriate deletion dependencies in place so no data is accidentally being recreated in one of your systems as part of the deletion process
How Transcend can help
If you don’t have a large or established privacy engineering team or are looking for a more efficient approach to privacy code development, then it makes sense to find an engineered data privacy infrastructure partner like Transcend.
We can handle your privacy request fulfillment needs, from iOS in-app account deletion to GDPR compliance, and get you technically ready for any new laws on the horizon — all built on a robust security architecture.
In the case of this specific requirement, a new customer could get set up using our prebuilt workflows and connections and be in a place to hand a link off to your mobile developers in just a couple of hours. This would ensure that when a user submits a deletion request, you’ll be fulfilling their request across your core user database.
Once connected to your app, your users can then securely authenticate as described above, and Transcend can delete data across your data systems via webhook or other integration methods.
It’s very likely that Apple’s requirements will continue to strengthen - evolving from initiating deletion to requiring personal data visibility within an app where an account is created.
With Transcend, you’ll be well equipped to handle any permutations or evolution of the app guidelines here. And it goes beyond app-based deletion.
Partnering with a data privacy infrastructure partner like Transcend means when it comes time to comply with the trio of new U.S. privacy laws in California and Virginia on January 1, 2023, and Colorado on July 1, 2023, you’ll already have a platform in place to seamlessly comply.
Come June 30, 2022, apps in Apple’s App Store that offer account creation must provide a way for users to complete account deletion from within the app itself. The technical implications of this change depend on the data deletion workflows you have in place.
Apple’s update is part of a broader change driven by modern privacy laws, and implementing infrastructure to automate data orchestration and deletion will put organizations in a strong position for future data rights compliance.
Transcend is the privacy platform that makes it easy to encode privacy across your tech stack.
Our technology moves companies into the future of data privacy with freed-up resources, enhanced regulatory stances for the laws of today and tomorrow, and stronger relationships with their customers through respectful and compliant data transparency, consent, and control.
Transcend Privacy Requests orchestrates all user information from a company’s databases, SaaS tools, and applications in one powerful system. Plus, their users are confident their preferences are seen, understood, and valued.
Transcend Consent peels away technical complexity and makes user consent all about open and honest communication — the foundation of every healthy relationship. This lightweight bundle goes beyond cookies to ensure nothing is tracked without user consent, plus saves time and resources on configuration, all without sacrificing site performance or UX.
Transcend Data Mapping keeps tabs on all data records, owners, and systems changes, and includes actionable privacy governance like fulfilling privacy requests and auto-generating Records of Processing Activities (ROPA).