Apple has taken it upon themselves to do a number of things in the new developer agreement for iPhone OS 4.0 – you’ll have heard of one probably (that Apple Vs Adobe thing…), but in addition to cutting off the life blood of Adobe’s flash -> iPhone app, Apple have told developers that sharing user data for anything other than the specific services/functionality of the application itself is now strictly prohibited.
Interesting news indeed for iPhone developers. What this effectively means is that any applications that use third party APIs to send/receive data on behalf of the user need to reassess their applications. A few things this article says Apple state are:
- All user data captured by an application must be for the sole use of that application only (like the Facebook app for example). The use of location based data for targeted advertising is strictly prohibited
- You may only send user data to a third party which is specific to the services/functionality of your application and also only if the user has given consent. Example: User updates status on Twitter, presses a “Send” button to confirm sending of said tweet.
- Sending device data to any third party for analysis is now strictly prohibited. Think mobile analysis services such as Flurry here. Presumably you can send this to yourself as the developer though.
So what does this all mean? Well there’s a few reasons for it.
iAds
When Apple launched the iPhone 4.0 OS they also launched a new developer API/service called iAds, which is mobile advertising from Apple. It appears that despite the fact Apple think that current mobile advertising “sucks”, they’re not going to stop the use of it from other services, but they will try and make them useless to ensure use of their service.
With the above in place, you as a developer can effectively only ever show ads from another service that rely on no user data at all. So non-targetted advertisements.
User Privacy
The above new restrictions actually works in favour for the consumer ultimately. It prohibits any kind of usage data being broadcast to anyone other than the developer themselves.
What you effectively have right now are a whole bunch of applications using third party services to analyse how you use your applications, and can share pretty much anything they wish with them. The above now stops that completely.
This does seem over extreme though. If we look at web applications, developers are free to integrate things such as Google Analytics to analyse device data such as browser used, OS, etc etc without individual user consent. Apple are effectively saying this is a no no, and only you yourself as the developer of the application can provide that service to yourself.
It also means thwarts companies like Flurry from leaking information about future Apple products. If no applications provide device data to third parties, no third parties can provide generic data back to the world, and find potential “new” or “unrecognised” devices.
If Apple are going to stop this though, they need to help developers out a bit in order to understand application usage. Right now, if you use no third party APIs to analyse usage of your application, you effectively know nothing. You get your download numbers from Apple, and that’s it.
Where’s the middle ground on this one? It seems mental that every developer individually will have to develop their own way to understand application usage. A definite gap here that needs to be filled.
Impact on Social Media applications
Apple specifically states in the new user agreement:
You may only provide or disclose User Data to third parties as necessary for providing services or functionality for the Application that collected the User Data, and then only if You receive express user consent.
Whilst their example around this is around posting a message to a third party, this could have other ramifications. Think about applications that on launch refresh a list of messages, or tweets for example. When an application does this, it has to exchange your user credentials with an API, therefore this could be classed as user data.
The impact of that therefore is applications that auto refresh data on load, or every x mins may now be restricted in doing that unless prior consent has been given by a user? It’s a minimal dev effort to add a consent in the app preferences, but it’s a hurdle which is not immediately apparent.
I can think of dozens of apps that I use myself which use my credentials to refresh various bits of data in apps without me saying “Yes, do it”. In addition though, will developers need to be granular on this, and specifically get consent for all different reasons why specific data is sent/received in an application? Or can a developer provide a catch all consent?
Existing Applications
I do wonder though about how this can be put into practise effectively for applications which currently exist, and may not necessarily update for 4.0. For example, if you have an app which uses third party services, and don’t update it to 4.0, it therefore doesn’t pass the noses of Apple again – can it remain on the store?
Are Apple going to goto a major effort to re-screen all existing applications? I doubt it. So they’re banking on all developers updating their apps, which is unlikely.
Similar Articles:
The Major Change in iPhone 3.1
iPhone 3.1.2 Released - Features & Changes
Learnings from my iPhone App Submission Process
Imagine a Wireless Sync World! (CC: Apple)
Designing iPhone Apps - Expenditure
Apple is full of shit… Let’s bycot this communist corporation!!!!
John, you say, back to web development?
No, thanks.
“It also means thwarts companies like AdMob from leaking information about future Apple products. If no applications provide device data to third parties, no third parties can provide generic data back to the world, and find potential “new” or “unrecognised” devices.”
Did Admob ever do this? I thought it was Flurry that did this stuff. That would suck if they block Flurry, how will we get app analytics? Will Apple give better analytics on itunesconnect?
You’re right it was flurry!
A twitter app sending your twitter credentials to twitter to get your updates, would be something that is integral to the operation of the app. This would be fine by those rules, and expected by the user.
A standalone game that you play on your phone, quietly sending stats back to a central server without your knowledge is something completely different.
Transparency to the user in exactly what is being shared with whom, is the aim of this kind of rule.
The shoddy privacy practices of sites like Google and Facebook, shouldn’t be allowed to become normal practice. People should expect to be able to use apps without them leaking data all over the place.
No matter how “useful” this information might be to the developers and advertising networks. It should be something that is provided with the user’s consent. Systems that leak by default, and expect people to opt-out, are disrespectful of their users.
Wow! I guess you learn something new every day! Your blog entry has just proved this (and others come to think of it)! I look forward to more of ‘em. Thanks!