Apple reminded developers this week their apps must include an option to easily delete user accounts, if their apps contain the ability for a user to create an account, noting the deadline is looming to make the change.
The requirement needs to be implemented starting June 30, 2022, as part of the App Store Review Guideline 5.1.1(v). Apple says it extended its original deadline for the requirement to give developers more time.
Apple details five requirements for apps set to be updated to meet this requirement:
- The account deletion option should be easy to find in your app.
- If your app offers Sign in with Apple, you’ll need to use the Sign in with Apple REST API to revoke user tokens when deleting an account.
- It’s insufficient to only provide the ability to temporarily disable or deactivate an account. People should be able to delete the account along with their personal data.
- Apps in highly-regulated industries may provide additional customer service flows to confirm and facilitate the account deletion process.
- Follow applicable legal requirements for storing and retaining user account information, and for handling account deletion. This includes complying with local laws in different countries or regions. As always, check with your legal counsel.
The App Store Review Guideline 5.1.1(v) explains:
(v) Account Sign-In: If your app doesn’t include significant account-based features, let people use it without a login. If your app supports account creation, you must also offer account deletion within the app. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or inviting friends to use the app are not considered core app functionality. The app must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app. An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.
Apple’s original deadline was January 31, 2022, but the company extended the date in an announcement made on January 22, 2022.