はじめに
これは2019年6月3日付けで変更された App Store 審査ガイドラインの翻訳&差分ガイドです。
前回からの主な変更点は、プライバシー周りの強化です。条件付きで許容されていた「子ども向けの」広告や測定ツールは、サードパーティ製を全て禁止に。VPN や MDM のデータ開示は、どのような条件でも禁止に。個人情報の収集は、公共データベースであったとしても、直接本人の同意が必要になるなど。
一部用語の表記が変わりましたが、third party が third-party に、emojis が emoji に変わっただけの箇所は修正項目から除外しています。
今回は、News and Updates に変更点がまとめられています。でも、ガイドライン本文と見比べてみると、「Guideline 5.1.1(vii)」は (viii) の誤植、「Guideline 5.1.1(i)」は (ii) の誤植な気がする。
Sign In with Apple
先のお知らせには、WWDC 2019 で発表された「Sign In with Apple」の予告が記載されており、
It will be required as an option for users in apps that support third-party sign-in when it is commercially available later this year.
今後、サードパーティログイン (Google ログインや Facebook ログインなど) を採用するアプリは、「Sign In with Apple」を選択肢に含める必要があります。
「Sign In with Apple」は、API を眺める限りでは、iOS 13.0 以降対応。個人的には実装負担よりも、サードパーティログインの既存アプリが、前世代の iOS 12 ですらサポートできなくなることの影響が大きい気がする。available で環境を切り分けて iOS 13 未満は「Sign In with Apple」ボタンを非表示、が許容されるか否かで開発者は決断を迫られそう。
新規項目
4.2.7 Remote Desktop Clients:
(e) クラウドベースのシンクライアントは App Store に不適切。
Thin clients for cloud-based apps are not appropriate for the App Store.
項目名が Remote Application Mirroring から Remote Desktop Clients に変更されたことや、他項目を含めて考えると、リモートアプリに対する方針は明確。既存アプリは 2019 年 9 月 3 日までに要対応。
4.7 HTML5 Games, Bots, etc.
旧 (4) は 新 (5) に移動。
(4) 現金が関与する機能は不可。
does not provide access to real money gaming, lotteries, or charitable donations;
既存アプリは 2019 年 9 月 3 日までに要対応。
(6) 電子商取引は不可。
does not support digital commerce.
既存アプリは 2019 年 9 月 3 日までに要対応。
5.1.1 Data Collection and Storage
(viii) いかなる情報源でも同意なく個人情報を収集するアプリは不可。
Apps that compile personal information from any source that is not directly from the user or without the user’s explicit consent, even public databases, are not permitted on the App Store.
5.5 Mobile Device Management
旧 5.5 は 新 5.6 に移動。
モバイルデバイス管理 (MDM) サービスはアップルに申請が必要。サービス提供者は企業限定。使用前にユーザデータの用途説明を明示。いかなる目的でも第三者にデータを開示しないことをプライバシーポリシーに含める必要有。違反者は開発者登録を抹消。
Mobile Device Management Apps that offer Mobile Device Management (MDM) services must request this capability from Apple. Such apps may only be offered by commercial enterprises (such as business organizations, educational institutions, or government agencies), and in limited cases, companies using MDM for parental control services. You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. MDM apps must not violate local laws. Apps offering MDM services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program.
must request this capability from Apple は、以前からある MDM ベンダー登録のはず。この項目は新規というより既存の内容が明示されただけで、「ペアレンタルコントロール
アプリケーションについての事実」の騒動への対応。
修正項目
1.1 Objectionable Content
不快なコンテンツは不可。
Apps should not include content that is offensive, insensitive, upsetting, intended to disgust, in exceptionally poor taste, or just plain creepy. Examples of such content include:
or just plain creepy を追記。
1.1.3 武器の違法使用や購入を助長する描写。
Depictions that encourage illegal or reckless use of weapons and dangerous objects, or facilitate the purchase of firearms or ammunition.
or ammunition を追記。
1.3 Kids Category
キッズカテゴリのアプリにサードパーティの広告や測定を含めることは不可。子どもからのオンラインデータ収集は世界中のプライバシー法令に注意。
Apps in the Kids Category may not include third-party advertising or analytics. You should also pay particular attention to privacy laws around the world relating to the collection of data from children online. Be sure to review the Privacy section of these guidelines for more information.
これまでは「行動追跡型」でなければ許容されていたが、今後は「サードパーティ」の広告を不可に変更。既存アプリは 2019 年 9 月 3 日までに要対応。
1.4 Physical Harm
1.4.3 薬物・酒・タバコの助長は不可。マリファナやタバコなどの販売促進は不可。
Apps that encourage consumption of tobacco and vape products, illegal drugs, or excessive amounts of alcohol are not permitted on the App Store. Apps that encourage minors to consume any of these substances will be rejected. Facilitating the sale of marijuana, tobacco, or controlled substances (except for licensed pharmacies) isn’t allowed.
and vape を追記。「vape」は、電子タバコの一種らしい。
1.4.5 デバイスや人を損傷させる使用方法は不可。
Apps should not urge customers to participate in activities (like bets, challenges, etc.) or use their devices in a way that risks physical harm to themselves or others.
具体例の記述が新 2.4.2 に移動。
2.3 Accurate Metadata
2.3.10 各環境向けに最適化。他のモバイルプラットフォームに関する言及は不可。アプリと無関係の情報は不可。
Make sure your app is focused on the iOS, Mac, Apple TV or Apple Watch experience, and don’t include names, icons, or imagery of other mobile platforms in your app or metadata, unless there is specific, approved interactive functionality. Make sure your app metadata is focused on the app itself and its experience. Don’t include irrelevant information, including but not limited to information about Apple or the development process.
Make sure your app metadata is focused on the app itself and its experience. Don’t include irrelevant information, including but not limited to information about Apple or the development process. を追記。
2.4 Hardware Compatibility
2.4.2 バッテリー消耗・発熱・リソース消費が激しいアプリは不可。無関係なバックグラウンド処理は不可。
Design your app to use power efficiently and be used in a way that does not risk damage to the device. Apps should not rapidly drain battery, generate excessive heat, or put unnecessary strain on device resources. For example, apps should not encourage placing the device under a mattress or pillow while charging or perform excessive write cycles to the solid state drive. Apps, including any third-party advertisements displayed within them, may not run unrelated background processes, such as cryptocurrency mining.
and be used in a way that does not risk damage to the device を追記。
具体例の記述が旧 1.4.5 から移動。
2.5 Software Requirements
2.5.5 IPv6 環境に完全対応。
Apps must be fully functional on IPv6-only networks.
表現が may から must に変更。
2.5.14 ユーザの活動情報を記録するための要求は視覚的に明示。
Apps must request explicit user consent and provide a clear visual and/or audible indication when recording, logging, or otherwise making a record of user activity. This includes any use of the device camera, microphone, screen recordings, or other user inputs.
and/or audible と screen recordings を追記。
3.1 Payments
3.1.2 (a)
項目数が 8 から 9 に増えたが、最後の項目を 2 分割しただけ。
3.2 Other Business Model Issues
3.2.2 (vi) 使用条件の付加。レビューや他アプリのダウンロードの強要。
Apps should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc. Apps should not require users to rate the app, review the app, watch videos, download other apps, tap on advertisements, or take other similar actions in order to access functionality, content, use the app, or receive monetary or other compensation, including but not limited to gift cards and codes.
including but not limited to gift cards and codes を追記。
4.2 Minimum Functionality
4.2.7 Remote Desktop Clients:
項目名を Remote Application Mirroring から Remote Desktop Clients に変更。
(a) アプリはユーザ所有の PC かゲーム機にローカルネットワーク接続。
The app must only connect to a user-owned host device that is a personal computer or dedicated game console owned by the user, and both the host device and client must be connected on a local and LAN-based network.
The host device is a personal computer を The app must only connect to a user-owned host device that is a personal computer or dedicated game console に変更。
4.3 Spam
類似アプリの量産は不可。スパム行為は開発者登録を抹消。
Don’t create multiple Bundle IDs of the same app. If your app has different versions for specific locations, sports teams, universities, etc., consider submitting a single app and provide the variations using in-app purchase. Also avoid piling on to a category that is already saturated; the App Store has enough fart, burp, flashlight, and Kama Sutra apps, etc. already. Spamming the store may lead to your removal from the Developer Program.
, etc. を追記。
5.1 Privacy
5.1.1 Data Collection and Storage
5.1.1 (ii) Permission ユーザデータの収集は匿名性に関わらず同意が必要。同意許可に依存する有料機能は不可。簡単に同意を取り消せる必要有。GDPR など適用法律を遵守。
Apps that collect user or usage data must secure user consent for the collection, even if such data is considered to be anonymous at the time of or immediately following collection. Paid functionality must not be dependent on or require a user to grant access to this data. Apps must also provide the customer with an easily accessible and understandable way to withdraw consent. Ensure your purpose strings clearly and completely describe your use of the data. Apps that collect data for a legitimate interest without consent by relying on the terms of the European Union’s General Data Protection Regulation (“GDPR”) or similar statute must comply with all terms of that law. Learn more about Requesting Permission.
even if such data is considered to be anonymous at the time of or immediately following collection を追記。
5.1.3 (i) HealthKit API などから収集した健康・フィットネス・医療データは同意を得たヘルスケア以外の目的に使用不可。事業者によるアプリ提供であればユーザに対して健康・フィットネスデータを使用した利益提供が可能。
Apps may not use or disclose to third parties data gathered in the health, fitness, and medical research context—including from the Clinical Health Records API, HealthKit API, Motion and Fitness, MovementDisorderAPIs, or health-related human subject research—for advertising, marketing, or other use-based data mining purposes other than improving health management, or for the purpose of health research, and then only with permission. Apps may, however, use a user’s health or fitness data to provide a benefit directly to that user (such as a reduced insurance premium), provided that the app is submitted by the entity providing the benefit, and the data is not be shared with a third party. You must disclose the specific health data that you are collecting from the device.
Apps may, however, use a user’s health or fitness data to provide a benefit directly to that user (such as a reduced insurance premium), provided that the app is submitted by the entity providing the benefit, and the data is not be shared with a third party. You must disclose the specific health data that you are collecting from the device. を追記。
5.1.4 Kids
下記 2 点は追加文。既存アプリは 2019 年 9 月 3 日までに要対応。
子ども向けのアプリにサードパーティの広告や測定を含めることは不可。
Apps intended for kids may not include third-party advertising or analytics.
キッズカテゴリのアプリからデータを収集して第三者に送信することは不可。
Collecting and transmitting data to third parties from apps in the Kids category is not allowed.
5.4 VPN Apps
VPN には NEVPNManager を使用。サービス提供は組織の開発者限定。使用前にユーザデータの用途説明を明示。対象地域の法令を遵守。いかなる目的でも第三者にデータを開示しないことをプライバシーポリシーに含める必要有。ライセンス情報は App Review Notes に記載。違反者は開発者登録を抹消。
Apps offering VPN services must utilize the NEVPNManager API and may only be offered by developers enrolled as an organization. You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. Apps offering VPN services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. VPN apps must not violate local laws, and if you choose to make your VPN app available in a territory that requires a VPN license, you must provide your license information in the App Review Notes field. Parental control, content blocking, and security apps, among others, from approved providers may also use the NEVPNManager API. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program.
on an app screen prior to any user action to purchase or otherwise use the service. Apps offering VPN services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy を追記。
Parental control, content blocking, and security apps, among others, from approved providers may also use the NEVPNManager API. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program. を追記。