iOS
AppStore

新 App Store 審査ガイドライン 翻訳&差分ガイド 2018年6月号

はじめに

これは2018年6月4日付けで変更された App Store 審査ガイドラインの翻訳&差分ガイドです。

前回からの主な変更点は、iOS 12 関連、試用期間、仮想通貨、リモートデスクトップ、プライバシー周りなどです。

試用期間は、これまでサブスクリプションで対応していましたが、これからは非消耗型アイテム (Tier 0) で対応可能です。

仮想通貨について、特にデバイス上でのマイニングは 2.4.2 と 3.1.5 で釘を刺されています。

リモートデスクトップについては、直近の Steam Link 騒動を受けて変更したかのような内容。これなら iOS 版の Steam Link が配信できるかも。

プライバシー周りは、全体的に変更されています。おそらく、GDPR を意識したものかと思われますが、GDPR の対象関係無く対応が必要です。明示的に GDPR が登場するのは、5.1.1 と 5.1.4 の 2 箇所だけ。改修が多そうなのは、広告のターゲティング情報開示や同意取消あたりでしょうか。

今回からガイドラインには更新日が記載されるようになりました。「4.2.7 (b) の . 忘れ」「5.1.1 (ii) と (iv) の : 忘れ」、これらのタイポ修正が更新日に反映されるかどうかで、今後の更新日の扱いが判断できそう。

5.1.1 と 5.1.2 は既存項目ですが、内部構成が変わって新規情報が入り乱れているため、まとめて新規項目に分類しました。表記が ' から に変わっただけの箇所は修正項目から除外。

新規項目

1.6 Data Security

収集したユーザ情報に対して適切なセキュリティ対策が必要。

Apps should implement appropriate security measures to ensure proper handling of user information collected pursuant to the Apple Developer Program License Agreement and these Guidelines (see Guideline 5.1 for more information) and prevent its unauthorized use, disclosure, or access by third parties.

2.3.12 アプリの変更点は「新機能」に明確に記述。

Apps must clearly describe new features and product changes in their “What’s New” text. Simple bug fixes, security updates, and performance improvements may rely on a generic description, but more significant changes must be listed in the notes.

2.5.14 ユーザの活動情報を記録するための要求は視覚的に明示。

Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity. This includes any use of the device camera, microphone, or other user inputs.

2.5.15 ファイル管理の対象に Files アプリ と iCloud ドキュメントを含める必要有。

Apps that enable users to view and select files should include items from the Files app and the user’s iCloud documents.

3.1.1 In-App Purchase:

● 非サブスクリプションアプリは非消耗型アイテム (Tier 0) で試用期間の提供が可能。事前に試用期間後の制限や価格を明示。

Non-subscription apps may offer a free time-based trial period before presenting a full unlock option by setting up a Non-Consumable IAP item at Price Tier 0 that follows the naming convention: “14-day Trial.” Prior to the start of the trial, your app must clearly identify its duration, the content or services that will no longer be accessible when the trial ends, and any downstream charges the user would need to pay for full functionality. Learn more about managing content access and the duration of the trial period using Receipts and Device Check.

3.1.2(a) Permissible uses:

● 自動更新アプリは試用期間の提供が可能。悪徳商法に対しては開発者登録を抹消。

Auto-renewing subscription apps may offer a free trial period to customers by providing the relevant information set forth in App Store Connect. Apps that attempt to trick users into purchasing a subscription under false pretenses or engage in bait-and-switch practices will be removed from the App Store and you may be removed from the Apple Developer Program. Learn more about Subscription Free Trials.

3.1.3(b) Multiplatform Services:

マルチプラットフォーム展開のアプリは他所で購入したコンテンツの利用を許可。アプリ内購入を阻害するような施策は不可。

Apps that operate across multiple platforms may allow users to access content, subscriptions, or features they have acquired elsewhere, including consumable items in multi-platform games, provided those items are also available as in-app purchases within the app. You must not directly or indirectly target iOS users to use a purchasing method other than in-app purchase, and your general communications about other purchasing methods must not discourage use of in-app purchase.

3.1.5 (b) Cryptocurrencies:

旧内容は 新 (iv) と同等。

● (i) Wallets: 組織の開発者であれば仮想通貨ストレージの促進が可能。

Apps may facilitate virtual currency storage, provided they are offered by developers enrolled as an organization.

● (ii) Mining: デバイス上での仮想通貨マイニングは不可。

Apps may not mine for cryptocurrencies unless the processing is performed off device (e.g. cloud-based mining).

● (iii) Exchanges: 取引所公式であれば仮想通貨取引の促進が可能。

Apps may facilitate transactions or transmissions of cryptocurrency on an approved exchange, provided they are offered by the exchange itself.

● (v) 成果報酬として仮想通貨の提供は不可。

Cryptocurrency apps may not offer currency for completing tasks, such as downloading other apps, encouraging other users to download, posting to social networks, etc.

3.1.7 Advertising:

表示する広告はアプリのレーティングに準拠。アプリ内でターゲティング情報を開示。ユーザの機密データを利用した広告は不可。ユーザ体験を妨げる広告には広告明記と閉じるボタンが必須。

Ads displayed in an app must be appropriate for the app’s age rating, allow the user to see all information used to target them for that ad (without requiring the user to leave the app), and may not engage in targeted or behavioral advertising based on sensitive user data such as health/medical data (e.g. from the HealthKit APIs), school and classroom data (e.g. from ClassKit), or from kids (e.g. from apps in the Kids Category), etc. Interstitial ads or ads that interrupt or block the user experience must clearly indicate that they are an ad, must not manipulate or trick users into tapping into them, and must provide easily accessible and visible close/skip buttons large enough for people to easily dismiss the ad.

without requiring the user to leave the app をアプリ内と解釈すると、広告 SDK の組み込みに一手間加わるはず。

3.2.2 Unacceptable

(ix) 使用条件の付加。レビューや他アプリのダウンロードの強要。

Apps must not force users to rate the app, review the app, download other apps, or perform other similar actions in order to access functionality, content, or use of the app.

(vi) の後半とほぼ同意なのでは…。

4.2.3

● (ii) バイナリには十分なコンテンツを用意。

Make sure you include sufficient content in the binary for the app to function at launch.

● (iii) 追加リソースをダウンロードする場合はダウンロードサイズを事前に開示。既存アプリは 2019 年以降遵守。

If your app needs to download additional resources, disclose the size of the download and prompt users before doing so. Existing apps must comply with this guideline in any update submitted after January 1, 2019.

4.2.7 Remote Application Mirroring:

リモートデスクトップアプリによる特定ソフトウェアのミラーリング条件:

If your remote desktop app acts as a mirror of specific software or services rather than a generic mirror of the host device, it must comply with the following:

(a) ホストデバイスはユーザ所有の PC でローカルネットワーク接続。

The host device is a personal computer owned by the user, and both the host and client must be connected on a local and LAN-based network.

(b) クライアントソフトウェアはホスト画面の内容を表示。ストリーミングを超える利用は不可。

Any software or services appearing in the client are fully rendered on the screen of the host device, and may not use APIs or platform features beyond what is required to stream the Remote Desktop

(c) すべてのアカウント管理はホストデバイスから開始。

All account creation and management must be initiated from the host device.

(d) iOS や App Store に類似する UI は不可。ストアのようなインターフェースは不可。決済がホスト側の処理であればアプリ内購入を使用する必要無し。

The UI appearing on the client does not resemble an iOS or App Store view, does not provide a store-like interface, or include the ability to browse, select, or purchase software not already owned or licensed by the user. For the sake of clarity, transactions taking place within mirrored software do not need to use in-app purchase, provided the transactions are processed on the host device.

4.5.6 Apple 絵文字は他環境で表示できない可能性有。

Apps may use Unicode characters that render as Apple emojis in their app and app metadata. Apple emojis may not be used on other platforms or embedded directly in your app binary.

5.1.1 Data Collection and Storage

旧 (iii) と 新 (vi)、旧 (iv) と 新 (vii) は同等。

(i) Privacy Policies: プライバシーポリシーへのリンクは App Store Connect のメタデータとアプリ内に含める必要有。明確にする事項:

All apps must include a link to their privacy policy in the App Store Connect metadata field and within the app in an easily accessible manner. The privacy policy must clearly and explicitly:

■ サービスが収集するデータの収集方法と使用用途。

Identify what data, if any, the app/service collects, how it collects that data, and all uses of that data.

■ ユーザデータを共有する第三者。

Confirm that any third party with whom an app shares user data (in compliance with these Guidelines) — such as analytics tools, advertising networks and third party SDKs, as well as any parent, subsidiary or other related entities that will have access to user data — will provide the same or equal protection of user data as stated in the app’s privacy policy and required by these Guidelines.

■ データ保持ポリシー。同意取消や削除依頼の方法。

Explain its data retention/deletion policies and describe how a user can revoke consent and/or request deletion of the user’s data.

(ii) Permission ユーザデータの収集には同意が必要。同意許可に依存する有料機能は不可。簡単に同意を取り消せる必要有。GDPR など適用法律を遵守。

Apps that collect user or usage data must secure user consent for the collection. Paid functionality must not be dependent on or require a user to grant access to this data. Apps must also provide the customer with an easily accessible and understandable way to withdraw consent. Ensure your purpose strings clearly and completely describe your use of the data. Apps that collect data for a legitimate interest without consent by relying on the terms of the European Union’s General Data Protection Regulation (“GDPR”) or similar statute must comply with all terms of that law. Learn more about Requesting Permission.

(iii) Data Minimization: 主機能に関連する必要なデータのみ収集。ピッカーや共有シートの使用を推奨。

Apps should only request access to data relevant to the core functionality of the app and should only collect and use data that is required to accomplish the relevant task. Where possible, use the out-of-process picker or a share sheet rather than requesting full access to protected resources like Photos or Contacts.

(iv) Access データアクセスに対する同意の強要は不可。同意しない場合のための代替案の用意を推奨。

Apps must respect the user’s permission settings and not attempt to manipulate, trick, or force people to consent to unnecessary data access. For example, apps that include the ability to post photos to a social network must not also require microphone access before allowing the user to upload photos. Where possible, provide alternative solutions for users who don’t grant consent. For example, if a user declines to share Location, offer the ability to manually enter an address.

(v) Account Sign-In: 重要なアカウント機能がない場合はログイン不要で使用できる必要有。主機能や法的に必要性がない個人情報の要求は不可。主機能が対象の SNS と無関係の場合はログイン以外の仕組みが必要。プロフィールの取得や共有・招待は主機能枠外。アプリに SNS 連携を無効化する仕組みが必要。

If your app doesn’t include significant account-based features, let people use it without a log-in. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or inviting friends to use the app are not considered core app functionality. The app must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app. An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.

前半は旧 (ii) と同等。

文末の SNS トークン保存について、social networks off of the device は iOS 11 で廃止された social.framework を指しているものとして解釈。解釈が違っていた場合、影響範囲大かも。

5.1.2 Data Use and Sharing

旧 (iii) と 新 (vi)、旧 (iv) と 新 (vii) は同等。

(i) 事前許可を得ない個人情報使用は不可。データの用途説明は必須。収集したデータは動作改善や広告の目的で第三者と共有が可能。違反者は開発者登録を抹消。

Unless otherwise permitted by law, you may not use, transmit, or share someone’s personal data without first obtaining their permission. You must provide access to information about how and where the data will be used. Data collected from apps may only be shared with third parties to improve the app or serve advertising (in compliance with the Apple Developer Program License Agreement.). Apps that share user data without user consent or otherwise complying with data privacy laws may be removed from sale and may result in your removal from the Apple Developer Program.

一部は旧 (i) と同等。

(ii) 収集したデータは同意を得た目的以外で利用不可。

Data collected for one purpose may not be repurposed without further consent unless otherwise explicitly permitted by law.

一部は旧 (ii) と同等。

(iii) 収集したデータによるユーザプロファイリングは不可。

Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way.

一部は旧 (i) と同等。

(iv) API から取得したユーザデータで連絡先データベースの構築は不可。解析目的でユーザデバイスの他アプリの情報収集は不可。

Do not use information from Contacts, Photos, or other APIs that access user data to build a contact database for your own use or for sale/distribution to third parties, and don’t collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing.

(v) 「連絡先」や「写真」経由の情報で連絡は不可。ユーザ主導かつ全選択機能がなければ対象外。送信前には内容の明示が必要。

Do not contact people using information collected via a user’s Contacts or Photos, except at the explicit initiative of that user on an individualized basis; do not include a Select All option or default the selection of all contacts. You must provide the user with a clear description of how the message will appear to the recipient before sending it (e.g. What will the message say? Who will appear to be the sender?).

5.5 Developer Code of Conduct

すべてに敬意を。

Please treat everyone with respect, whether in your responses to App Store reviews, customer support requests, or when communicating with Apple, including your responses in Resolution Center. Do not engage in harassment of any kind, discriminatory practices, intimidation, bullying, and don’t encourage others to engage in any of the above.

顧客の信頼を大切に。

Customer trust is the cornerstone of the App Store’s success. Apps should never prey on users or attempt to rip-off customers, trick them into making unwanted purchases, force them to share unnecessary data, raise prices in a tricky manner, charge for features or content that are not delivered, or engage in any other manipulative practices within or outside of the app.

修正項目

1.3 Kids Category

キッズカテゴリのアプリは子ども向けに最適化。外部リンクや課金には親の承認が必要。カテゴリ変更後も要望次第ではキッズカテゴリ要件に従う必要有。

The Kids Category is a great way for people to easily find apps that are designed for children. If you want to participate in the Kids Category, you should focus on creating a great experience specifically for younger users. These apps must not include links out of the app, purchasing opportunities, or other distractions to kids unless reserved for a designated area behind a parental gate. Keep in mind that once customers expect your app to follow the Kids Category requirements, it will need to continue to meet these guidelines in subsequent updates, even if you decide to deselect the category. Learn more about parental gates.

appropriate for children から designed for children に変更。

1.5 Developer Information

サポート URL 導線は簡略化。正確かつ最新でない連絡先情報は国により法律違反。Wallet パスには発行者の連絡先と所有者の署名が必要。

People need to know how to reach you with questions and support issues. Make sure your app and its Support URL include an easy way to contact you; this is particularly important for apps that may be used in the classroom. Failure to include accurate and up-to-date contact information not only frustrates customers, but may violate the law in some countries. Also ensure that Wallet passes include valid contact information from the issuer and are signed with a dedicated certificate assigned to the brand or trademark owner of the pass.

Make sure your Support URL includes an easy way to reach you. から your app and its Support URL include an easy way to contact you; に変更。

this is particularly important for apps that may be used in the classroom. を追記。

2.3.6 App Store Connect のレーティング質問は誠実に回答。誤ったレーティングは政府規制対象。レーティングに関わるコンテンツは地域ごとに対応。

Answer the age rating questions in App Store Connect honestly so that your app aligns properly with parental controls. If your app is mis-rated, customers might be surprised by what they get, or it could trigger an inquiry from government regulators. If your app includes media that requires the display of content ratings or warnings (e.g. films, music, games, etc.), you are responsible for complying with local requirements in each territory where your app is available.

iTunes Connect から App Store Connect に変更。

If your app includes media that requires the display of content ratings or warnings (e.g. films, music, games, etc.), you are responsible for complying with local requirements in each territory where your app is available. を追記。

2.3.7 ユニークなアプリ名と正確なキーワードを指定。アプリ名は 30 文字まで。名前以外の記述を含めることは不可。不適切なキーワードは Apple により変更。

Choose a unique app name, assign keywords that accurately describe your app, and don’t try to pack any of your metadata with trademarked terms, popular app names, or other irrelevant phrases just to game the system. App names must be limited to 30 characters and should not include prices, terms, or descriptions that are not the name of the app. App subtitles are a great way to provide additional context for your app; they must follow our standard metadata rules and should not include inappropriate content, reference other apps, or make unverifiable product claims. Apple may modify inappropriate keywords at any time or take other appropriate steps to prevent abuse.

or take other appropriate steps to prevent abuse を追記。

2.4.2 バッテリー消耗・発熱・リソース消費が激しいアプリは不可。無関係なバックグラウンド処理は不可。

Design your app to use power efficiently. Apps should not rapidly drain battery, generate excessive heat, or put unnecessary strain on device resources. Apps, including any third party advertisements displayed within them, may not run unrelated background processes, such as cryptocurrency mining.

Apps, including any third party advertisements displayed within them, may not run unrelated background processes, such as cryptocurrency mining. を追記。

2.4.4 デバイスの再起動や無関係なシステム変更の要求は不可。

Apps should never suggest or require a restart of the device or modifications to system settings unrelated to the core functionality of the application. For example, don’t encourage users to turn off Wi-Fi, disable security features, etc.

or modifications to system settings unrelated to the core functionality of the application. For example, don’t encourage users to turn off Wi-Fi, disable security features, etc を追記。

2.5.2 アプリは自己完結型。指定領域外のアクセス不可。他実行形式の取り扱い不可。表示編集が可能な開発用コードのみダウンロードを許可。

Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces or changes features or functionality of the app, including other apps. Educational apps designed to teach, develop, or allow students to test executable code may, in limited circumstances, download code provided that such code is not used for other purposes. Such apps must make the source code provided by the Application completely viewable and editable by the user.

which introduces or changes features or functionality of the app を追記。

2.5.11 SiriKit and Shortcuts

項目名を SiriKit から SiriKit and Shortcuts に変更。

(ii) plist 定義の語彙やフレーズと Siri 機能の関係を要確認。エイリアスに他者サービス名を含めることは不可。

Ensure that the vocabulary and phrases in your plist pertains to your app and the Siri functionality of the intents the app has registered for. Aliases must relate directly to your app or company name and should not be generic terms or include third party app names or services.

SiriKit functionality から Siri functionality に変更。

(iii) Siri とのやりとりに広告の挿入は不可。タスク完了に必要な場合のみ別途要求が可能。

Resolve the Siri request or Shortcut in the most direct way possible and do not insert ads or other marketing between the request and its fulfillment. Only request a disambiguation when required to complete the task (e.g. asking the user to specify a particular type of workout).

or Shortcut を追記。

present interstitial UI から request a disambiguation に変更。

2.5.13 顔認証には LocalAuthentication を使用。13 歳未満には代替の認証機能を用意。

Apps using facial recognition for account authentication must use LocalAuthentication (and not ARKit or other facial recognition technology) where possible, and must use an alternate authentication method for users under 13 years old.

where possible を追記。

わざわざ追記しているので、緩和された?

3.1.1 In-App Purchase:

● 機能制限の解除には使用必須。アプリ内課金以外の課金導線は不可。コンテンツや機能の解除コードは使用不可。

If you want to unlock features or functionality within your app, (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc. Apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase.

use in-app purchase currencies to enable customers to “tip” digital content providers in the app が別項目として分離。

not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc を追記。(旧 3.1.4 と同等)

3.1.2(c) Subscription Information: 登録前に課金内容を明示。「契約/税金/口座情報」の契約別紙 2 の要件を伝えているか要確認。

Before asking a customer to subscribe, you should clearly describe what the user will get for the price. How many issues per month? How much cloud storage? What kind of access to your service? Ensure you clearly communicate the requirements described in Schedule 2 of the Apple Developer Program License Agreement, found in Agreements, Tax, and Banking.

Also ensure から Ensure に変更。

your agreement から the Apple Developer Program License Agreement, found に変更。

3.1.3(a) “Reader” Apps: 課金導線がなければ購入済みコンテンツの利用は可能。

Apps may allow a user to access previously purchased content or content subscriptions (specifically: magazines, newspapers, books, audio, music, video, access to professional databases, VoIP, cloud storage, and approved services such as classroom management apps), provided that you agree not to directly or indirectly target iOS users to use a purchasing method other than in-app purchase, and your general communications about other purchasing methods are not designed to discourage use of in-app purchase.

educational apps that manage student grades and schedules), as well as consumable items in multi-platform games から classroom management apps) に変更。

3.1.4 Hardware-specific Content: 環境に依存する機能の解除はアプリ内課金の適用外。認可製品と連携する機能にはアプリ内課金の使用も可能。機能解除に無関係な要求は不可。

In limited circumstances, such as when features are dependent upon specific hardware to function, the app may unlock that functionality without using in-app purchase (e.g. an astronomy app that adds features when synced with a telescope). App features that work in combination with an approved physical product (such as a toy) on an optional basis may unlock functionality without using in-app purchase, provided that an in-app purchase option is available as well. You may not, however, require users to purchase unrelated products or engage in advertising or marketing activities to unlock app functionality.

項目名を Content Codes から Hardware-specific Content に変更。

Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc. が消滅。(3.1.1 に移動)

3.1.5 (a) Goods and Services Outside of the App: 物品や外部サービスの支払いはアプリ内課金の適用外。

If your app enables people to purchase goods or services that will be consumed outside of the app, you must use purchase methods other than in-app purchase to collect those payments, such as Apple Pay or traditional credit card entry.

項目名を Physical Goods and Services Outside of the App から Goods and Services Outside of the App に変更。

4.5.1 Apple RSS フィードは使用可能。Apple サイト情報のスクレイピングやランキング作成は不可。

Apps may use approved Apple RSS feeds such as the iTunes Store RSS feed, but may not scrape any information from Apple sites (e.g. apple.com, the iTunes Store, App Store, App Store Connect, developer portal, etc.) or create rankings using this information.

iTunes Connect から App Store Connect に変更。

4.5.4 プッシュ通知に依存する機能は不可。広告や機密情報の送信は不可。乱用は機能停止。

Push Notifications must not be required for the app to function, and should not be used for advertising, promotions, or direct marketing purposes or to send sensitive personal or confidential information. Abuse of these services may result in revocation of your privileges.

Abuse of these services may result in revocation of your privileges. を追記。

4.7 HTML5 Games, Bots, etc.

ストア形式でなければ他者提供のコードを実行可能。ソフトウェアは (1) 無料かアプリ内課金、(2) WebKit 内の機能限定、(3) Apple Developer Program の開発者提供、(4) App Review Guidelines を遵守。アプリ審査のため URL と Apple Developer Program Team ID を含める必要有。

Apps may contain or run code that is not embedded in the binary (e.g. HTML5-based games, bots, etc.), as long as code distribution isn’t the main purpose of the app, the code is not offered in a store or store-like interface, and provided that the software (1) is free or purchased using in-app purchase; (2) only uses capabilities available in a standard WebKit view (e.g. it must open and run natively in Safari without modifications or additional software); your app must use WebKit and JavaScript Core to run third party software and should not attempt to extend or expose native platform APIs to third party software; (3) is offered by developers that have joined the Apple Developer Program and signed the Apple Developer Program License Agreement; and (4) adheres to the terms of these App Review Guidelines (e.g. does not include objectionable content). Upon request, you must provide an index of software and metadata available in your app. It must include Apple Developer Program Team IDs for the providers of the software along with a URL which App Review can use to confirm that the software complies with the requirements above.

(e.g. it must open and run natively in Safari without modifications or additional software) を追記。

It must include Apple Developer Program Team IDs for the providers of the software along with a URL which App Review can use to confirm that the software complies with the requirements above. を追記。

5.1 Privacy

適用法令と Apple Developer Program License Agreement を遵守。具体的な注意事項:

Protecting user privacy is paramount in the Apple ecosystem, and you should use care when handling personal data to ensure you’ve complied with privacy best practices, applicable laws and the terms of the Apple Developer Program License Agreement, not to mention customer expectations. More particularly:

privacy best practices を追記。

5.1.3 Health and Health Research

(i) HealthKit API などから収集した健康・フィットネス・医療データは同意を得たヘルスケア以外の目的に使用不可。

Apps may not use or disclose to third parties data gathered in the health, fitness, and medical research context—including from the Clinical Health Records API, HealthKit API, Motion and Fitness, MovementDisorderAPIs, or health-related human subject research—for advertising, marketing, or other use-based data mining purposes other than improving health management, or for the purpose of health research, and then only with permission.

Clinical Health Records APIMovementDisorderAPIs を追記。

marketing を追記。

5.1.4 Kids

COPPA, GDPR や同等の法令を遵守。

For many reasons, it is critical to use care when dealing with personal data from kids, and we encourage you to carefully review all the requirements for complying with laws like the Children’s Online Privacy Protection Act (“COPPA”), the European Union’s General Data Protection Regulation (“GDPR”), and any international or local equivalents.

the European Union’s General Data Protection Regulation (“GDPR”) を追記。

international equivalents から international or local equivalents に変更。

5.1.5 Location Services

位置情報は関連機能にのみ使用。位置情報の API は緊急通報や小機器以外の制御に使用不可。位置情報の取り扱いは事前同意が必要。位置情報を使うアプリは用途を説明。

Use Location services in your app only when it is directly relevant to the features and services provided by the app. Location-based APIs shouldn’t be used to provide emergency services or autonomous control over vehicles, aircraft, and other devices, except for small devices such as lightweight drones and toys, or remote control car alarm systems, etc. Ensure that you notify and obtain consent before collecting, transmitting, or using location data. If your app uses location services, be sure to explain the purpose in your app; refer to the Human Interface Guidelines for best practices on doing so.

background location services から location services に変更。

5.4 VPN Apps

VPN には NEVPNManager を使用。組織の開発者限定。使用用途を明示。対象地域の法令を遵守。ライセンス情報は App Review Notes に記載。

Apps offering VPN services must utilize the NEVPNManager API and may only be offered by developers enrolled as an organization. You must make a clear declaration of what user data will be collected and how it will be used. VPN apps must not violate local laws, and if you choose to make your VPN app available in a territory that requires a VPN license, you must provide your license information in the App Review Notes field.

may only be offered by developers enrolled as an organization を追記。