Apple has found itself under increased scrutiny in light of the public finding out that social service Path was storing contact data without first obtaining user permissions. The concerns weren’t about Apple’s lack of policy, as the App Store Review Policy states that an application must obtain user consent before collecting personal data, but rather Apple’s (lack of) enforcement of said policy.
In response to the increased criticism, Apple is laying down the iron fist for applications found to be in violation of the Review Policy. The third-party Twitter client Tweetbot has received an official rejection notice on version 2.2 of their application, with Apple noting that Tweetbot collects the device’s UDID every time the application is launched. For it’s part, Tweetbot notes that they only collect this information to match up against their push notification records so users don’t have to re-enter these settings if they delete and re-install the application.
Tweetbot had already figured a way to work around the need to collect the UDID in version 2.3 of Tweetbot, and pushed code from that upcoming version to the currently available version 2.2 to get back in compliance. Still, the fact that Tweetbot (and others) are starting to receive these rejection notices should serve as a warning to other applications that store potentially identifying user information without first acquiring user consent. Unless developers change this practice, their applications can and will be removed from Apple’s App Store.
[via Tapbots]
