How Apple’s Upcoming Services Will Protect Your Privacy



With Apple’s September 9 event less than a week away, all discussion of the company seems divided between two topics: last weekend’s iCloud hack, which saw the cloud storage accounts of a number of celebrities targeted, and the impending launch of the iPhone 6 and the iWatch wearable device. Amid reports and rumors on both fronts, and mixed discussions of privacy concerns and excitement over new devices and a new mobile operating system, Apple has published new App Store regulations that begin to reveal how it will protect your privacy with iOS 8.

New App Store guidelines are beginning to answer the question of how Apple will protect the sensitive data collected by iPhone sensors, wearable devices, and health-related apps. On Tuesday, Apple updated its App Store Review Guidelines to restrict apps from storing consumers’ health data in iCloud with the advent of the HealthKit framework expected with iOS 8 and the new iPhone 6. It’s these guidelines against which apps submitted to the App Store are judged, and Apple’s choice to update them now enables developers to get a better idea of what Apple will require of apps using the HealthKit and HomeKit frameworks, plus other features like the app beta-testing program TestFlight and the new app extensions framework that enables apps to share data with each other.

As a quick review, HealthKit is a framework for third-party app developers and hardware manufacturers. The platform aggregates and stores the health-related data that apps and devices collect, and users will access the information via the Health app, where they will also control what information is tracked and shared.

HomeKit is another framework for iOS 8 that will enable third-party apps and hardware for the smart home to communicate with each other, and to be controlled and configured by the user. The policies are especially important as Apple is expected to announce the iWatch, the popular name for an as-yet-unannounced wearable device reportedly equipped with a variety of sensors for health tracking. According to Re/Code’s John Paczkowski, the iWatch will also integrate with HomeKit, possibly as a point of control for the connected devices.

Last week, as AppleInsider reported, Apple detailed restrictions of developers’ use of HealthKit data in the licensing agreement of the latest iOS 8 beta. The rules prohibit developers from selling or otherwise distributing the sensitive data collected by the HealthKit framework, and dictate that developers can’t use the data “for any purpose other than providing health and/or fitness services.” Apps using the HealthKit API are also required to provide privacy policies to users.

On Tuesday, Apple followed up those restrictions by adding new information to its App Store Review Guidelines page. Apps using the HealthKit framework are prohibited from storing users’ health information in iCloud, and the App Store will reject HealthKit-integrated apps that do store health information in iCloud.

These restrictions are an important, if predictable step given the sensitive nature of the data that HealthKit will aggregate. HealthKit-integrated apps can’t use HealthKit data for advertising, data mining, or any purpose other than “improving health, medical, and fitness management, or for the purpose of medical research.” Apps using the HealthKit framework will also need to provide a privacy policy, and any app that provide diagnoses, treatment advice will have to provide Apple with written proof of regulatory approval “upon request.”

Here are Apple’s full review guidelines for apps integrating with the HealthKit framework:

“27.1 Apps using the HealthKit framework must comply with applicable law for each Territory in which the App is made available, as well as Sections 3.3.28 and 3.39 of the iOS Developer Program License Agreement

27.2 Apps that write false or inaccurate data into HealthKit will be rejected

27.3 Apps using the HealthKit framework that store users’ health information in iCloud will be rejected

27.4 Apps may not use user data gathered from the HealthKit API for advertising or other use-based data mining purposes other than improving health, medical, and fitness management, or for the purpose of medical research

27.5 Apps that share user data acquired via the HealthKit API with third parties without user consent will be rejected

27.6 Apps using the HealthKit framework must indicate integration with the Health app in their marketing text and must clearly identify the HealthKit functionality in the app’s user interface

27.7 Apps using the HealthKit framework must provide a privacy policy or they will be rejected

27.8 Apps that provide diagnoses, treatment advice, or control hardware designed to diagnose or treat medical conditions that do not provide written regulatory approval upon request will be rejected”

As 9to5Mac reported in June, Apple has consulted with the FDA, presumably on the HealthKit framework and its ability to aggregate data not only from the iPhone’s sensors, but from third-party apps and devices as well. But if Apple is planning on positioning HealthKit to handle clinical records and true medical information instead of the simple fitness and activity data that most current apps and wearable devices collect, HealthKit may come under HIPAA — Health Insurance Portability and Accountability Act — regulations for the privacy of personal data.

As we recently reported, a system like HealthKit blurs the line between services created for consumer use and services created for use by professionals in the healthcare industry. That ambiguity makes it harder to predict whether HealthKit itself will need to be HIPAA-compliant (because it allows apps to share data with each other, it should) and if individual app developers will also need to ensure that the way their apps handle data is HIPAA-compliant (for the sake of consumers’ privacy and security, they also should).

The review guidelines’ clause that “Apps that provide diagnoses, treatment advice, or control hardware designed to diagnose or treat medical conditions that do not provide written regulatory approval upon request will be rejected” hints at the necessity of HIPAA compliance, particularly for apps that deal with sensitive medical information or share that information with healthcare providers, clinics, or hospitals.

Developers may find themselves relying on one of a number of companies that offer frameworks to develop HIPAA-compliant apps, or offer compliance as a service to obtain the “regulatory approval” that Apple may request. While details are still relatively sparse, it does seem that Apple intends to develop HealthKit into a platform for real medical data, and is taking privacy and security seriously from the beginning.

In Tuesday’s update, Apple also added similar rules concerning the use of HomeKit, requiring all apps that use the HomeKit API to serve a primary purpose of providing home automation services, and clearly indicate that purpose in their marketing materials. Developers cannot use the data gathered for advertising or other data mining, and apps that gather HomeKit data for any purpose other than improving their user experience or hardware and software performance in providing home automation services will be rejected by the App Store. As with HealthKit, a solid assurance of privacy and security is a necessary first step in getting consumers to adopt the platform, and the devices that go with it. Here are Apple’s review guidelines for apps that integrate with HomeKit:

“26.1 Apps using the HomeKit framework must have a primary purpose of providing home automation services

26.2 Apps using the HomeKit framework must indicate this usage in their marketing text and they must provide a privacy policy or they will be rejected

26.3 Apps must not use data gathered from the HomeKit APIs for advertising or other use-based data mining

26.4 Apps using data gathered from the HomeKit API for purposes other than improving the user experience or hardware/software performance in providing home automation functionality will be rejected”

With iOS 8, Apple is also introducing extensions, which most people think of as a way for third-party apps to communicate with each other. As Ars Technica explained in June, there’s actually a lot more to it than that, and there are a number of different kinds of extensions that allow third-parties to access the operating system.

Today, extensions, also called widgets, deliver information via the Today view in the Notification Center. Share extensions enable the posting of photos, links, and other files from an app to an online service. Action extensions enable users to work with content within another app, like editing a photo embedded in a text document or translating the text in a Safari window. Photo Editing extensions enable users to call up an app to edit an image they’re viewing in Photos, and keep both the edited image and the original. Storage Provider extensions enable productivity apps to open documents from a variety of cloud services. Custom keyboard extensions replace the default Apple keyboard with a third-party keyboard.

Apple’s new guidelines specify that extensions need to be useful, functional without network access, provide users with a privacy policy, and can only collect user data to improve their functionality. They also can’t include marketing, advertising, or in-app purchases. The following is Apple’s full list of guidelines for extensions submitted to the App Store:

“25.1 Apps hosting extensions must comply with the App Extension Programming Guide

25.2 Apps hosting extensions must provide some functionality (help screens, additional settings) or they will be rejected

25.3 Apps hosting extensions that include marketing, advertising, or in-app purchases in their extension view will be rejected

25.4 Keyboard extensions must provide a method for progressing to the next keyboard

25.5 Keyboard extensions must remain functional with no network access or they will be rejected

25.6 Keyboard extensions must provide Number and Decimal keyboard types as described in the App Extension Programming Guide or they will be rejected

25.7 Apps offering Keyboard extensions must have a primary category of Utilities and a privacy policy or they will be rejected

25.8 Apps offering Keyboard extensions may only collect user activity to enhance the functionality of their keyboard extension on the iOS device or they may be rejected”

While the new guidelines – and the App Store Review Guidelines in general — are aimed at keeping the App Store stocked with quality apps and free of nonfunctional, amateur, or “creepy” apps, the policy of keeping user data from HealthKit and HomeKit off-limits for advertising is also likely aimed at differentiating Apple from tech companies like Google or Facebook, which rely on user data to target ads and drive revenue. Especially when it comes to health data, or data on when you’re coming and going from your home, it’s increasingly important for Apple to demonstrate that its platforms are secure, and keep the data that consumers will share through them private.

Additionally, trust is critical to the Apple brand, a brand that many trust not only because its products are known for working seamlessly out of the box but also because most malware and other malicious software target platforms other than OS X and iOS. While the ill-timed news of the iCloud hack seems unlikely to deter many consumers from adopting new Apple products and services, the news just makes it abundantly clear that as the modern consumer trusts their smartphone and cloud storage provider with increasingly sensitive data and files, the ability to keep that information private and secure is a critical feature of each new platform.

More From Tech Cheat Sheet: