Apple updates App Store rules on data use, age-gating, external software, and loan app disclosures

Apple introduced several notable updates across its App Store Review Guidelines and Developer Program policies.

Apple now requires developers to clearly disclose where personal data will be used when sharing data with third parties. Apps may not use Apple-provided APIs or collected data to build contact databases or for advertising, and any app that shares user data without consent or violates privacy law may be removed from the App Store.

The guidelines also add a new restriction stating that developers cannot reuse another developer’s icon, brand, or product name without approval. For apps offering embedded software such as HTML5 mini apps or game emulators, Apple maintains that all such software must follow App Store rules, and developers may not expose native platform APIs without Apple’s permission.

A new requirement clarifies that apps must provide age-restriction mechanisms when creator content exceeds the app’s declared age rating. This aligns age-gating rules across creator- and user-generated content categories.

Furthermore, Apple updated its App Store rules to explicitly include crypto exchanges in the list of highly regulated services that must be operated by a legal entity and may require geographic restrictions, thereby tightening compliance expectations for apps handling sensitive financial activities.

Apple also tightened its standards for financial-service apps: loan apps must disclose all loan terms and cannot charge an APR above 36%, ensuring clear, enforceable consumer-protection standards.

These updates reflect Apple’s broader trend toward enforcing stricter privacy practices, transparency in developer behavior, and heightened consumer protection within the App Store.