Making a HealthKit app? Keep its data out of iCloud, Apple warns developers

Making a HealthKit app? Keep its data out of iCloud, Apple warns developers

Summary: Apple lays out the reasons why it could reject new apps that use its HealthKit and HomeKit framework.

SHARE:
TOPICS: Mobility, Apple, iOS
1

Ahead of the release of iOS 8 and HealthKit, Apple has updated its App Store review guidelines, warning developers to keep HealthKit data out of iCloud.

Ahead of Apple's September 9 media event, where it's expected to unveil up to two new iPhones and possibly a wearable device, Apple has listed new dos and don'ts that it will be judging any apps submitted for App Store review against.

The updated version of its App Store Review Guidelines now explains how apps should use new iOS 8 features, including the HomeKit and HealthKit frameworks, its app beta testing program TestFlight, and the new app extensions framework for inter-app data-sharing.

Apple has already said that selling HealthKit data to ad networks would violate its new iOS developer program license agreement, while the new review guidelines clarify further constraints. Apple warns that: "apps using the HealthKit framework that store users' health information in iCloud will be rejected."

The guidance is not surprising given the sensitivity and regulation of health data, but comes on the heels of this week's iCloud celebrity photo leak fiasco.

Apple yesterday denied an iCloud flaw facilitated the leak, pointing instead to hackers compromising some celebrities' iCloud accounts through user names, passwords and security questions.

Similar to its recent review guidance on Bitcoin apps, apps using HealthKit need to comply with applicable laws in each territory where they're made available.

As per its developer agreement, apps will be rejected if they share HealthKit data with third parties without user consent. The apps also must clearly identify HealthKit functionality in their user interfaces, and have a privacy policy. Meanwhile, any app that provides diagnosis and treatment advice will need written regulatory approval.

Similar restrictions on disclosure and advertising apply to apps that use its HomeKit framework for home automation apps. "Apps must not use data gathered from the HomeKit APIs for advertising or other use-based data mining," Apple states. Apps that use HomeKit also need to provide home automation services, and clearly mark that they use HomeKit.

iOS 8 also brings Extensions, Apple's new way for supporting apps talking with each other, new widgets in its Today view of the Notification Center, custom keyboards, and photo editing. Basically, apps that host extensions must be useful, shouldn't include advertising or in-app purchases, while keyboard extensions need to be able to function without network access, and all must include a privacy policy.

As Apple noted in its new monthly top 10 reasons for rejection during app review, the company will reject beta apps. The company's official beta testing program, TestFlight, caters to unfinished apps, but still comes with strict rules, including that they must comply with the full App Review Guidelines and be intended for public distribution. Developers will need to submit apps for review whenever a build contains material changes to content or functionality, and mustn't compensate testers for trying out the app.

Read more on this story

Topics: Mobility, Apple, iOS

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • User Consent for Data Sharing...

    "As per its developer agreement, apps will be rejected if they share HealthKit data with third parties without user consent..."

    Shouldn't *EVERY* app ask for user consent before sharing data with a third party???
    mattyvx