Making a HealthKit app? Keep its data out of iCloud, Apple warns developers

Apple lays out the reasons why it could reject new apps that use its HealthKit and HomeKit framework.

Ahead of the release of iOS 8 and HealthKit, Apple has updated its App Store review guidelines, warning developers to keep HealthKit data out of iCloud.

Ahead of Apple's September 9 media event, where it's expected to unveil up to two new iPhones and possibly a wearable device, Apple has listed new dos and don'ts that it will be judging any apps submitted for App Store review against.

Read this

Apple bans iOS developers from selling HealthKit data to ad networks

No, developers will not be allowed to sell your health data for targeted advertising.

Read More

The updated version of its App Store Review Guidelines now explains how apps should use new iOS 8 features, including the HomeKit and HealthKit frameworks, its app beta testing program TestFlight, and the new app extensions framework for inter-app data-sharing.

Apple has already said that selling HealthKit data to ad networks would violate its  new iOS developer program license agreement , while the new review guidelines clarify further constraints. Apple warns that: "apps using the HealthKit framework that store users' health information in iCloud will be rejected."

The guidance is not surprising given the sensitivity and regulation of health data, but comes on the heels of this week's iCloud celebrity photo leak fiasco .

Apple yesterday denied an iCloud flaw  facilitated the leak, pointing instead to hackers compromising some celebrities' iCloud accounts through user names, passwords and security questions.

Similar to its recent review  guidance on Bitcoin apps , apps using HealthKit need to comply with applicable laws in each territory where they're made available.

As per its developer agreement, apps will be rejected if they share HealthKit data with third parties without user consent. The apps also must clearly identify HealthKit functionality in their user interfaces, and have a privacy policy. Meanwhile, any app that provides diagnosis and treatment advice will need written regulatory approval.

Similar restrictions on disclosure and advertising apply to apps that use its HomeKit framework for home automation apps. "Apps must not use data gathered from the HomeKit APIs for advertising or other use-based data mining," Apple states. Apps that use HomeKit also need to provide home automation services, and clearly mark that they use HomeKit.

iOS 8 also brings Extensions, Apple's new way for supporting apps talking with each other, new widgets in its Today view of the Notification Center, custom keyboards, and photo editing. Basically, apps that host extensions must be useful, shouldn't include advertising or in-app purchases, while keyboard extensions need to be able to function without network access, and all must include a privacy policy.

As Apple noted in its new monthly top 10 reasons for rejection during app review , the company will reject beta apps. The company's official beta testing program, TestFlight, caters to unfinished apps, but still comes with strict rules, including that they must comply with the full App Review Guidelines and be intended for public distribution. Developers will need to submit apps for review whenever a build contains material changes to content or functionality, and mustn't compensate testers for trying out the app.

Read more on this story