Apple delete account requirement: what you need to know

Data privacy is a growing concern, and Apple’s iOS delete account requirement empowers users with more control. Let's learn what this means for developers and users alike.

Data privacy remains a hot topic

The dual nature of data usage

‍Data has become a powerful tool, driving efficiency and profitability through analytics and machine learning. However, it also presents significant risks, from identity theft to unauthorized sales of personal information.

This duality has made data privacy a critical concern, with increasing public distrust in how personal data is collected and used.

The GDPR and the push for transparency

The General Data Protection Regulation (GDPR) has been pivotal in advancing data privacy worldwide. One of its notable provisions, Article 17, grants individuals the "right to be forgotten," enabling them to request the deletion of their personal data.

This principle has extended to mobile applications, compelling companies like Apple to implement measures such as the iOS delete account requirement.

Apple’s leadership in data privacy

As a major provider in the tech and data market, this is where the Apple delete account requirement comes in. 

‍As of June 30, 2022, Apple mandates that all apps in the App Store must allow users to delete their accounts and associated data easily and without delay.

This policy reflects a significant step towards improving user data privacy, whether driven by genuine concern or strategic marketing. It aligns with Apple's broader efforts to educate users and enforce transparency in data handling.

Understanding the Apple iOS delete account requirement

Why account deletion matters

Data shows the Apple store contains roughly 1.6 million Apps available for downloaded.

With a significant number of applications requiring the collection and use of data, regulation can become incredibly difficult. Add that to the fact that many developers are good at silently collecting data and much of the general populace doesn’t fully understand how data collection works, and a privacy uproar seems inevitable.

Take, for example, a health application that tracks steps taken, heart rate monitoring, manual input (diet, weight, height), etc. Users of this application expect their health data to be collected, but they might not realize, or second guess, that such apps also tend to collect user location. This is something many applications do, including several that have no direct use for location tracking. 

This is especially concerning if account creation is a significant part of the experience.

Account creation can provide both the developer and the user with several benefits. The user can keep track of personal statistics and progress depending on the purpose of the application while developers can keep track of user interest, user engagement, ways they can increase efficiency and interest within the app, etc.

Yet having an account within a database means data is being collected, and where data is being collected, an app store delete account requirement should be implemented.

A database works by creating a table within which data can be stored. A table can include information such as:

• Username
• Password (hidden and hashed if you are dealing with a developer who knows what they’re doing)
• Progress information
• Personal information

This last option is where issues can lie. 

Personal information held within a dataset includes personal email address, home address, billing address, current location, billing information, credit card information, etc.

The ease this personal information can be stored should not be taken lightly. Any company can sell this information to third-party companies; this is generally not for malicious purposes, merely a hefty profit.

The issue comes when a breach occurs and user data has become corrupted. Account deletion within apps plays a significant role in protecting your data, especially on iOS.

In the wrong hands, data can be a powerful tool for stealing identities, credit fraud, and human trafficking, amongst other questionable exploitations. While most major companies have a security system to avoid this, much of the public is better off not taking such risks, especially within such a vast library as Apple’s App Store.

Offering account deletion in your app is a significant way developers can help cut back on these issues.

‍

‍

What the requirement entails

Apple’s guidelines for account deletion are clear and comprehensive:

• Apps must allow users to delete their accounts if account creation is an app feature.
• The deletion process should be accessible, straightforward, and consistent across the app and external platforms (e.g., websites).
• Links to external account deletion options must not be buried in terms of service or hard to locate.
• All tokens and data associated with the account, including user-generated content, must be removed.

Apple also suggests optional features like temporary account deactivation or future deletion for users with active subscriptions.

Exemptions and caveats‍

Apps released before June 30, 2022, are exempt from this requirement unless they undergo updates. Additionally, regulated industries, such as banking and healthcare, may allow customer service interaction for account deletion, unlike most other apps.

Apple account deletion guidelines for developers

The Apple account deletion guidelines state that as a developer applying to the App Store, if you allow or help a user create an account within the app, you are also required to include an option to delete the account. There are several guidelines that Apple outlines in regards to this Apple account deletion requirement, as well as a few caveats. 

The following guidelines are given:

• Apple account creation must provide the capability for account deletion.
• Information that is clear and easy to follow regarding account deletion is required.
• Direct links must be provided if account deletion can only be done through a website.
• External website links provided must be easy to find and not buried in the Terms of Service.
• Tokens associated with accounts linked through Apple account creation must be revoked upon account deletion.
• Account deletion should be consistent across both the website and the App Store application.
• Users should be informed throughout the deletion process, including when account deletion is expected and when it has been completed.
• Users should be educated on how billing works during account cancellation if in-app purchases are supported.

While not required, Apple also states the importance of including multiple options for users, including:

• Immediate deletion of account records and personal data.
• Temporary account deactivation.
• Future account deletion. 

This latter account deletion request is useful in instances where users still have an active subscription that expires at some later date. In this case, communication with the user for when account deletion is expected and when the account has officially been deleted is expected. 

Apple also states that the deletion requirement is not extended to applications that were created in the App Store before June 30, 2022; however, any future updates that are pushed to these pre-marketed applications will require the inclusion of user access to account deletion.

Read more: In-app account deletion for iOS and Android

Apple account deletion FAQs

Any technical update brings a fair share of questions. Let’s explore some of the most frequently asked about account deletion within apps here. 

Can I send users to our customer service for account deletion?

It depends on how regulated the industry is. Regulated industries are defined in App Store Review Guideline 5.1.1(ix):

• Banking and financial services
• Healthcare
• Gambling
• Legal cannabis use
• Air travel

Customer service flows may facilitate account deletion in the case of regulated industries, including phone calls, emails, or other support flows. Apps that do not fall within these regulation requirements should not require customer service flow options for account deletion.

What can I do to make sure an account isn’t deleted by accident or by someone other than the account holder?

Ensuring an account isn’t accidentally deleted should be a top priority, and Apple backs up this idea. Steps can be included to verify identity and confirm intent to delete the account. This can include entering a code sent via email or phone number. 

How do I provide account deletion to users who sign in through their Apple account?

Apple’s built-in API, Apple REST, should be used to revoke user tokens upon account deletion. This will remove any tokens that tie the user’s Apple account to the application.

Does account deletion need to be immediate and automatic?

Account deletion doesn’t have to be immediate or automatic but communication should be provided to the user. However, the time taken for the Apple delete user process should comply with local laws where the app is available.

Does user-created content need to be deleted on an app that supports content creation?

All data associated with a user’s account must be deleted upon account deletion, which includes any content provided and shared by the user. 

Note that some laws require data to be maintained, and users should be informed in such situations.

My app follows CCPA/GDPR and some local laws, is this enough to meet the requirement?

All users should be provided the same opportunity regardless of location. Any account deletion flows currently in place must extend to ALL users, so long as they meet the requirements of the App Store Review Guidelines. 

How do I handle users with auto-renewable subscriptions?

Users should be notified upon account deletion that billing will continue through Apple regardless of their account deletion through the app. 

It is the user’s responsibility to ensure any automatically renewing subscriptions through the App Store are canceled.

‍