With the official release of iOS 11, Apple has released an update to its App Store Review Guidelines for developers in which they outline the rules for apps so they can be published to the App Store.
In section 5 which covers privacy you’ll now find an updated section that covers the new category of apps that are going to be refused if they don’t have a privacy policy. It reads like this with the added wording highlighted:
5.1.1 Data Collection and Storage
(i) Apps that collect user or usage data must have a privacy policy and secure user consent for the collection. This includes—but isn’t limited to—apps that implement HealthKit or other health/medical technologies, apps that utilize ARKit, Camera APIs, Photo APIs, or other software for depth of facial mapping information, HomeKit, Keyboard extensions, Apple Pay, Stickers and iMessage extensions, include a login, or access user data from the device. Your app description should let people know what types of access (e.g. location, contacts, calendar, etc.) are requested by your app, and what aspects of the app won’t work if the user doesn’t grant permission.
By now we’re used to seeing updates to the privacy section in the App Store Review Guidelines that decree that apps using a certain technology provide a privacy policy. We’ve seen such updates with COPPA in mind, for iOS 8 and apps that use HealthKit, apps that use HomeKit and third party keyboards, iOS 10 and stickers and iMessage extensions and Apple TV.
We’ll keep an eye on any upcoming changes for you.
You can read a more about how to write a privacy policy for iOS apps in our dedicated guide.