Written by

Cara Hartley

Legal writer at TermsFeed.

Cara Hartley

On this page

If your business provides an app via Apple's App Store then there are certain requirements you need to be aware of in order to keep your app from being delisted.

This article will take you through those requirements and teach you everything you need to know in order to keep your app available in the Apple App Store.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your mobile app. Just follow these steps:

  1. At Step 1, select the App option.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your app.

    TermsFeed Privacy Policy Generator: Answer questions about Mobile App - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new App Privacy Policy.



Apple's App Requirements

Apple's App Store has a set of requirements, known as the App Store Review Guidelines, that pertain to safety, performance, business, design, and legal concerns. Your business must abide by in order to avoid having your app delisted.

All features of your app, including any ad networks or third party analytics services or software development kits (SDKs) that your app uses need to comply with Apple's requirements as well.

Apple's requirements include making sure that your app functions smoothly, contains original, appropriate content that doesn't pose a threat of physical harm to any of your users, and complies with state and international privacy regulations.

Keep Your App Updated and Functioning

Keep Your App Updated and Functioning

Apple may remove your app if it has any bugs or if it functions poorly or is incomplete. You should make sure that your app is updated at regular intervals to ensure optimum functionality.

In its Guidelines, Apple states directly that it will reject incomplete app bundles or apps that crash or have obvious technical problems:

Apple App Store Review Guidelines: App Completeness clause

Submitting your app without it being complete or when it has technical issues will also be bad for business. Even if Apple doesn't remove it from being downloadable, people will surely leave bad reviews and ratings about your broken app, which can put you out of business.

Don't release your app until it's tested and working properly to keep both Apple and your app users satisfied.

Make Sure That Your App Contains Appropriate Content: Allow Reporting

Make Sure That Your App Contains Appropriate Content: Allow Reporting

If your app contains objectionable content, Apple may remove it from the App Store.
Appropriate content is original, inoffensive, and doesn't carry a risk of causing physical harm to users.

Apple lets businesses know what its design standards are when it comes to plagiarizing, and copying popular apps is a surefire way to get your app removed from the App Store:

Apple App Store Review Guidelines: Design clause excerpt

You also need to make sure your app doesn't contain any offensive content. While there is no hard and fast rule as to what offensive content consists of, Apple notes that it will remove any app that contains content that is bigoted, rude, or creepy:

Apple App Store Review Guidelines: Objectionable Content clause excerpt

You should have a process in place to ensure that any User Generated Content (UGC) is appropriate. Apple requires businesses that use UGC to give users a means of contacting you and reporting offensive content as well as blocking users who violate content guidelines:

Apple App Store Review Guidelines: User Generated Content clause

If you don't have a process in place for users to report and block abusive content or accounts, your app can be removed. Here's what the usual rejection message from Apple looks like:

Apple app rejection message about user generated content missing required precautions

One way to meet this requirement is to make sure to have a feature where users can report offensive, violative content as well as block such users if they wish to.

Here's how Instagram does this by providing a menu where users can choose to report any post:

Instagram post with Report option highlighted

Facebook has similar reporting features, including the option to report posts to group admins, or to Facebook. You can also hide individual posts, or all posts from certain users:

Facebook post menu with reporting options highlighted

Facebook Pages have the option to report the page, as well as block it:

Facebook Page menu with Report option highlighted

Twitter gives the option to mute, block and report accounts, as well as individual posts:

Starwars Twitter account menu with Report option highlighted

You should also make sure that your app doesn't contain any content that could potentially cause physical harm to your users:

Apple App Store Review Guidelines: Physical Harm clause excerpt

Once you're positive that your content is appropriate, you should make sure that it follows Apple's privacy requirements.

Comply with Privacy Laws and Apple's Privacy Labels, and Display a Compliant Privacy Policy

Any app that is made available on the App Store must follow applicable state and global privacy regulations, including having a compliant Privacy Policy. Apple requires this, as do the laws themselves.

An example of a privacy law that must be followed if it applies to your app includes the California Consumer Privacy Act (CCPA/CPRA), which is California's main privacy law, and one of the strongest in the United States. It requires that businesses that collect or use consumers' personal information:

  • Provide a means for users to opt-out of the sale of their personal information to third parties
  • Inform consumers what personal information they collect and why
  • Give users the option to access or delete their personal information, as well as other user rights

The European Union (EU) boasts one of the strictest privacy laws in the world in the form of the General Data Protection Regulation (GDPR). Among its many rules, the GDPR requires that any business that collects personal information from residents of the EU:

  • Gets consent from users before collecting certain types of personal information
  • Keeps collected data to a minimum
  • Informs users of their rights granted under the GDPR

You should evaluate where the people who use your app live and make sure your app complies with any privacy laws that may apply to you.

Apple requires that any business that lists its app in the App Store needs to include a link to its Privacy Policy within the app, as well as let users know how it uses any personal information it collects and inform users how to delete their information:

Apple App Store Review Guidelines: Data Collection and Storage section - Privacy Policy Link required section highlighted

The MyFitnessPal app maintains a link to its Privacy Policy within its in-app Privacy Center, which helps it comply with both privacy law requirements and Apple's requirements:

MyFitnessPal mobile app Privacy Center menu with Privacy Policy link highlighted

Users can access PayPal's Privacy Statement by selecting the Legal Agreements link located at the bottom of the Profile screen:

PayPal app Profile menu with Legal Agreements link highlighted

From there, users can tap on the Privacy Statement header:

PayPal app Legal Agreements screen with Privacy Statement link highlighted

Tapping the Privacy Statement option takes users to an in-app version of PayPal's Privacy Statement:

PayPal app Privacy Statement excerpt

Developers must also provide Apple with detailed privacy information about their apps for Privacy Labels.

Before answering Apple's App Privacy Questions, do the following to make the process more streamlined:

  • Make a list of what types of data you collect and divided it into Apple's 14 data categories
  • Make a list of all of your third-party partners
  • Identify the ways that you and your third-party partners use each data type and divide it into Apple's six data use categories
  • Disclose if you link each type of data to the user
  • Disclose if you use each type of data for tracking

Another important compliance requirement is how you handle the topic of consent.

Get Consent and Allow it to be Freely Withdrawn

It's important that you get users' consent when collecting personal information. You should include a clause in your Privacy Policy that lets users know how they can withdraw their consent and delete their information at any time as well.

Apple requires that you get consent anytime your app collects user data, including any time your app records users' activity through their devices' microphone or camera, or through screen recordings:

Apple App Store Review Guidelines: Permission clause

The best way to do this is by using an "I Agree" checkbox that users can tap to show they're agreeing to your Privacy Policy, and to have their personal information collected and used.

This can be done when you request personal information from users, such as when they create an account with your app.

Here's how Dropbox does this:

Dropbox Create Account form with clickwrap to agree checkbox highlighted

If your app has an ecommerce component, you can do this on the checkout screen as well. Here's an example of how this can be implemented:

Generic Checkout screen with checkbox highlighted

As noted above, your Privacy Policy should include information on how users can withdraw this consent once they grant it.

MyFitnessPal informs users how they can revoke their consent in the Managing Preferences and Withdrawing Consent section of its Privacy Policy:

MyFitnessPal Privacy Policy: Managing Preferences and Withdrawing Consent clause excerpt

Additionally, any app that allows users to make an account needs to give them the option to delete their personal information.

Instagram's Privacy Policy includes a section that informs users how they can manage or delete their personal information:

Instagram mobile Privacy Center: How can you manage or delete your information and exercise your rights screen

From options within this page, users can choose to exercise their rights to port, download or delete their personal information that Instagram holds:

Instagram mobile Privacy Center: Port download or delete your information options screen

Now that you have a good idea of what you need to do to keep your app from being delisted, let's look at what you can do in the unfortunate case that your app does end up getting removed from Apple's App Store.

Comply With Apple's User Generated Content Requirements

If your app allows user-generated content, you need to comply with a few requirements:

  • Have an EULA and get users to agree to it
  • Have a mechanism in place to report objectionable content
  • Have a mechanism in place where users can block other users who are abusive
  • Act/respond within 24 hours of receiving a complaint about violative content

Apple requires you to have an EULA. You can either use the Apple-provided EULA, or create your own custom EULA.

Once users download your app and are able to submit and view user-generated content, you need to make it possible for users to report content. Here's a standard way to do this via an in-app menu option:

Instagram mobile example: An account with three dots - the Report option highlighted

The same method can be used to block users.

After a user reports another account, you must act fast. Let users know that you will respond to their request within 24 hours. Here's how you can do this, with an auto-reply message:

Example of the report request response

Remember: While this won't apply to every type of app, it will apply if your app allows user-generated content.

What to Do if Your App is Removed from the Apple App Store

What to Do if Your App is Removed from the Apple App Store

If you find out your app has been delisted, there are a few steps you can take to figure out why it was delisted and what you can do to get it back up in the App Store.

Check Apple's App Store Review Guidelines

The first thing you should do is check to make sure that you have followed all of Apple's App Store Review Guidelines. Apple has a set of requirements that you need to make sure your app meets in order to keep it from being delisted.

To keep your app from being delisted, it should:

Existing privacy legislation and Apple itself require that your app contains a link to your Privacy Policy. And, if your app allows user-generated content, it will need an EULA.

Your Privacy Policy should include clauses that inform users about how you collect their personal information, what you do with it, and how users can withdraw consent or have their personal information deleted.

You should put the link to your Privacy Policy and your EULA somewhere easily accessible within your app, such as under the Legal heading in your Settings, on the checkout screen if applicable, and under the sign-up section where users go to create an account or login.

How to Add a Privacy Policy URL in Apple App Store Connect

You can download these instructions as PDF file.

  1. First, log in to your Apple App Store Connect account.

  2. Select your app from the menu:

    TermsFeed Apple App Store Connect: Dashboard - Apps - TermsFeed app selected

  3. From the General section, choose the App Privacy option:

    TermsFeed Apple App Store Connect: App menu - Selected App Privacy under General

  4. Click Edit next to the Privacy Policy title:

    TermsFeed Apple App Store Connect: App menu - App Privacy - Privacy Policy with empty field for adding URL and Edit option highlighted

  5. In the modal that opens, find the field where you can enter a Privacy Policy URL. There is also a User Privacy Choices URL field:

    TermsFeed Apple App Store Connect: App menu - Open Edit window with empty field for adding a Privacy Policy URL highlighted

    If you don't have a Privacy Policy, you can use our App Privacy Policy Generator and create one within minutes. TermsFeed will host your Privacy Policy URL for free.

  6. Once you have the Privacy Policy created by TermsFeed, click Copy from the Link to your Privacy Policy section to copy the URL:

    TermsFeed Generators App: Privacy Policy Download Page - Link to hosted Privacy Policy URL copy option highlighted

  7. Paste the Privacy Policy URL in the field box:

    TermsFeed Apple App Store Connect: App menu - Open Edit window with empty field for adding a Privacy Policy URL and paste option highlighted

  8. Click Save:

    TermsFeed Apple App Store Connect: App menu - Open Edit window with empty field for adding a Privacy Policy URL and Save button highlighted

  9. You're done!

    TermsFeed Apple App Store Connect: App menu - App Privacy - Privacy Policy with added URL highlighted

Here are the steps for adding an EULA to Apple App Store Connect.

How to Add a Custom EULA to Apple App Store Connect

  1. First, log in to your Apple App Store Connect account.
  2. Select your app from the menu:

    3. TermsFeed Apple App Store Connect: Dashboard - Apps - TermsFeed app selected

  3. Select App Information under the General section:

    4. TermsFeed Apple App Store Connect: App menu - Selected App Information under General section

  4. Scroll down to the License Agreement section and click the Edit option:

    5. TermsFeed Apple App Store Connect: App Information with License Agreement section and Edit option highlighted

  5. In the Edit License Agreement modal, select the second option: Apply custom EULA to all chosen countries and regions:

    6. TermsFeed Apple App Store Connect: Edit License Agreement dialog box highlighted

  6. Now you will see a field for where you can add a Custom License Agreement and an option to select the countries or regions for where the agreement applies:

    7. TermsFeed Apple App Store Connect: Edit License Agreement dialog box with empty field for adding Custom License Agreement and Select countries highlighted

  7. Add the text of your EULA into the Custom License Agreement field.

    If you do not have an EULA, you can use our EULA Generator and create one within minutes.

  8. Once you have the EULA created by TermsFeed, let's get the policy text. You can download the Plain Text file format:

    9. TermsFeed App: EULA Download page - Download your EULA - TXT file highlighted

  9. Paste your custom EULA text in the field box:

    10. TermsFeed Apple App Store Connect: Edit License Agreement dialog box for adding Custom License Agreement and Paste option highlighted

  10. Click Done:

    11. TermsFeed Apple App Store Connect: Edit License Agreement dialog box with added Custom License Agreement and Done button highlighted

  11. Click Save to update the app information:

    12. TermsFeed Apple App Store Connect: App Informations - Save button highlighted

  12. You're done.

It's also important to make sure that your links actually work, and either take users to an in-app version of your Privacy Policy and EULA, or to the website where your Privacy Policy and EULA are hosted.

You should review your legal agreements periodically, and update it to reflect any changes that have been made to existing laws or any new laws that affect your app or users.

You need to get permission from users before collecting personal information via your mobile app. A simple checkbox next to an "I Agree" statement that users can tap is an easy way to satisfy this requirement. Or, an "Agree" or "Accept" button will work as well, as seen here:

Accept or cancel Chase Mobile Banking app agreement

Include information in your Privacy Policy about the data you collect, and how users can revoke consent even after they've granted it.

Let Users Report and Limit Abusive Content

If you allow user-generated content, you need to provide a method for users to report and block offensive, abusive content that violates your terms.

Adding a menu with an option to report and block a post and a user is the standard way to satisfy this requirement, as seen here:

Instagram Example - Account - Report form menu options highlighted

Make sure you respond swiftly, within 24 hours.

Contact Apple

Once you have ensured that your app meets Apple's App Store Review Guidelines, checked that your app links to your Privacy Policy and that the link is easily accessible and in working order, and made sure that your Privacy Policy is up to date, your next step is to contact Apple and submit an appeal. As long as your app meets the guidelines, you may be able to get it relisted:

Apple App Store Review Guidelines: Appeals clause

You can submit an appeal directly by signing into your Apple Developer account.

Summary

Apple requires that all apps in its App Store meet its standards for functionality and original, appropriate content. and that they comply with state and global privacy regulations.

Your app needs to:

  • Be up to date and functioning properly
  • Not contain offensive content, and allow users to report any such content from within the app, if applicable
  • Contain a link to your Privacy Policy, and comply with all relevant privacy laws
  • Get appropriate consent and allow it to be revoked at any time
  • Comply with user-generated content requirements when applicable

If your app has been delisted, you should read over Apple's App Store Review Guidelines and make any necessary changes. You can then contact Apple and submit an appeal to have your app relisted. Depending on why Apple removed your app in the first place, you may be able to get your app back in the App Store quite easily.