In-App Account Deletion Required by Apple Starting January 31, 2022

Apple will soon require apps to allow users to initiate account deletion. Learn more about the upcoming policy and how you can prepare for it.

 min. read
Published on
January 11, 2022

In Oct 2021, Apple announced that the updated version of App Store Review Guideline 5.1.1 released in June requires that all apps allowing users to create accounts should also provide ways for them to initiate account deletion within the apps. This applies to all new app submissions (whether as updates or new applications) starting from January 31, 2022. The announcement also reminds developers to review different sections in the App Store Review Guidelines concerning the collection, uses, retention and deletion of personal data and abide by jurisdiction-specific rules in addition to the App Store Review Guidelines. 

However, there is some ambiguity that leaves the developer community confused. In this blog post, we will be discussing some key points regarding the account deletion requirement and how you can easily offer account deletion with minimal efforts:

What exactly is required by Apple regarding account deletion?

There is a growing concern about data privacy as users now are more aware of how their data is used by different companies. Legislatures have come up with various regulations, such as the Global Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), to reassure consumers that they will have more control over their personal data. Big tech companies now have to not only adjust their policies accordingly but also keep one step ahead of their competitors when it comes to data privacy to build trust with consumers, making data privacy their next competitive advantage.

In the Apple Developer Updates, it says that “all apps that allow for account creation must also allow users to initiate deletion of their account from within the app.” Allowing users to initiate account deletion can be as simple as providing a link to an online form for users to submit a request instead of actually letting users delete their account in the apps. The language used here by Apple perhaps allows developers to first start with account deletion options requiring less development efforts but the end result must be account deletion.

How is the new account deletion requirement different from other privacy laws?

The account deletion requirement is different from the Right to Erasure or Right to be Forgotten from GDPR as the Right to Erasure allows the data subject to ask businesses to remove their personal data and even stop other third parties from using their personal data for further uses. The account deletion requirement in the App Store Review Guidelines, however, only lets users to delete their accounts. It is unclear whether a request for account deletion should also come with the deletion of personal data or it will become a 2-step process. 

The App Store Review Guidelines reminds developers that it is their responsibility to make sure that their apps comply with any legal requirements in locations where the apps are available. If your apps are available in regions covered by the GDPR, you will have to not only provide control over personal data but also allow users to initiate account deletion starting from January 31, 2022.

What are the possible account deletion mechansisms for developers to incorporate?

1. Provide a phone number for users to call and ask for account deletion

Even though we’re living in the digital era, sometimes users still prefer calling customer support as emailing often takes longer for users to get what they want. However, if you have a significant amount of requests to handle, this certainly will not be the most efficient or cost-effective solution as a customer support representative can only attend to a certain number of requests.  

2. Build in-app or create external forms for users to submit account deletion requests

This approach needs a bit of setup but allows the parties involved in account management to handle the process with less hassle. Developers can either create an account deletion request form inside the app or add a link to the app that redirects the users to a Google Form and notifies the parties involved in the account deletion process. This will make customer support’s work lighter as they will not have to spend time on answering phone calls, but might prolong the account deletion process.

3. Develop in-app feature for account deletion

Allowing users to directly delete accounts provides the best user experience. Ideally, users can press on a button and begin the account deletion process themselves without involving any developers or customer support. However, this does require efforts from engineers to develop the features and workflow required for users to delete accounts themselves. 

Instead of developing authentication and user management system in-house, you may integrate existing solutions with your app to:

  • Speed up the development process
  • Reduce engineering cost
  • Allow in-house engineers to focus on developing core functionality
  • Mitigate potential risks

Prepare for the upcoming account deletion requirement with Authgear

Authgear has helped enterprises and startups across the globe build privacy-aware web or mobile apps by providing a secure & simple user management and authentication solution. It is equipped with features, such as single sign-on, social login, two-factor authentication, sessions alert and revoke, and admin portals, required by all kinds of apps. Developers can enable the account deletion ability in their apps with just a few clicks and easily manage all account settings in Authgear.

Talk to our sales team today to see how Authgear can help you keep up with Apple’s latest account deletion policy.