Apple has updated its App Store moderation rules, tightening oversight of how developers handle user data when working with third-party algorithms. The company has introduced a new requirement for apps that transmit information to external AI platforms: such integrations are now permitted only after users are directly notified and explicit permission is obtained.
The changes come amid preparations for a major Siri update planned for 2026, which, according to Western media, will rely on Google’s Gemini model to perform actions across various apps. As Apple embeds AI more deeply into its own ecosystem, it is simultaneously imposing stricter controls on third-party software, aiming to preserve its long-standing emphasis on privacy.
The revised version of clause 5.1.2(i) mentions external AI services for the first time. Previously, the rule required developers to explain what data was being sent to third parties and to request the user’s consent for such sharing. It now specifies that developers must clearly inform users if personal information will be transferred to an external AI platform and must obtain explicit approval for that transfer. This signals that Apple views AI providers as belonging to a high-risk category, on par with organizations handling sensitive data.
The new requirement applies to apps that transmit user information to external AI systems for analysis or personalization, including services powered by large language models and cloud-based algorithms. Yet questions remain about how the rule will be applied in practice: Apple does not clarify which technologies fall under this definition. The term “AI” may encompass everything from sophisticated cloud platforms to relatively simple on-device mechanisms. How strictly Apple interprets the new clause will determine the extent of developer oversight.
Failure to comply will result in the app’s removal from the store, and the policy aligns Apple with international standards such as the GDPR in Europe and the CCPA in the United States. The update package also includes revisions related to the launch of the Mini Apps program, clarified requirements for services dealing with loans and creator-generated content, and the formal inclusion of cryptocurrency exchanges among strictly regulated categories of applications.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
