[WalterGR]

Can anyone translate that into practical terms? To me that doesn’t match this post’s title, currently “AppStore: Apps supporting account creation must also offer account deletion”.

Quote:

  The app must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app. An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.

There’s nothing about account or stored-data-about-me deletion in there.

[comex]

It's the second sentence: "If your app supports account creation, you must also offer account deletion within the app."

[WalterGR]

Wow. Not sure how I missed that. Thanks.

[mimixco]

That sentence is about storing Facebook logins, for example, not storing other data about the user. Apple is saying you may allow people to login to their social networks (to post through your app) but you cannot save their login from Facebook into your private (off-device) server.

[minsc__and__boo]

You should consider your social media access credentials/tokens as data about you, because they can be used to request your social media data.

[DaiPlusPlus]

Right, but I'm still reading that as "you must allow people to log-out (locally)".

[egocentric]

“If your app supports account creation, you must also offer account deletion within the app.”

Separately, they should also do this for subscriptions.

[yakkers]

At present, by requiring the use of Apple's IAP system for subscriptions, this is already taken care of.

Given the Apple vs. Epic stuff going on, this may change soon -- In that case I'd also like to see rules against excessive retention tactics / dark patterns.