Apple Tightens App Store Rules: Explicit Permission Needed for AI Data Sharing

Apple has rolled out a significant update to its App Store Review Guidelines, placing a sharper spotlight on user privacy and curbing misleading app behaviour. While the company regularly revises its rules to keep pace with shifting technology trends, the newest changes feel broader in scope and more assertive in intent—especially as AI begins to seep into nearly every category of mobile apps.

At the heart of this update is a privacy addition under guideline 5.1.2(i). Apple now requires developers to clearly inform users whenever their personal data is shared with any third-party AI platform. With AI models increasingly integrated into apps—from productivity tools to entertainment services—the company wants developers to be explicit about how data is handled. If an app plans to transmit personal information to an external AI service, users must be told in simple, transparent language and must give active permission before the data leaves their device. The move reflects growing global concerns about AI data governance and reinforces Apple’s long-standing stance on strong user consent.

Another major shift addresses the persistent problem of copycat apps. Apple has added a new line in its anti-copycat section, directly prohibiting developers from using another app’s name, icon, or branding without explicit approval. This change comes on the heels of the recent wave of Sora 2 clones that flooded the App Store following the buzz around OpenAI’s official release. Although Apple moved quickly to remove or rename these impersonators, the incident underscored how easily user confusion can spread when look-alike apps appear in search results.

This new rule builds upon Apple’s existing guidance, which reminds developers to “come up with your own ideas” rather than making superficial tweaks to established app designs. Apple also reiterates that apps mimicking other services can result in serious consequences, including expulsion from the developer program—an even more pressing issue with Europe’s new notarisation rules. The message is clear: originality is not optional.

Creator-focused platforms also see new requirements. Apps hosting content from users must now include built-in tools allowing creators to flag material that exceeds the assigned age rating. Such content must be locked behind proper age-verification mechanisms. Apple has clarified that these compliance rules extend equally to mini apps and mini games built using HTML5 or JavaScript containers.

Loan-based applications have received more specific boundaries as well. They can no longer offer annual percentage rates above 36 percent or impose repayment terms shorter than 60 days. Meanwhile, crypto exchanges have been formally added to the list of highly regulated categories, meaning developers building such apps will need to meet stricter compliance obligations.

Apple has also quietly removed older language discouraging the use of empty ad banners or test advertisements, indicating that this concern has diminished in relevance. Additional clarifications stress that apps delivering software not embedded in the binary cannot access native APIs without approval and must follow the same age-based restrictions mentioned earlier.

Together, these changes reveal Apple’s intensified focus on privacy, transparency, original design, and regulatory compliance—setting a firmer baseline for developers in the evolving AI era.