Kaspersky welcomed the recent changes stated in the ‘App Store Review Guidelines’. These guidelines have become more responsive to iOS application developers’ needs, and attempted to clarify how parental control applications should be developed and then assessed by Apple.
The updated ‘App Store Review Guidelines’ allow utilizing MDM for parental controls in limited cases and the ‘Apple Developer Enterprise Program License Agreement’ clarifies that the use of MDM-profiles and configuration profiles in applications for home users is only possible with the explicit written consent of Apple.
However, Apple’s updated rules and restrictions do not provide clear criteria allowing the usage of these profiles, as well as information on meeting the criteria, which is needed for obtaining written consent from Apple to use them.
Apple prohibits the transfer of data received from applications using MDM to third parties. It makes no exceptions and insists that such a ban will apply to the use of third-party analytical services, which are widespread in the mobile application industry, and allow improving software products based on statistical analysis.
It is noteworthy, that in our case, it is not about the transfer of user data, especially from the child’s device, but only from the parent’s device and only regarding the work of our software; and only with explicit and informed consent of users. However, Apple has not heard our arguments.
Utilizing these analytical services is critical for mobile application developers and Apple does not provide such tools. This means that, in the event of a real ban on using such services, Apple's Screen Time will have competitive advantages that are not available for applications of other players in this market.
To summarize, we can state that the softening of the conditions announced by Apple still has a number of questions unanswered, and this does not allow us to claim elimination of the abuse of its market position by Apple.
In particular, this abuse remains in the following:
- Apple did not provide third-party iOS application developers with the unconditional opportunity to use the technologies and APIs used or similar to those used in the Apple’s own Screen Time application.
- Apple did not provide a transparent and clear procedure for obtaining the explicit written consent to use MDM-profiles and configuration profiles. To obtain consent to use MDM and configuration profiles, third-party developers must pass some review with an unclear deadlines and incomprehensible selection criteria.
- Apple’s requirements reduce the competitiveness of third-party parental control software with Apple’s Screen Time. Among Apple’s requirements for testing, there is an apparent ban on the use of any third-party analytical services in applications, even with a user's explicit consent. Apple’s requirement does not contain information about the necessary justification of such a ban on utilizing these services that are used by the entire mobile software development industry.
- Apple stated that the consent to use the MDM profiles will be provided for a period of one year. At the same time, it is not indicated whether the same application requirements will be applicable after one year. The current situation allows Apple to change the rules of review and selection criteria at any time, as well as introduce new rules or interpret existing rules differently. This has been exemplified repeatedly in the past.
- Apple reserves the right, without an explanation, to remove any application from the App Store at any time, even those applications that satisfied all the requirements and passed the review. This rule is enshrined for Apple in the relevant documents and this is imposing of discriminatory conditions on third-party iOS application developers.
All in all, one-way communication, marketing and technological advantages of Screen Time (which are not available to third-party developers of similar software), non-transparency of procedures, and Apple’s officially enshrined right to take any actions regarding third-party software, all create certain barriers for third-party developers to enter the market of parental control software for iOS, and these barriers are the result of the dominant entity’s – in this case, Apple’s - actions. These actions adversely affect the competitive environment of an adjacent market, where the dominant entity also offers its product.