First Apple, Now Android to Devs: “Delete!”

Alex Krylov

4 min read
Account and data deletion policy
Image: Marco; CC BY 2.0; modified

It’s all too easy for us to download an app, speed through registration with our Google accounts, use the service for a month and then put it in the smartphone equivalent of a junk drawer.

Rifling through on a whim, we may decide to throw the app away to, you know, free up storage. We delete the app forgetting, or not realizing, this doesn’t also delete the user account or data.

Here comes Big Tech to our forgetful rescue.

TL;DR:

  • First Apple’s and now Google’s updated app store policies require prominent account & data deletion mechanisms for account-connected apps.
  • Requirements compliment legal rights to deletion / to be forgotten, but extend to any Apple and Android user anywhere.
  • Like with RtD/RtbF, app businesses and businesses with apps will need to pay more attention to their data retention, UX and customer service practices.

Platform cares

Last year, Apple launched a new app account deletion policy. As of June 30, 2022 all iOS apps that support in-app account creation have to also support in-app account deletion.

Any apps submitted to the App Store that allow users to create accounts must clear this new review hurdle. When an account is deleted, the developer also needs to make sure they remove any account data they're not legally required to keep.

One year plus change later, Google announces a similar policy for its Play Store, effective in “early 2024”.

Apple says

  • If your app doesn’t include significant account-based features, let people use it without a login.
  • If your app supports account creation, you must also offer account deletion within the app.
  • Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law…

Google says

  • …give users a new set of transparency and controls over their user data while providing developers with a way to showcase how they treat user data responsibly.
  • Our policy requires that if your app allows users to create an account from within your app, then it must also allow users to request for their account to be deleted.
  • Temporary account deactivation, disabling or 'freezing' the app account does not qualify as account deletion.

Apples to droid oranges

What 🍎 means

What 🤖 means

  • Effective: June 30, 2022

  • Problem. Deleting app closing account + deleting associated data

  • Goal. Make it easier for users to break up with companies

  • Mechanism. “Easy to find in your app” option to initiate full account and data deletion.

  • “Initiate”. From within and outside the app if needed (need link to website in case app was already deleted)

  • Flow. Kickoff to a website or agent to close the account and have unneeded data deleted

  • SLA. Devs to state, but Apple sets own Account SLA to ~7 days

  • Effective: early 2024

  • Problem. Deleting app closing account + deleting associated data

  • Goal. Make it easier for users to break up with companies.

  • Mechanism.Prominently featured and readily discoverable option” to initiate deletion

  • “Initiate”. From within and outside the app (need link to website in case app was already deleted)

  • Flow. Kickoff to a website or agent to close the account and have unneeded data deleted

  • SLA. Devs to state, but Google sets own Account SLA to ~30 days

User experience

Both platforms expect a high degree of Account Deletion discoverability and flexibility.

While the wording used is slightly different, Apple and Google expect devs to provide links to website resources where users can trigger app account deletion along with the associated data.

Data retention implications

Android devs have the opportunity to show users if they “delete other data too” and are voluntold to be upfront about their data practices.

In Google’s words, “It is possible that your app might need to retain certain data for legitimate reasons such as security, fraud prevention or regulatory compliance. In that case, you must clearly inform users about your data retention practices, for example within your privacy policy.”

This raises a series of questions every app team and their privacy and legal teams should work out together:

  • What does the user actually want?  Do they want to suspend an account or close it? (Think gym membership, streaming service etc)
  • Which accounts? What if a user has more than one? They should be engaged as part of the process to clarify. (Think social platform)
  • Which data? Users may not want all their data nuked, and should be informed how they may retrieve it without having to force the issue through a data subject access request.
  • Exemptions? Big Tech terms are universal, laws & policies driving retention are not. What is appropriate for one business to retain may not be for another. Account deletion policies should align to privacy and retention policies. (Think finance and health apps vs social and game apps.)
  • Turnaround? Apple and Google do not want to enforce subjective SLAs. Regulators do. GDPR requires deletion within 30 days; CCPA and the other US state consumer privacy laws prescribe 45 days.
  • Same as Right of Deletion? Apple/Android requirements are self-regulatory and complimentary to legal rights of deletion / to be forgotten.

Assuming work has already been done to meet Apple’s requirements, aligning to Google’s should be straightforward. Regardless of platform, however, the processes behind account and data deletion will need to be part of a well-crafted offboarding process.

Rights to delete -- data and accounts, regulated or self-regulated -- are still customer services issues at their core. Which means effective expectation management and communication are still key.

Mari Kondo method

Apple’s and now Google’s app policy updates appear pro-user and anti-junk drawer. And fewer orphaned accounts dangling around is good for security and data storage costs too.

But app users should also take cues from Mari Kondo… before she gave up, that is.

If an app, product or service doesn’t make you happy, and you don’t truly need it, delete it. Just don’t forget to get the account and data deletion kicked off first. Within the app or from the app publisher’s website.

Happy app Spring cleaning!


Sign up for more like this.