App Compliance: 5 Crucial Approvals to Review Before Your App Launch

App Compliance: 5 Crucial Approvals to Review before your App Launch

When launching or growing an app, success doesn’t just depend on compelling and educating new users, it requires the navigation of a complex web of approvals and compliance requirements. Whether you are launching an app into the highly regulated finance category or adapting to the ever-changing policies and restrictions set by Apple and Google, each consideration plays a pivotal role in the journey towards your app launch. In this blog post, we’ll explore key regulations that can make or break your app’s success all the way from app store approvals to getting the green light to run your app advertising. Let’s get into it!

1. Apple and Google’s Submission Policies

Source: Apples app privacy policy and Google Data privacy policy

No matter how you market your app, users are required to download your app via its Google Play or Apple App Store listing. Therefore, it goes without saying that with an app launch you will need to have “sold” your app to both Apple and Google.

Both Google and Apple have strict criteria for you to get your app live in the stores– with some being more obvious than others. This can cover factors such as data collection (more on that later), app content, app guidelines and even just how well the app works! With more of the approvals being conducted by machine learning & AI (on iOS your app will still be approved by a human, for now); make sure you give Apple and Google no good reasons to remove or deprecate your app launch via their algorithms and their approval process.

There are plenty of reasons as to why Apple or Google will reject your app submission. Here are five policies to look out for:

  1. Product Quality: On Apple, apps that are buggy, crash frequently, or appear to be in a beta or trial form are often rejected. Apple expects apps to be fully functional and of high quality when submitted for review.
  2. Google Payment System: On Google, if your app offers in-app purchases, they must be done using Google Play’s payment system. Avoid directing users to other payment systems, as this is a violation of Google’s policies.
  3. Disruptive Ads: On Google, if you serve disruptive in-app ads where users might not expect to see them – you may be violating their ‘Better ad experiences’ policy.
  4. Financial Features Declaration: For Google, developers to submit a financial features declaration. This applies to all apps, especially those offering financial services. Apps with personal loan features require additional documentation for review by Google.
  5. Apple’s Payment System: Like Google, apps that try to bypass Apple’s in-app purchase system, or don’t use the system where required, can be rejected.

You can find Apple’s submission guidelines here, and Google’s submission guidelines here.

2. Regulatory Bodies: FCA, FDA and COPPA

While Apple and Google provide the gateways to app distribution, there are other regulatory bodies and guidelines that developers must be aware of, especially when your app targets specific demographics or operates within regulated industries. Two such critical regulations are the Children’s Online Privacy Protection Act (COPPA) and the Financial Conduct Authority (FCA) guidelines.

Source: Lover: Ultimate Intimacy App Store listing shows FDA approval in the first screenshot

COPPA, for instance, is a U.S. law that places specific requirements on operators of services directed to children under 13 years of age. If your app is designed for or attracts young users, understanding and adhering to COPPA is not just a best practice—it’s a legal necessity.

On the other hand, if your app offers financial services or operates within the financial sector, the FCA’s guidelines come into play. The FCA ensures that financial markets work well, and their guidelines are designed to protect consumers, safeguard the industry, and promote competition.

Before setting your launch date, consider whether your app requires approval from a regulatory body. Some examples can include:

  • Medical Features for the US Market: If your app incorporates medical device features or functionalities for the US audience, securing approval from the FDA is crucial.
  • Financial Transactions in the UK: Apps that facilitate financial transactions or services, such as lending in the UK, must obtain clearance from the FCA.
  • Child-Focused Apps: When targeting children, remember that COPPA dictates the dos and don’ts, especially for promoting to those under 13. Ensure your marketing and data collection practices align with these guidelines.

3. GDPR and Global Data Compliance

If your app is going to be used by (or at the very least, collect data from) EU residents, you will need to ensure your app is GDPR compliant. One of the most important requirements of the GDPR is to acquire active, informed consent from your app users before collecting or processing their personal information. You can read more about the GDPR basics here.

Source: Braze ‘push primer in-app messages’ blog

Here are three examples of consent and data collection that violates GDPR regulations:

  • Bundling Consent: The app requires users to agree to multiple terms at once, bundling consent for data collection with other terms of service. For instance, a single checkbox might cover both terms of service and consent to collect personal data, making it impossible for users to use the app without also agreeing to data collection.
  • Lack of Data Protection Measures: The app stores personal data without adequate security measures, making it vulnerable to breaches. If the app is hacked and user data is exposed, and it’s found that the app didn’t have proper security protocols in place, it would be in violation of GDPR. A recent example (and excluding the commonly known offenders such as Meta, WhatsApp and Google) is Grindr, who unlawfully shared users’ personal data with third parties for marketing purposes — including GPS location – and subsequently, the Norway data protection agency announced intentions to fine them.
  • Not Honouring the “Right to be Forgotten”: A user requests that all their personal data be deleted from the app’s servers. If the app fails to do so in a timely manner or doesn’t remove all the data, it would be violating the user’s right to be forgotten under GDPR. This also means that your MarTech SDKs (more on them later) must support the ability to not track particular users on an ongoing basis.

GDPR compliance is non-negotiable; and there have been some hefty fines for organisations such as British Airways who had to pay a 20 million pound fine by the ICO due to a significant data incident back in 2018. With numerous high-profile data breaches eroding consumer trust, GDPR’s primary goal is to restore this trust by promoting transparency and fostering a clear value exchange between businesses and consumers.

This is just the tip of the iceberg. Many countries and states have developed region-specific compliance policies, such as the California’s Privacy Rights Act (CPRA), Brazil’s Lei Geral de Proteção de Dados (LGPD) and India’s Personal Data Protection Bill (PDPB). So, make sure you do your research and get aligned on your data collection processes!

4. Meta

With nearly 3.6 billion active users across Meta (and its affiliated apps such as Facebook and Instagram) chances are, if you want to acquire new users for your app, you’ll need to advertise via Meta. It therefore goes without saying that you also need to abide by their rules and convince them that your app launch should be promoted on their platform.

Meta set several guidelines around products covering dating, finance, banking, alcohol, medicines, gaming, gambling and much more. Meta may also require written approval before running your ads, which if you don’t get, your advertising spend may be capped or your advertising account may be removed entirely.

This is proven to be notoriously difficult for cryptocurrency apps, for example. To advertise cryptocurrency on Meta, advertisers must first meet specific eligibility criteria, notably obtaining licenses from countries with stringent cryptocurrency regulations. Upon believing they meet these standards; advertisers can submit a dedicated form provided by Meta to request ad placement. Following submission, Meta conducts a thorough review of the application and other relevant sources to verify the advertiser’s legitimacy. However, approval isn’t guaranteed, and as eligibility criteria might change over time, Meta continually updates its advertising policy to reflect these shifts – so it’s important to keep on top of any new policy updates and changes.

In this case, it’s easier to seek permission rather than forgiveness. Make sure you seek approval and adhere to Meta’s guidelines as an essential step to get on Meta’s good side and ensure you can seamlessly advertise your app (read more on advertising on Meta on our blog). And, if you want to read more in depth into Metas advertising guidelines, then check it out.

5. Marketing Technology SDK’s

To successfully launch your app, you will need to ensure you have the most effective tech stack within your app to understand who your users are, what they do in your app, and how valuable they are. You may also need to implement 3rd party SDKs to support your acquisition efforts.

As part of this process, MarTech and acquisition providers will provide you with what is known as an SDK (Software Development Kit) – essentially a few lines of code that enable to the tech provider to deliver what they have promised. When including an SDK in your app, you want to make sure that you can keep your users safe and your app secure from any vulnerabilities. Whilst this may seem simple, it is important to be wary of the fact that SDKs can be unsafe because they are implanted within apps but run independent, separate code.

There have been numerous cases of SDKs that violate user privacy or harm app performance, which can be very easily noticed by Apple and Google and end up with your app being banned from the respective app stores.

Before you integrate an SDK into your app, ensure you know what permissions it uses, what data it collects, and why. It is important to note that, by implementing the SDK into your app, you now become responsible for the data collection behaviour of that tool and any potential negative consequences that could come with it.

It is important to also highlight that the code is not always malicious (think; accessing your banking details) but can still be risky to implement.

Conclusion

Taking your first step into the world of apps is exciting, but it comes with the responsibility of ensuring crucial approvals and compliance with various regulations. The best thing we can advise is doing your research. You can significantly increase your chances of a successful app launch while avoiding potential legal and regulatory pitfalls or getting rejected from the app stores.

Remember that compliance is an ongoing commitment. Stay vigilant by monitoring changes in regulations, maintain your app security and privacy standards, and providing excellent user support. Building a reputation for compliance and reliability not only protects your app but also fosters trust among your users. This will lead to long-term success in the competitive world of app development.

Smokehouse Yard, 44-46, St John Street, London, EC1M 4DF 🇬🇧

Smokehouse Yard, 44-46, St John Street, London, EC1M 4DF 🇬🇧