Apps supporting account creation must also offer account deletion(developer.apple.com) |
Apps supporting account creation must also offer account deletion(developer.apple.com) |
> (v) Account Sign-In: If your app doesn’t include significant account-based features, let people use it without a login. If your app supports account creation, you must also offer account deletion within the app. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or inviting friends to use the app are not considered core app functionality. The app must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app. An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.
Apple’s playing field is just much more narrow, which allows it to enforce rules like these in an elegant manner which makes for a much better experience to the end user.
Quote:
The app must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app. An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.
There’s nothing about account or stored-data-about-me deletion in there.Separately, they should also do this for subscriptions.
Ok, shoutout Apple for this. But shouldn't they apply their policy intent to themselves too? I can technically use an iPhone without an AppleID, but you need to login to download apps. I would argue installing apps shouldn't require a login.
When we talked to the support team they told us their by far largest task was handling account deletions. They had tried to just put a button in the control panel, but the CEO of the company thought it was bad for retention.
So we started writing scripts for "I want to cancel my account" and similar requests. The official process also required the users to verify by email after talking to support, so there were a number of steps. Eventually we needed an API call for actually completing the process. But we were told the CEO had to approve.
The CEO didn't know we were working on automating account deletions. And when we finally got to talk to him about giving us API access, he decided it would be easier to just add an account deletion button to the control panel. That's how we lost our initial business case.
I think either the card was expiring naturally or it was google pay or something that I could shut off. (it was years ago by now so thats why the vague details)
anyway, they actually tried to say I owed them money for years and I even got emails and calls from collections companies for a few years.
If they had been in the US I bet it would have been harder to just blow them off like that.
Simply stopping payments is not the ultimate trump you and I both thoight it should be.
For my part I decided I was on record as having requested to cancel the service, and had not used the service, so do your worst. Go ahead and try to convince a judge that I owe you anything.
This has even become a way of trolling in some subreddits where you try to make people waste time answering you in detail then deleting all your messages.
This has prompted some people to quote bigger parts of the original message.
Deleting accounts is a right, no problem about it, but deleting public information is really problematic. The right to be forgotten should be a moral right, not a legal one. I don't want it to be illegal to point out politicians responsibilities in Iran-Contra or the Iraq war even 20 years after.
I’ve come across more and more sites in recent years with no account deletion option and it’s hugely frustrating.
It’s just not something that developers have really had to account for thus far.You ingest data and then it and derived data goes god knows where in your organization. How do you track all of that down?
(There’s “should be” and “actually is”. I’m referring to the latter.)
But I don’t expect people on HN to complain about this. They hold every other website to absurd standards on data ownership and content moderation, while happily being users of a site where they own none of the data and are subject to strict rules about what can be discussed and how.
where on HN did I waive or assign copyright or ownership to YC?
The FAQ ( https://news.ycombinator.com/newsfaq.html ) says you just need to email them to get stuff deleted:
> we care about protecting individual users and take care of privacy requests every day, so if we can help, please email hn@ycombinator.com
You have a right to complain if someone lies about something you said, either by putting words in your mouth or taking credit for your words.
You have zero rights over anyone else's memory of the fact that you said something or what you said.
That's not some new thing HN is doing, that's just life.
Threads of [deleted content] answering to [deleted content] are hard to follow.
Reality: Apps no longer support seamless account creation and instead redirect the user to a website to register, user can no longer manage any aspect of their account from the app.
Alongside, of course, the assumption that "companies don't respect their users in any way, shape, or form."
These seem like assumptions which, while they certainly have exceptions, are well borne out by the available data.
I think some might argue that being able to intercept a user at account deletion via support gives them the opportunity to either solve a misunderstanding in the product or better understand why the user is leaving but I think there are much better ways to accomplish this. I’m more convinced this is done as a dark pattern to add friction to the deletion process.
A notable example was having to contact support to delete a Starbucks account.
And they could still offer an account deletion button which automatically filed a support request. Most sites which don’t offer account deletion have made me dig or google for a solution instead of putting any info in a contextually relevant spot such as in account settings or in a support article about disabling an account.
Unfortunately I do not have evidence to justify this position but for most companies from an incentives standpoint as I understand them: 1) a user who cannot delete an account will have a far easier time using the service again compared to a user who has deleted an account so they are more likely to reengage, 2) user numbers and active user numbers may be important metrics for funding or company evaluation, 3) assuming data is deleted on account deletion then that can no longer be used for marketing or model training, 4) services which rely on the network effects from the user base need to have a relevant and usually large user base to provide consistent value, 5) if done manually there support and or dev cost on each account delete request.
How do you clearly explain to a user that if they delete their account on app X, apps Y and Z will also have all of their account data deleted?
Also the stakes are a lot higher as it could delete all of someone’s photos, backups, music and video purchases - not to mention all of their apps and related data.
I believe you can delete it through the iCloud website.
So Apple’s new pro-consumer policy applies to everyone but Apple. Interesting, but not unexpected.
Visa cc passed new policy in 2020 and New York did in February 2021. So the infuriating practice of forcing us to call or go through chat loops to quit a basic subscription are numbered. I feel strongly enough that I started brightback.com in 2018 to help make online cancels easy for app/saas developers to offer while keeping it simple for the customer.
1/ not tell the user this info.
2/ keep track of the fact this account was flagged after the account was deleted, for instance by keeping a hash of the email address of the accounts that were flagged?
For all the people who fall prey to misleading tactics and don’t know how to cancel.
> @DHH - Jul 3, 2020
Given the Apple vs. Epic stuff going on, this may change soon -- In that case I'd also like to see rules against excessive retention tactics / dark patterns.
So, with a license like that, they can legally choose to keep showing your comment if they want to.
That said, I think dang will help delete things if you email to ask and have a good reason. I’ve done it with a couple of my comments.
Hi <real name>,
I’m sorry to disappoint, but Hacker News doesn’t delete entire accounts because that would gut the threads it participated in. We do sometimes remove specific comments if users are worried they’ll get in trouble, and we’re also working on the ability to rename accounts. Would either of those help?
Regards,
<name> (a moderator)
I don’t quite agree with it but have to recognise I have no leverage here.account = getAccount(); if (account.wasDeleted) { return emptyPdf(); }
Of course there might be hell to pay if the EU catches this, but well..
What is the issue around moderators of a service you signed up for, contacting you via the email you provided to use this service?
My email address is personal data and as such it's legally required to be
collected for specified, explicit and legitimate purposes and not further
processed in a manner that is incompatible with those purposes
Using it to contact me about my comments as a moderator is not compatible with using it to reset my password, which is the only specified, explicit purpose that I (could have had) supplied it for. “Relax," said the night man,
"We are programmed to receive
You can check out any time you like
But you can never leave!"Logically, after you check-out of a hotel you've surrendered your right to abode at that location - after that you're usually limited to common/shared areas like the lobby, bar, restaurant, maybe the pool - but excepting the lobby those places are closed at night - and they'd have security to remove people from the lobby if necessary - so as far as the Eagles' are concerned, what is it to "never leave" when you legally cannot stay?
https://gdpr-info.eu/art-17-gdpr/
It is confusing, bc the latter is sometimes also used to refer to index removal too.
> The song has been described as being "all about American decadence and burnout, too much money, corruption, drugs and arrogance; too little humility and heart." It has also been interpreted as an allegory about hedonism, self-destruction, and greed in the music industry of the late 1970s. Henley called it "our interpretation of the high life in Los Angeles", and later said: "It's basically a song about the dark underbelly of the American dream and about excess in America, which is something we knew a lot about."
Hotel California is, of course, not literally a hotel; it's a metaphor for an addictive and entrapping lifestyle, and your legal "right to abode at that location" is a real-world detail that doesn't really matter for the purposes of the metaphor. The singer wants to get out -- by "checking out" he has declared his intentions to leave the hotel, but the point of the song is that wanting to leave is not the same as actually leaving.
It's a bit more obvious if you consider the full verse:
> Mirrors on the ceiling / The pink champagne on ice / And she said: "We are all just prisoners here / Of our own device"
> And in the master's chambers / They gathered for the feast / They stab it with their steely knives / But they just can't kill the beast
> Last thing I remember, I was / Running for the door / I had to find the passage back / To the place I was before
> "Relax," said the night man / "We are programmed to receive / You can check out any time you like / But you can never leave!"
“iCloud is not an app and does not need a delete button through the same UI” is a double-standard cop out.
Delay the deletion by 2 weeks if it’s really that dangerous, but they should still allow it.
Simply uncheck everything e.g. Photos and it will be instantly removed.
iCloud is an "always on" cloud storage/sync service where you choose what data you want to use it for.
iCloud is not an app that you can download on the App Store. It is an ancillary service for the operating system.
Great pun. :-D
Any app could follow into your description, should they have an exception? 1Password doesn't need this? Backblaze? Amazon Photos?
I already gave a solution to the problem: Allow it, delay deletion. Apple does not need an exception to its own rule.
These rules are for apps on the App Store.
Edit to add: There may be a reasonable debate to be had over whether there should be some visible component of iCloud that has to be downloaded from the App Store before it can be used on an iDevice—or whether the App Store rules should be, by some means, applied to the entirety of what can/does run on an iDevice. But right now, neither of those are the case, and thus, though some may find the difference between "iOS" and "application running on iOS" frustratingly slim, Apple is not, in this instance, applying its rules inconsistently.