Apple Tightens Notification Privacy for Third-Party Apps
▼ Summary
– Apple has updated its Developer Agreement with new rules for how third-party accessories handle forwarded notifications and Live Activities, primarily for the EU due to DMA requirements.
– The company previously argued that opening notification data to third parties would create privacy risks, as it could expose sensitive content like messages and medical alerts.
– Under the new rules, third parties are prohibited from using forwarded data for advertising, profiling, training models, or location monitoring.
– The data cannot be shared with other apps or devices, stored remotely on cloud servers, or decrypted anywhere except on the user’s own accessory.
– Users will control this feature via a system-level setting, and apps do not need to explicitly support it for their data to be forwarded.
Apple has introduced stricter privacy requirements for third-party accessories that forward iPhone notifications and Live Activities. The company updated its Developer Program License Agreement to include a new section governing the Accessory Notifications Framework and Accessory Live Activities Framework. This move follows the European Union’s Digital Markets Act (DMA), which mandates interoperability, compelling Apple to open certain iOS features to third-party hardware in the region.
Previously, Apple expressed significant concerns about the DMA’s security implications. In a public statement last year, the company warned that the regulation could introduce new privacy threats by forcing it to grant data access to other firms. Apple highlighted that one of the most sensitive requests involved the complete content of user notifications, including messages, emails, and medical alerts. The company argued that while iOS is designed so that even Apple cannot access this content, third-party devices might not operate under the same constraints.
Despite these objections, Apple is now implementing the required access. The updated license agreement establishes clear boundaries for how third-party developers must handle forwarded data. A core rule prohibits using Forwarding Information for advertising, profiling, or training models. Companies are also barred from monitoring a user’s location through this data. The information cannot be shared with any other application or device beyond the specific accessory the user has configured.
The terms impose several other critical restrictions. Accessories cannot share the data or its associated encryption keys with any other device, including the user’s own iPhone. Developers must not alter the content’s meaning, though minor formatting changes for proper display are permitted. Remote storage on cloud servers is forbidden except when absolutely necessary for delivery to the accessory. Importantly, the data can only be decrypted on the accessory hardware itself, ensuring end-to-end security.
Apple also clarifies that app developers do not need to modify their applications to support this system. The forwarding of notifications to a third-party accessory will be managed entirely through a user-level setting, giving individuals control over the feature. This framework represents Apple’s attempt to balance DMA compliance with its longstanding commitment to user privacy, embedding strict safeguards into the technical and legal requirements for third-party partners.
(Source: 9to5Mac)
