Apple introduces privacy rules for accessing third-party notifications

Apple has updated its Developer Program License Agreement with new rules for how third-party accessories should handle push notifications and Live Actions. Here are the details.

A little context

Earlier today, we reported on new code introduced in iOS 26.5 beta 1 that points to upcoming Live Jobs support for third-party services in the EU.

Along with the push notification feature, which will allow third-party accessories to display iPhone notifications, this will be exclusive to EU users as part of the interoperability requirements of the Digital Markets Act.

Last year, it published a statement in its Newsroom, arguing that DMA would not only cause delays in the release of new features in Europe, but also introduce “new threats to privacy and security.” Here is Apple:

The DMA also allows other companies to request access to user data and the underlying technology of Apple products. Apple is required to meet almost all requests, even if they pose a significant risk to our users.

Until now, companies have sent requests for the most sensitive data on a user’s iPhone. The most common ones include:

Complete content of user notifications: This data includes the content of user messages, emails, medical alerts, and any other notifications received by the user. And it will disclose information to other companies at the moment, even Apple has no access to. “

In other words, Apple argued that while it designed iOS so that it could not access the content of notifications, the same would not be true for third-party devices if you were required to open that data to them.

As of today, that argument has not been successful, and Apple is working to unlock this access as required by DMA.

Apple announces strict rules for reporting and transferring Live Actions

Earlier this evening, Apple updated the Developer Program License Agreement with, among other things, a new section: 3.3.3 (J), Support Notification Framework and Support Live Activity Framework.

In it, Apple says that third parties “may not use Referral Information for advertising, profiling, training models, or site monitoring,” and they are not allowed to “distribute Referral Information to any other application, or any other device” without the user’s access to that information.

The conditions also state:

Services cannot share this data, or the encryption keys tied to it, with any other device, including the user’s iPhone.
Nor can they change the content in a way that changes its meaning, beyond what may be necessary to display it correctly.
Developers are prohibited from storing this data remotely, such as on cloud servers, unless it is absolutely necessary to deliver it to the device.
Data can be decrypted on the device itself, and nowhere else.

Finally, Apple reminds developers that applications do not need to support the system in order for their data to be shared with third-party services, as this will be controlled by user-level settings.

To read Apple’s new Developer Program License Agreement, follow this link.