Privacy

    Why did Apple reject my app under Guideline 5.1.2?

    An App Store Connect Resolution Center notice citing Guideline 5.1.2 Data Use and Sharing beside an iOS settings screen showing a third-party AI consent toggle for an LLM provider

    Your build cleared processing in App Store Connect, then Resolution Center returned a rejection under Guideline 5.1.2 with a short note about disclosure, third-party sharing, or App Tracking Transparency. The wording sounds generic, but the rejection itself is structured: Apple is pointing at a gap between what your app does and what the user was told.

    Short answer

    Guideline 5.1.2 is the Data Use and Sharing clause of the App Review Guidelines. Apple uses it when your app collects, transmits, or shares personal data in a way that does not match the consent the user gave, the disclosures in your privacy policy, or the App Privacy declarations in App Store Connect. Since November 13, 2025, the clause explicitly names third-party AI as a category requiring its own disclosure and explicit permission, per Apple's App Review Guidelines section 5.1.2.

    What you should know

    • Guideline 5.1.2 has seven subsections, (i) through (vii). Most rejections trace back to (i) or (ii), and most of those involve tracking or third-party sharing without explicit consent.
    • Third-party AI is now a regulated data-sharing category. Apple updated 5.1.2(i) on November 13, 2025 to require explicit disclosure when personal data is sent to services like OpenAI, Anthropic, or Google Gemini.
    • ATT consent is enforced by behavior, not just disclosure. Apps that drop tracking cookies or use device fingerprinting after a user selects Ask App Not to Track violate 5.1.2 regardless of what the privacy policy says.
    • Your App Privacy declaration must match the binary. A nutrition label that omits a data type the SDK actually collects is a 5.1.2(i) finding when a reviewer spots it.
    • Repurposing collected data needs new consent. Subsection (ii) covers cases where data gathered for one feature gets reused for another, like analytics data feeding an ad recommender without a fresh permission prompt.

    What does Guideline 5.1.2 actually cover?

    The short answer is the whole lifecycle of personal data inside your app: collection, transmission, sharing, repurposing, and the consent UI that gates it.

    The clause text from Apple's App Review Guidelines section 5.1.2 splits into seven subsections. Subsection (i) is the catch-all on consent and third-party sharing, and where the November 2025 update added the "including with third-party AI" language. Subsection (ii) covers repurposing. Subsection (iii) blocks surreptitious profile-building from data collected through Apple APIs. Subsections (iv) and (v) regulate Contacts and Photos access. Subsection (vi) restricts how HealthKit, HomeKit, ClassKit, and ARKit data can be used. Subsection (vii) limits Apple Pay data sharing.

    In practice, reviewers cite 5.1.2 without naming the subsection in many rejections. The Resolution Center message usually contains a phrase that identifies the actual subsection: "users are tracked without permission" points at (i); "data is used for purposes beyond the original consent" points at (ii); "your app builds a profile" points at (iii); messaging features that pre-select contacts point at (v).

    ClauseWhat it ownsCommon trigger
    5.1.1(i)Privacy policy linkNo URL, broken URL, or missing policy in App Store Connect
    5.1.1(v)Account deletionNo in-app delete-account flow for apps that allow account creation
    5.1.2(i)Third-party sharing, ATT, third-party AI consentTracking after ATT denial; AI calls without explicit disclosure
    5.1.2(ii)Repurposing dataAnalytics data reused for ad targeting without new consent
    5.1.2(iii)Profile buildingReconstructing user identity from data the policy labels as anonymized
    5.1.2(vi)HealthKit, HomeKit, ClassKit, ARKit dataHealth data sent to an advertising SDK

    Why did Apple flag my app for third-party AI under 5.1.2(i)?

    The short answer is that since November 13, 2025, sending user content to an external AI provider counts as sharing personal data with a third party, and Apple treats it like ATT-style sharing.

    TechCrunch reported the change on November 13, 2025, and the guideline text now reads: "You must clearly disclose where personal data will be shared with third parties, including with third-party AI, and obtain explicit permission before doing so." The clause is effective immediately, which means apps already in production are in scope on their next submission.

    What triggers the requirement: sending user messages, voice recordings, photos, documents, or other personal content to a third-party LLM (OpenAI, Anthropic, Google Gemini, Mistral, Cohere) or to a cloud transcription, vision, or recommendation service. On-device inference with Core ML or Apple Foundation Models does not trigger it, because the data does not leave the device.

    What Apple expects: a disclosure inside the app, before the first call to the third-party AI provider, that names the provider, explains the purpose, and requests explicit consent. A line in the privacy policy is not sufficient. A bundled "I agree to the Terms" checkbox is not sufficient. The consent has to be specific to the AI sharing.

    What should the in-app disclosure look like to clear 5.1.2(i)?

    The short answer is a screen, dialog, or sheet that names the third party, explains the purpose, requests explicit consent, and remembers the answer.

    The pattern most apps converge on after the November 2025 update is a sheet that appears the first time the user invokes an AI-backed feature. The sheet identifies the provider by name ("This feature sends your message to OpenAI to generate a response"), explains the data category ("the text you type in chat, no other data"), names the purpose ("to produce the AI reply you see"), and offers two clear buttons: Allow and Don't Allow. The choice is stored, and the app provides a Settings entry to change it later.

    What does not clear the gate: a vague "data may be shared with service providers" line in the privacy policy; a checkbox during onboarding bundled with terms acceptance; a banner that disappears after three seconds; a disclosure that names a category ("AI providers") instead of the actual vendor. Reviewers tend to attach a screenshot of the AI feature being used without the disclosure, which is a common pattern in recent Resolution Center messages on the Apple Developer Forums.

    For builders shipping AI features with Claude Code, Cursor, or FlutterFlow, the disclosure has to live in the native shell of the app, not in the LLM-generated content itself. A markdown line emitted by the model is not a consent UI.

    How do I check my build for 5.1.2 risk before resubmitting?

    The short answer is to audit the binary's network calls, the App Privacy declaration, and the in-app consent UI together.

    Three checks cover most of the 5.1.2 surface. First, list the third-party hosts the app contacts. A tool like mitmproxy or Charles Proxy on a development device makes this visible. For each host that is not your own backend, ask: is this disclosed in the App Privacy section, and does the data sent there require explicit user consent under 5.1.2(i)?

    Second, walk the app with App Tracking Transparency denied. Open the app on a device, deny ATT, and exercise every feature that could collect or share data. If any network call still carries a tracking identifier, a hashed email, or a fingerprint that could resolve to the user across apps, the build will trigger 5.1.2(i) when a reviewer runs the same walk.

    Third, compare the App Privacy declaration in App Store Connect line by line against the actual SDKs in the bundle. The App Privacy nutrition label is what a reviewer sees first, and a mismatch between the label and the binary is one of the clearest 5.1.2(i) triggers.

    For teams that want an automated pre-submission read of the compiled IPA against the OWASP MASVS controls on data storage and network traffic, PTKD.com (https://ptkd.com) is one of the platforms focused on scanning AI-coded and no-code builds before they reach App Store Connect. The scan flags third-party hosts the binary contacts, surfaces data types the SDKs collect, and lines them up against the App Privacy declaration so any mismatch is visible before submission.

    What to watch out for

    The first trap is treating the November 2025 third-party AI clause as forward-looking. Apple's update is effective immediately, per its publication in the live App Review Guidelines. An app shipped in October 2025 that calls OpenAI without explicit consent will be rejected on its next submission, even if the version under review is a bug fix that does not change the AI feature.

    The second trap is conflating ATT consent with 5.1.2 consent for third-party AI. ATT covers cross-app tracking and the IDFA. The third-party AI disclosure is separate. An app can have ATT denied and still legitimately send a user-typed message to an LLM, provided a separate, specific consent was obtained for the AI feature.

    The third trap is assuming that on-device AI is automatically out of scope. It is, when the data does not leave the device. If the app sends a transcript to a cloud LLM after on-device speech recognition completes, the cloud call still triggers 5.1.2(i). The boundary is the network call, not the inference style.

    The fourth trap is updating the privacy policy without updating the App Privacy declaration. Reviewers cross-reference the in-app disclosure, the privacy policy text, and the App Privacy section of App Store Connect. All three need to say the same thing about what is shared and with whom.

    Key takeaways

    • Guideline 5.1.2 covers the full lifecycle of personal data inside the app: collection, transmission, sharing, repurposing, and consent. Most rejections trace back to subsection (i).
    • The November 13, 2025 update to 5.1.2(i) made third-party AI a regulated sharing category. Any app sending personal data to OpenAI, Anthropic, Google Gemini, or another LLM provider needs a specific in-app disclosure and explicit consent, not just a privacy policy line.
    • ATT consent and third-party AI consent are separate. An app can have one without the other, and reviewers check both against the binary's actual network calls.
    • The App Privacy declaration in App Store Connect must match what the binary does. A nutrition label that omits a data type the SDK collects is a 5.1.2(i) finding once a reviewer notices it.
    • Some teams pair AI app submissions with an external pre-submission scanner. PTKD.com (https://ptkd.com) is one of the platforms focused on automated scanning of compiled mobile builds against OWASP MASVS and Apple's data sharing rules before they reach App Store Connect.
    • #app store
    • #guideline 5.1.2
    • #data sharing
    • #privacy
    • #third-party ai
    • #att
    • #app review
    • #ios

    Frequently asked questions

    What is the difference between Guideline 5.1.1 and 5.1.2?
    Section 5.1.1 covers data collection and storage: privacy policy presence, Privacy Manifest accuracy, account deletion flows. Section 5.1.2 covers data use and sharing: who you send data to, what you reuse it for, and whether the user gave explicit consent. The same submission can be rejected under both clauses at once, since storage gaps and sharing gaps are evaluated independently by App Review.
    Do I need a separate consent screen for OpenAI or other LLMs after the November 2025 update?
    Yes. If your app sends any personal data to OpenAI, Anthropic, Google Gemini, or another third-party AI service, you need an in-app disclosure that names the provider, explains the purpose, and requests explicit consent before the first call. A line in the privacy policy or a bundled terms checkbox is not sufficient under the November 13, 2025 update to Guideline 5.1.2(i).
    Does on-device AI processing trigger Guideline 5.1.2?
    No. When inference runs on-device with Core ML or Apple Foundation Models and the data does not leave the device, the third-party sharing requirement does not apply. The boundary is the network call. If your app runs speech-to-text on-device and then sends the transcript to a cloud LLM, the cloud call still triggers 5.1.2(i) and needs its own disclosure and consent.
    Can a 5.1.2 rejection be fixed without releasing a new binary?
    Sometimes, when the issue is in the App Privacy declaration in App Store Connect or in metadata like the privacy policy URL. Update the declaration, push it, and reply in Resolution Center referencing the change. When the rejection points at in-app behavior, such as tracking after ATT denial or a missing AI consent UI, you need a new binary that adds the disclosure or removes the tracking before resubmitting.
    Does using Apple's Private Relay change the 5.1.2 picture for third-party sharing?
    No. Private Relay protects users browsing Safari, not data your app intentionally transmits to a third party. If your app sends a user message to OpenAI through your own backend, you are still sharing personal data with a third party under 5.1.2(i). Private Relay does not change who receives the data, only how the IP address is masked at the network layer for browsing traffic.

    Keep reading

    Scan your app in minutes

    Upload an APK, AAB, or IPA. PTKD returns an OWASP-aligned report with copy-paste fixes.

    Try PTKD free