Billing Compliance Under the Microscope
Cal AI, a calorie-tracking app owned by MyFitnessPal, was pulled from the App Store last week after violating multiple guidelines around in-app purchase implementation and billing design. The removal came just over a month after MyFitnessPal acquired the app for an undisclosed sum.
The violations centered on how Cal AI integrated its new payment flow. While the app adopted external billing through Stripe โ now permitted under updated App Store terms following the Epic ruling โ it failed to present Apple's wiki:in-app-purchase option alongside the external method, a requirement for non-reader apps. Instead, Cal AI bypassed the mandatory IAP flow entirely, pushing users exclusively toward its own payment system.
Beyond the structural omission, the app employed what Apple described as deceptive design patterns. Weekly pricing was displayed more prominently than the actual billed amount, obscuring the true cost. A free trial toggle failed to make automatic renewal terms clear. Users who declined the initial subscription were then prompted with a second, different subscription flow, generating negative reviews and confusion.
Apple cited violations of at least three guidelines: 3.1.1 (in-app purchase requirements), 3.1.2c (subscription clarity), and 5.6 (manipulative practices). Cal AI returned to the App Store after correcting the issues and currently ranks #4 in Health & Fitness, two spots above MyFitnessPal's main app.
The episode demonstrates that external payment permission does not mean a free pass. Apple is actively policing how developers implement alternative billing, ensuring IAP remains visible and that wiki:conversion-rate-optimization-cro tactics do not cross into manipulation.
Regional Compliance Demands Multiply
Brazil's Ministry of Justice and Public Safety notified Apple and Google on Friday over the availability of betting apps to minors on their app stores. The National Secretariat for Digital Rights and the National Consumer Secretariat sent letters highlighting "countless apps" that either offer or facilitate underage access to gambling, many lacking federal authorization and violating the new ECA Digital law.
ECA Digital establishes protective rules for minors in digital environments, including restrictions on access to gambling and age-gated content. The decree requires app stores and operating systems to prevent availability of lottery or betting products not authorized by competent authorities. Among the flagged apps are variants of Fortune Tiger, a slot-style betting game that has surged in popularity across Latin America.
Apple recently expanded App Store age assurance tools to Brazil. Developers using the Declared Age Range API can now obtain a user's age group when shared by the user or guardian. Apps declaring loot boxes in their age rating questionnaire are automatically updated to 18+. Despite these tools, the ministry's notification signals that enforcement gaps remain and that regional regulators are prepared to demand tighter controls.
Apple declined to comment. Google stated it reminded developers of their responsibility to comply with ECA Digital requirements and noted that age ratings on Google Play reflect Brazil's Ministry of Justice criteria through the IARC self-reported questionnaire system.
Antitrust Penalties Loom in India
Apple is on track for a final antitrust hearing in India on May 21 after refusing to submit financial data demanded by the Competition Commission of India (CCI). The regulator published a report in 2024 concluding that Apple exploited its dominant position in the apps market by forcing developers to use its proprietary in-app purchase system. The case began in 2021 following a complaint from a non-profit group.
Apple initially argued it holds only minor presence in India, citing a 4% smartphone market share at the time. That figure has since doubled to approximately 9%, per Counterpoint Research, potentially weakening the company's defense. The CCI typically requires financial information to calculate penalties when violations are found. Apple has cited a separate case pending in Delhi High Court challenging India's antitrust penalty law, arguing that using global turnover to calculate fines would be "manifestly arbitrary, unconstitutional, grossly disproportionate, and unjust."
The company has not submitted financial details or views on the investigation since October 2024. In March, Apple requested the CCI put proceedings "in abeyance" while the High Court case plays out. The CCI rejected that demand, suggesting Apple is attempting to stall. The commission has given Apple two more weeks to file responses.
Apple has said it fears a fine of up to $38 billion if the CCI applies its global turnover to the calculation. Antitrust lawyers note that if Apple does not comply with the financial disclosure requirement, it may forfeit its opportunity to dispute the size of the penalty. This is one of many antitrust cases Apple faces globally, but the potential scale of the Indian fine and the regulator's hardening stance make it particularly significant for the company's wiki:app-store-policy risk profile.
Network Security Requirements Tighten
Ahead of WWDC 2026, Apple published a support document warning IT administrators and device management service developers of stricter network security requirements coming in iOS 27, macOS 27, and other operating systems. The document states that Apple operating systems will refuse connections to servers with outdated or non-compliant TLS configurations due to additional security requirements.
Administrators are advised to audit their environments to identify servers that do not meet the new standards, with Apple noting that updates may require significant time, especially for servers maintained by external vendors. The document provides instructions on testing for potential connection errors and making adjustments ahead of the expected fall release.
While not directly relevant to most individual users, the network security tightening could have downstream implications for app developers relying on legacy server infrastructure or third-party services with outdated configurations. It is another layer of compliance pressure in a release cycle already expected to bring significant changes.
First Amendment Constraints on Government Coercion
A federal judge granted creators of ICE Sightings and Eyes Up a preliminary injunction blocking the Trump administration from coercing platforms to remove these projects. Judge Jorge L. Alonso of the United States District Court for the Northern District of Illinois found that plaintiffs are likely to succeed in their case alleging that the government suppressed protected speech under the First Amendment by strong-arming Facebook and Apple.
The ruling addresses a sequence of events in which the White House condemned apps allowing users to report sightings of ICE agents, the US Attorney General warned developers to "watch out," and Apple subsequently removed ICEBlock from the App Store. The House Judiciary Committee launched an investigation into whether the DOJ applied unlawful pressure.
The Foundation for Individual Rights and Expression (FIRE), backing the plaintiffs, said it was "extremely encouraged" by the ruling. The injunction does not resolve the underlying question of whether Apple acted independently or under government pressure, but it establishes a preliminary boundary on executive branch influence over content moderation decisions by app store platforms.
Takeaways for Practitioners
The convergence of enforcement actions, regulatory demands, and legal rulings underscores a rapidly shifting compliance environment:
- Billing flows require meticulous adherence to guidelines even when external payments are permitted. IAP must remain visible, pricing must be transparent, and renewal terms must be unambiguous.
- Regional requirements are diverging. Age verification, content restrictions, and authorization mandates vary by jurisdiction. Localization is no longer just language and metadata โ it is regulatory compliance.
- Antitrust exposure is no longer hypothetical. Apple's refusal to cooperate with India's CCI may result in a precedent-setting penalty, signaling that regulators are willing to impose maximum statutory fines when companies stonewall.
- Government pressure on content moderation is subject to First Amendment constraints in the US, but the line between lawful advocacy and unlawful coercion remains contested and fact-specific.