Multiple High-Profile Rejections Signal Active Enforcement
Apple removed the Cal AI calorie-tracking app from the App Store in late April after the developer attempted to implement a Stripe-based payment flow that bypassed the required wiki:in-app-purchase option. The app returned within days after addressing three distinct guideline violations: failing to display Apple's IAP alongside the external payment link, presenting weekly pricing more prominently than the actual billed amount, and obscuring automatic renewal terms behind a confusing free-trial toggle.
The incident demonstrates that Apple's app review team is actively policing how developers implement web payments—even though a court ruling in the Epic Games lawsuit now permits external payment links for most apps. Non-reader apps must still offer Apple's IAP as a checkout option; reader apps (those providing subscription access to books, audio, music, or video) remain the only category exempt from this requirement.
Cal AI also violated Apple's Developer Code of Conduct by prompting users who declined an initial subscription with a second, different purchase flow. Negative user reviews accumulated rapidly, with customers describing the payment experience as scam-like. The app returned to the store after corrections and now ranks fourth in the Health & Fitness category—two spots above its parent company MyFitnessPal, which acquired Cal AI in March.
Regional Compliance Demands Intensify
Brazil's Ministry of Justice and Public Safety notified Apple and Google on April 19 over the availability of betting apps to minors. The National Secretariat for Digital Rights and National Consumer Secretariat cited "countless apps" offering or facilitating minor access to gambling, many lacking federal authorization required under the ECA Digital law.
The law establishes rules protecting minors in digital environments and mandates that app stores prevent products enabling access to unauthorized lotteries or fixed-odds betting. Among the flagged apps were alternatives to the Fortune Tiger slot-style game, popular in Brazil as "Jogo do Tigrinho."
Apple recently expanded wiki:app-store-locale-system age assurance tools to Brazil and other regions. Developers using the Declared Age Range API can obtain a user's age group when the user (or parent/guardian) agrees to share it. Any app declaring loot boxes in its age rating questionnaire now automatically receives an 18+ rating in the country.
The betting-app notification adds to a string of App Store content moderation challenges, including the recent removal of "nudifying" apps and a fraudulent crypto wallet that allegedly stole over $10 million.
Court Limits Government Pressure on Content Decisions
A federal judge granted a preliminary injunction blocking the Trump administration from coercing Apple and Google to remove apps tracking US Immigration and Customs Enforcement activity. Judge Jorge L. Alonso of the Northern District of Illinois found that the creators of ICE Sightings and Eyes Up are likely to succeed in their argument that the government suppressed speech protected by the First Amendment.
The ruling follows a February controversy in which the White House condemned ICEBlock, an app reporting ICE agent sightings. The US Attorney General subsequently warned the developer to "watch out," and Apple removed the app. House lawmakers then asked Apple what steps it was taking to prevent similar tools from being uploaded; the House Judiciary Committee launched an investigation into whether the Department of Justice applied unlawful pressure.
The injunction pending a full hearing establishes that platforms cannot be strong-armed into app removal decisions on content created using publicly available information. The Foundation for Individual Rights and Expression, backing the plaintiffs, described the ruling as "extremely encouraging."
Network Security Requirements Tighten Ahead of iOS 27
Apple published a rare advance warning for IT administrators and device management developers: iOS 27, macOS 27, and other forthcoming operating systems will enforce stricter network security requirements. The support document, released April 21 ahead of the June 8 WWDC 2026 keynote, states that system processes may refuse connections to servers with outdated or non-compliant TLS configurations.
Administrators are advised to audit their environments and identify servers failing to meet the new standards. The document notes that updating server configurations—especially for those maintained by external vendors—may require significant lead time. While the change primarily affects enterprise and managed-device scenarios, it signals a broader platform-level shift toward enforcing modern security protocols.
Leadership Transition Context
Tim Cook announced in late April that he will step down as Apple CEO in September, handing leadership to hardware chief John Ternus. The transition arrives as Apple's App Store business model faces sustained pressure: the 30% commission rate is under legal and regulatory challenge, and a resurfaced 2020 email exchange revealed that Apple executive Eddy Cue once suggested increasing the subscription take rate to 40%—arguing Apple was "leaving money on the table" at 30%.
Ternus inherits an ecosystem shaped by decades of Cook's tenure but now navigating redefined developer relations, fragmented regional compliance demands, and a post-Epic legal landscape that permits alternative payment methods while maintaining strict guardrails on their implementation. The Cal AI enforcement episode, Brazilian age-control scrutiny, and the ICE-tracker court ruling collectively illustrate the complexity of operating a global app distribution platform under conflicting policy, legal, and governmental pressures.
Practitioner Implications
- IAP implementation: Even with external payment links permitted, wiki:app-store-submission-process requires Apple's IAP remain visible and accessible. Deceptive billing design—obscured renewal terms, misleading price displays, secondary upsell prompts—triggers removal regardless of payment provider.
- Regional age controls: Apps targeting markets with minor-protection laws must implement robust age verification and ensure compliance with local authorization requirements for age-gated content categories.
- Network security: Enterprise and B2B apps should audit backend TLS configurations before iOS 27 ships to avoid connection failures in managed environments.
- Content moderation disputes: Developers facing government pressure to remove lawful content now have preliminary legal precedent supporting First Amendment protections, though the full scope of platform liability remains unsettled.