{"id":31979,"date":"2021-03-23T14:57:28","date_gmt":"2021-03-23T18:57:28","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=31979"},"modified":"2025-06-30T14:20:49","modified_gmt":"2025-06-30T18:20:49","slug":"protonvpn-security-updates-rejected-due-to-previously-approved-app-description","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/03\/23\/protonvpn-security-updates-rejected-due-to-previously-approved-app-description\/","title":{"rendered":"ProtonVPN Security Updates Rejected Due to Previously Approved App Description"},"content":{"rendered":"

Andy Yen<\/a> (Hacker<\/a> News<\/a>, MacRumors<\/a>, 9to5Mac<\/a>):<\/p>\n

ProtonMail is not the only Proton app being used by activists and protesters in Myanmar. For the past month, the Myanmar military has forced the national telecom companies to regularly shut down the internet and block access to social media to prevent damaging evidence from getting out.<\/p>\n

[…]<\/p>\n

On the same day the UN recommended Proton apps, Apple suddenly rejected important updates to our ProtonVPN iOS app. These updates include security enhancements designed to further improve safeguards against account takeover attempts which could compromise privacy.<\/p>\n

Apple says it blocked our security updates because our app description in the App Store, which we have used without issue for months, mentions ProtonVPN is a tool to “challenge governments… and bring online freedom to people around the world”. Given the current context, Apple’s actions could not be more insensitive.<\/p>\n<\/blockquote>\n\n

Apple says that the description violates section 5.4<\/a> of the guidelines, but that section doesn’t say anything about how the app is presented:<\/p>\n\n

\n

Apps offering VPN services must utilize the NEVPNManager API and may only be offered by developers enrolled as an organization. You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. Apps offering VPN services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. VPN apps must not violate local laws, and if you choose to make your VPN app available in a territory that requires a VPN license, you must provide your license information in the App Review Notes field. Parental control, content blocking, and security apps, among others, from approved providers may also use the NEVPNManager API. Apps that do not comply with this guideline will be removed from the App Store and you may be removed from the Apple Developer Program.<\/p>\n<\/blockquote>\n\n

Apple does not allege that the app violates local laws. Furthermore, if there’s no legal issue, the app should be approved based on the August 2020 rule that updates aren’t delayed over guidelines violations.<\/p>\n\n

Tim Sweeney<\/a>:<\/p>\n

\n

Apple: We need an absolute monopoly on app distribution to protect security.<\/p>\n

Apple: <blocks security updates because a developer speaks about human rights><\/p>\n<\/blockquote>\n\n

Francisco Tolmasky<\/a>:<\/p>\n

The future is more cases like HKMap.live & ProtonVPN. This is the real issue w\/the \n@AppStore: Apple has chosen to put itself at the center of every international issue. If iOS had side-loading, they could say “you can still ship, it doesn’t have to be in our<\/em> store.<\/p>\n

[…]<\/p>\n

Apple and Tim Cook can wax poetic about values during keynotes all they want, but the actions they take represent their true values. And the @AppStore creates a clear and undeniable binary demarcation of what they approve of and what they don’t.<\/p><\/blockquote>\n\n

Previously:<\/p>\n