As
of June 30, to upload or update an app that allows creating accounts, options to delete them must be provided.

Privacy, as well as the rights of users to revert or completely cancel the relationship created through an app account is an extremely important issue. Related legislation has been passed in several countries and regions around the world, strict regulations exist, and different providers and companies enforce or at least encourage compliance with this policy in different ways.

This is about privacy, security, and the quality of experience expected by users.

More specifically, Apple has recently announced the following: 

“Starting June 30, 2022, apps submitted to the App Store that support account creation must also let users initiate deletion of their account within the app.” 

Apple has prepared a comprehensive guide containing the requirements to be met:  https://developer.apple.com/support/offering-account-deletion-in-your-app. In addition, it has reviewed the apps currently in the Apple Store and issued a specific warning for those that support user creation or have ‘Sign in with Apple’ functionality: “Apps that support Sign in with Apple should use the Sign in with Apple REST API to revoke user tokens.”

GeneXus provides a module that addresses these requirements to enable developers to easily create and maintain secure applications. The GeneXus Access Manager (GAM) has an API that, in addition to creating user accounts, also allows deleting them—logically or even physically. GeneXus-generated apps provide ‘Sign in with Apple’ functionality, which is enabled with a specific property: ‘Enable Sign in with Apple’.

For this reason, GeneXus developers must review their apps and their next releases, and eventually provide these options to delete users (and revoke tokens).

Here are some links that may be useful in these cases:

• How to delete users 
• How to revoke tokens 

In sum: If your app is in the Apple Store and allows creating user accounts or provides ‘Sign in with Apple’ functionality, any future updates must also provide the ability to delete users and revoke tokens. 

Note that this is good practice in any case, including for apps published in other stores, or solutions in general that support account creation or login with external providers.