App Review Guidelines, AI Apps, and App Spamming
It has been nearly a year since I wrote about app spamming, in particular, ChatGPT-like apps. Many of them simply used ChatGPT and charged extra to the end users who didn’t know it wasn’t from the official developer. Their icons were often nearly identical to OpenAI’s, and dare I say, deliberately designed to be confused with the original.
The new App Store guideline published this Thursday seems to hint Apple may begin a crackdown on these app spams, in particular, the AI kinds. There were two parts of the changes I believe would filter out the “spams” from the official apps: “4.1 Copycats” and “5.1.2 Data Use and Sharing”. If a supposed spam app had an imitating appearance with a similar functionality, it will first be vetted by 4.1. The app then has to communicate with the users that the services use a third-party AI service. In theory, most spams could be stopped — not that it will stop unethical practices.
“Data Use and Sharing” sounds awfully similar to how many of the updated privacy regulations are written around the world. Apple’s focus on privacy might as well be another marketing ploy, but the regulatory bodies enforcing the similar texts are not in business of selling new gadgets. Spam app developers — if we could call them developers — are not interested in adhering to the new codes, let alone some arbitrary guidelines from a private company. Some apps will always sneak in, irregardless of punitive measures.
Same goes with “Copycats”. We are at an age where an algorithm can produce an image that looks similar yet is legally distinct. With enough malicious intent, an app developer can use an AI to make a spam AI app. Apple could rein in, but it is easily avoidable. Off the top of my head, one could imagine using two or more AI services then label it as “universal” AI app, only with walls of ads and subscriptions. I doubt Apple is willing to die on this hill.
There is only so much a private or public organization can hold off. I doubt GDPR or any regulations will put an end to repackaging spams. Traditionally, we were told these hackers would go after military databases in a secure facility; in reality, the real attacks are done by random programmers with less than stout moral make exploitative apps fishing for one in million average users who would fall for it. Guidelines and regulations come after the deed is done against a user. Proactive protections are still to be done by the users.