Apple Updates Privacy Rules for Notification Access on Third-Party Devices

Apple Updates Privacy Rules for Notification Access on Third-Party Devices

Apple has updated its Developer Program License Agreement with strict rules that control how third-party accessories handle forwarded notifications and Live Activities, as the company prepares to expand this access under new EU regulations.

The change ties directly to iOS 26.5 beta 1, where Apple added early support for forwarding notifications and Live Activities to third-party accessories, a feature that will roll out in the European Union to meet Digital Markets Act requirements.

Apple has already raised concerns about the risks tied to sharing notification data, especially because notifications can include sensitive personal information like messages, emails, and medical alerts.

In a previous statement shared on its Newsroom, Apple said:

“The DMA also lets other companies request access to user data and core technologies of Apple products. Apple is required to meet almost every request, even if they create serious risks for our users.

So far, companies have submitted requests for some of the most sensitive data on a user’s iPhone. The most concerning include:

The complete content of a user’s notifications: This data includes the content of a user’s messages, emails, medical alerts, and any other notifications a user receives. And it would reveal data to other companies that currently, even Apple can’t access.”

Apple has consistently warned that opening this data creates “serious risks,” and the company now moves forward with guardrails as compliance becomes mandatory.

Developers and accessories can and cannot do

Apple added a new section, 3.3.3 (J), that clearly limits how third-party accessories use forwarded data.

Here’s what the rules enforce:

  • Developers cannot use forwarded notification data for advertising, profiling, training AI models, or tracking location
  • Accessories cannot share this data with other apps, devices, or services
  • Developers cannot store this data on cloud servers unless it is strictly required for delivery
  • The data must stay encrypted and can only be decrypted on the accessory itself
  • Accessories cannot modify notification content in a way that changes its meaning
  • Encryption keys tied to this data cannot be shared with any other device

Apple also confirms that apps do not need to opt in for this system, since users control it at the system level.

These rules set a clear boundary, as Apple opens up access under regulatory pressure while trying to limit how far that access can go.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.