In-app account deletion mechanism is present and accessible

ab-000477 · app-store-privacy-data.data-handling.in-app-account-deletion

Severity: criticalactive

Why it matters

Apple has required in-app account deletion for all apps that allow account creation since June 2022 (external apple-guideline-5.1.1). Apps that route users to an email address or external form for deletion are rejected on every submission, not just the first. Beyond the rejection risk, failing to provide in-app deletion violates GDPR Art.17 (right to erasure) and CCPA §1798.105 (right to deletion) — both of which require that deletion be initiatable by the user without unreasonable friction. 'Email us to delete your account' does not satisfy either regulation.

Severity rationale

Critical because Apple rejects every submission that creates user accounts without in-app deletion — there is no exception or deferral, and GDPR Art.17 requires erasure be technically possible.

Remediation

Add a 'Delete Account' option accessible from your settings or account management screen. The complete flow: Settings → Delete Account → confirmation dialog ('This cannot be undone') → API call → sign out + navigate to login.

For Supabase, call the deletion from a secure server-side function — never from the client with a service role key:

// Supabase Edge Function: delete-account.ts
await supabase.from('user_files').delete().eq('user_id', userId);
await supabase.from('posts').delete().eq('user_id', userId);
await supabase.from('profiles').delete().eq('id', userId);
await supabase.auth.admin.deleteUser(userId);

If a 30-day recovery window applies, inform the user clearly before they confirm. The deletion option must be navigable from within the app — no external links or support emails.

Detection

ID: in-app-account-deletion
Severity: critical
What to look for: Count all relevant instances and enumerate each. Apple has required in-app account deletion for all apps with account creation since June 2022. Search for delete/deactivate account UI: components or screens with names containing DeleteAccount, delete-account, RemoveAccount, DeactivateAccount, CloseAccount in .tsx, .jsx, .dart, .swift, .kt files. Search for string literals "delete account", "remove account", "deactivate account", "close account", "delete my account" in the source. Check settings screen(s) for a deletion option — look at files named Settings, Account, Profile, AccountSettings, ProfileSettings. Verify the flow: (a) is it accessible from within the app (not requiring users to email support or visit a website)? (b) does it make an API call that actually deletes the account? (c) is there a confirmation step before deletion? Also verify on the backend side: look for DELETE /api/user, DELETE /api/account, deleteUser(), auth.admin.deleteUser() (Supabase), user.delete() (Firebase) or equivalent server-side handler. Note: redirecting to a privacy policy or external form is not sufficient — deletion must be initiatable from within the app.
Pass criteria: The app has an in-app UI for account deletion accessible from settings or account management. At least 1 implementation must be verified. The deletion flow completes (makes an API call, deletes the account server-side). A confirmation step is present before irreversible deletion.
Fail criteria: No in-app account deletion found; deletion requires contacting support by email; deletion option exists in UI but makes no API call (stubbed); no server-side deletion endpoint exists.
Skip (N/A) when: App has no user accounts — no authentication, no account creation, no persistent user profile tied to a user identity.
Detail on fail: "No account deletion UI found in settings screens — users must email support to delete their account, which violates Apple App Store guideline 5.1.1" or "'Delete Account' button exists in src/screens/Settings.tsx but calls a stub function with no API request"
Remediation: Apple will reject apps that create accounts but don't provide in-app deletion. This is enforced on every new submission and update.
1. Add a "Delete Account" option to your settings or account management screen
2. The flow must be: Settings → Delete Account → Confirmation dialog ("Are you sure? This cannot be undone.") → Deletion API call → Sign out + navigate to login
3. Server-side deletion must remove or anonymize all personal data associated with the account within a reasonable timeframe (commonly 30 days)
4. If using Supabase, call supabase.auth.admin.deleteUser(userId) from a secure server-side function (never from the client with service role key)
5. If a grace period applies (e.g., 30-day recovery window), inform the user clearly before confirming
Review the configuration in src/ or app/ directory for implementation patterns.

External references

gdpr · Art.17 — Right to erasure ('right to be forgotten')
ccpa · §1798.105 — Right to deletion of personal information
external · apple-guideline-5.1.1 — App Store Review Guideline 5.1.1 — Data Collection and Storage: account deletion required

Taxons

regulatory-conformance privacy-consent

History

2026-04-18·v1.0.0·Initial import from app-store-privacy-data·automated

Why it matters

Remediation

For Supabase, call the deletion from a secure server-side function — never from the client with a service role key:

// Supabase Edge Function: delete-account.ts
await supabase.from('user_files').delete().eq('user_id', userId);
await supabase.from('posts').delete().eq('user_id', userId);
await supabase.from('profiles').delete().eq('id', userId);
await supabase.auth.admin.deleteUser(userId);

If a 30-day recovery window applies, inform the user clearly before they confirm. The deletion option must be navigable from within the app — no external links or support emails.

Detection

ID: in-app-account-deletion
Severity: critical
What to look for: Count all relevant instances and enumerate each. Apple has required in-app account deletion for all apps with account creation since June 2022. Search for delete/deactivate account UI: components or screens with names containing DeleteAccount, delete-account, RemoveAccount, DeactivateAccount, CloseAccount in .tsx, .jsx, .dart, .swift, .kt files. Search for string literals "delete account", "remove account", "deactivate account", "close account", "delete my account" in the source. Check settings screen(s) for a deletion option — look at files named Settings, Account, Profile, AccountSettings, ProfileSettings. Verify the flow: (a) is it accessible from within the app (not requiring users to email support or visit a website)? (b) does it make an API call that actually deletes the account? (c) is there a confirmation step before deletion? Also verify on the backend side: look for DELETE /api/user, DELETE /api/account, deleteUser(), auth.admin.deleteUser() (Supabase), user.delete() (Firebase) or equivalent server-side handler. Note: redirecting to a privacy policy or external form is not sufficient — deletion must be initiatable from within the app.
Pass criteria: The app has an in-app UI for account deletion accessible from settings or account management. At least 1 implementation must be verified. The deletion flow completes (makes an API call, deletes the account server-side). A confirmation step is present before irreversible deletion.
Fail criteria: No in-app account deletion found; deletion requires contacting support by email; deletion option exists in UI but makes no API call (stubbed); no server-side deletion endpoint exists.
Skip (N/A) when: App has no user accounts — no authentication, no account creation, no persistent user profile tied to a user identity.
Detail on fail: "No account deletion UI found in settings screens — users must email support to delete their account, which violates Apple App Store guideline 5.1.1" or "'Delete Account' button exists in src/screens/Settings.tsx but calls a stub function with no API request"
Remediation: Apple will reject apps that create accounts but don't provide in-app deletion. This is enforced on every new submission and update.
1. Add a "Delete Account" option to your settings or account management screen
2. The flow must be: Settings → Delete Account → Confirmation dialog ("Are you sure? This cannot be undone.") → Deletion API call → Sign out + navigate to login
3. Server-side deletion must remove or anonymize all personal data associated with the account within a reasonable timeframe (commonly 30 days)
4. If using Supabase, call supabase.auth.admin.deleteUser(userId) from a secure server-side function (never from the client with service role key)
5. If a grace period applies (e.g., 30-day recovery window), inform the user clearly before confirming
Review the configuration in src/ or app/ directory for implementation patterns.