Ask people to create an account only if your app’s core functionality requires it; otherwise, let people enjoy your app without one. If your app requires an account, consider using Sign in with Apple to give people a consistent sign-in experience they can trust and the convenience of not having to remember multiple accounts and passwords.

Explain the benefits of creating an account and how to sign up. If your app requires an account, write a brief, friendly description of the reasons for the requirement and its benefits, and display this message on the sign-in screen.

Delay sign-in for as long as possible. People often abandon apps when they’re forced to sign in before they can do anything useful. To help avoid this situation, give people a chance to appreciate your app before asking them to make a commitment to it. For example, a shopping app might let people browse as much as they want, requiring sign-in only when they’re ready to make a purchase.

If you don’t use Sign in with Apple, use Password AutoFill. Password AutoFill automatically generates and fills in passwords and security codes so people can spend less time on authentication screens. For developer guidance, see Password AutoFill.

Avoid using the term passcode to refer to account authentication. People create a passcode to unlock their device or authenticate for Apple services, so people might think you’re asking them to reuse it in your app. Consider alternative terms like password, PIN, code, pass phrase, key, or access code.

Account Deletion

If you help people create an account within your app, you must also help them delete it, not just deactivate it. In addition to following the guidelines below, be sure to understand and comply with your region’s legal requirements related to account deletion and the right to be forgotten.

IMPORTANT If legal requirements compel your app to maintain accounts or information — such as digital health records — or to follow a specific account-deletion process, clearly describe the situation so people can understand the information or accounts you must maintain and the process you must follow.

Provide a clear way to initiate account deletion within your app. If people can’t perform account deletion within your app, you must provide a direct link to the webpage on which people can do so. Make the link easy to discover — for example, don’t bury it in your Privacy Policy or Terms of Service pages.

DEVELOPER NOTE If people used Sign in with Apple to create an account within your app, you revoke the associated tokens when they delete their account. See Revoke tokens.

Provide a consistent account-deletion experience whether people perform it within your app or on the website. For example, avoid making one version of the deletion flow longer or more complicated than the other.

Consider letting people schedule account deletion to occur in the future. People can appreciate the opportunity to use up their remaining services or wait until their subscription auto-renews before deleting their account. If you offer a way to schedule account deletion, offer an option for immediate deletion as well.

Tell people when account deletion will complete, and notify them when it’s finished. Because it can sometimes take a while to fully delete an account, it’s essential to keep people informed about the status of the deletion process so they know what to expect.

If you support in-app purchases, help people understand how billing and cancellation work when they delete their account. For example, you might need to help people understand the following scenarios:

  • Billing for an auto-renewable subscription continues through Apple until people cancel the subscription, regardless of whether they delete their account.
  • After they delete their account, people need to cancel their subscription or request a refund.

In addition to helping people understand these scenarios, provide information that describes how to cancel subscriptions and manage purchases. For guidance, see Helping People Manage Their Subscriptions and Providing Help with In-App Purchases.

NOTE Even if people didn’t use your app to purchase the subscription, you still need to enable account deletion.

Face ID and Touch ID

Face ID and Touch ID are secure, familiar authentication methods that people trust. When people enable biometric authentication on their device, assume they understand how it works, appreciate its convenience, and prefer to use it whenever possible. Because people might also turn off biometric authentication, be prepared to handle this scenario too.

A screenshot of a lock screen on iPhone with a Face ID prompt to open Reminders.

A screenshot of a lock screen on iPhone with both a Touch ID prompt and a passcode prompt to open Reminders.

For developer guidance, see Local Authentication.

Reduce the complexity of your interface by presenting a single way to authenticate. You can offer a fallback alternative — like asking for a username and password — if the initial method fails.

Initiate authentication only in response to user action. An explicit action like tapping a button ensures that people want to authenticate. In the case of Face ID, it also increases the likelihood that the person is facing the camera.

Always identify the authentication method you offer. For example, if you display a button for signing in to your app with Face ID, title it using a phrase like “Sign In with Face ID” instead of a generic phrase like “Sign In.”

Refer only to authentication methods that are available in the current context. Don’t reference Touch ID on a device that supports Face ID, or reference Face ID on a device that supports Touch ID. Check the device’s capabilities and use the appropriate terminology. For developer guidance, see LABiometryType.

In general, avoid offering a setting for opting in to biometric authentication within your app. People enable biometric authentication at the system level, so presenting an in-app setting is redundant and could be confusing.