Following revelations yesterday regarding the use of session replay tech among big-name travel apps that recode iPhone users’ screens, Apple is now telling developers to either remove the code responsible or disclose it to users, according to a new report from TechCrunch. The punishment for failing to do so could be as severe as having the offending app forcibly removed from the App Store.

Apple confirmed to the publication that its App Store Review Guidelines prohibit this kind of activity without first gaining proper consent from a user. “Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity,” an Apple spokesperson tells TechCrunch. “We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary.”

The practice, known as session replaying, involves using a third-party company, in this case analytics firm Glassbox, to embed code in a mobile app that records user activity. The goal is ostensibly to inform an app maker about certain features, interface design decisions, and other parts of the app that might be tripping users up or causing issues. And there’s no indication that Glassbox is doing anything nefarious with the data whatsoever.