Apple will require developers to present reasons for using certain APIs in their apps to prevent their abuse for data collection with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17 and watchOS 10 later this year.
“This will help ensure that apps use these APIs only for their intended purpose,” the company said in a statement. “As part of this process, you must select one or more accepted reasons that accurately reflect how your app uses the API, and your app may only use the API for the reasons you selected.”
The reasons for which APIs are required to be used are related to the following −
- File timestamp APIs
- User defaults APIs
- Active keyboard APIs
- System boot time APIs, and
- Disk space APIs
The iPhone maker said it is taking steps to ensure that such APIs are not misused by app developers to collect device signals for fingerprinting, which can be used by different apps and for other purposes such as targeted advertising, Could This can be used to uniquely identify users across websites.
Policy enforcement, which will go live in Fall 2023 and extend to VisionOS as well, will require developers submitting new apps or app updates to declare the reasons for using these “necessary reason APIs” in their app’s privacy manifest . Starting in Spring 2024, apps that do not describe their use of the API in their Privacy Manifest file will be rejected.
Apple clearly warns in its developer documentation, “Fingerprinting is not allowed regardless of whether a user allows your app to track you.” “Your app or third-party SDK must declare one or more approved reasons that accurately reflect your use of each of these APIs and the data obtained from their use.”
“You may use these APIs and the data derived from their use only for the declared reasons. These declared reasons must be consistent with the functionality of your app as presented to users, and you may use the API or derived data for tracking cannot be used.”
