Apple has introduced some new rules for using APIs in the App Store to protect user privacy.
The change means developers must provide a reason for using data collection APIs in their apps, which can determine a user’s identity based on information about their device and how it is used.
This process is known as fingerprinting and is used to track a user through their online activities. Apple said it is aware of a small number of APIs that could be exploited in this way, which is prohibited under the developer program license agreement.
Fingerprints
In an announcement on its developer site, Apple noted, “To prevent misuse of these APIs, we announced at WWDC23 that developers must disclose the reasons for using these APIs in their app’s privacy manifest.”
Developers have a list of valid reasons to choose from that must accurately match how an API will be used in their app, who can only use the API for the stated reasons.
Starting this fall, developers will receive an email asking for a valid reason once they submit their new app for Apple approval or update it through App Store Connect. From the spring of 2024, the reason must be included in the privacy manifesto.
Apple also told developers to contact the company if their reason for using the API isn’t on the pre-approved list, but still benefits the user. The list of APIs that require a reason can be viewed here.
The new requirement follows in the footsteps of other security and privacy features Apple released as part of iOS 16, which was released in September 2022. the first time in April this year to thwart a spyware campaign.
Another is Safety Check, which allows users to block contact with those who may pose a threat to them, and disable location tracking on their device.