Yoodley is reader-supported. When you buy through links on our site, we may earn an affiliate commission.
In hopes of boosting its privacy standards, Apple has a new requirement for app developers before they submit their creations for the App Store. According to the new document (via 9To5Mac) from the company, developers will soon have to describe or explain the use of certain APIs in their apps, with Apple stressing this is meant to address “fingerprinting” practice among other developers.
“Some APIs that your app uses to deliver its core functionality — in code you write or included in a third-party SDK — have the potential of being misused to access device signals to try to identify the device or user, also known as fingerprinting,” Apple explains in the document. “Regardless of whether a user gives your app permission to track, fingerprinting is not allowed. Describe the reasons your app or third-party SDK on iOS, iPadOS, tvOS, visionOS, or watchOS uses these APIs, and check that your app or third-party SDK only uses the APIs for the expected reasons.”
According to Apple, these APIs that will require justifications will be those that fall in its new “required reason API” category. These APIs are those related to accessing file timestamps, system boot time, available disk space, list of active keyboards, and user defaults. Apple shares a complete list of all the APIs related to the said accesses in the document.
The new practice will start to be partially observed this fall by informing developers via email that they have uploaded an app that uses a required reason API without describing the reason in its privacy manifest file. Then, by Spring 2024, Apple will start turning down App Store Connect submissions from developers who will fail to follow the new order.
“Your app or third-party SDK must declare one or more approved reasons that accurately reflect your use of each of these APIs and the data derived from their use,” Apple adds. “You may use these APIs and the data derived from their use for the declared reasons only. These declared reasons must be consistent with your app’s functionality as presented to users, and you may not use the APIs or derived data for tracking.”