Apple Requires Developers to Explain Use of APIs to Prevent Fingerprinting

Earlier this month, we reported on how, with the launch of Threads, Meta faced criticism for collecting extensive user data. In response to concerns like these, Apple has now taken a bold step by announcing a security update for developers.

This update requires developers to provide detailed explanations for their use of certain APIs that access data from devices. The goal behind this change is to prevent any sort of potential misuse or unauthorized tracking of users’ devices, or their location.

In a recent press release, Apple said that some APIs that are important, and are used to deliver core functionality have the potential to be misused to access device signals and identify the device or user. This is known as fingerprinting. Regardless of whether a user gives an app permission to track, fingerprinting is NOT allowed.

To address this issue, Apple now requires developers to describe the reasons their app or third-party SDK uses these APIs. For each category of required reason API, developers must add a dictionary to the NSPrivacyAccessedAPITypes array in their app or SDK’s privacy manifest file. This dictionary will report the reasons the app uses the API category.

If a developer uses an API in their app’s code, they must report the API in their app’s privacy manifest file. If they use the API in their third-party SDK’s code, they must report the API in their third-party SDK’s privacy manifest file.

Also, to maintain complete transparency, Apple expects developers to choose from a list of “approved reasons” explaining how their app will utilize the designated APIs. This must align with the app’s core functionality and intended user experience, and not something that is reported, but isn’t related to what the app’s offering its users.

What this means for developers now is that they will need to review the APIs they use in their apps and SDKs to confirm if they are affected by this change. If they are, they will need to update their privacy manifest files to report the reasons they use the APIs. Otherwise, they’ll be violating App Store’s Guidelines.

An iPhone’s home screen | Unsplash

It is important to note that Apple says that this will go into effect starting this Fall. From the next year onwards, any update without proper reasoning will be rejected.

This is all we know for now, but rest assured that we will keep you updated as new information becomes available.

ABOUT THE AUTHOR

Muhammad Qasim


Qasim's deep love for technology and gaming drives him to not only stay up-to-date on the latest developments but also to share his informed perspectives with others through his writing. Whether through this or other endeavors, he is committed to sharing his expertise and making a meaningful contribution to the world of tech and gaming.