Apple Requires Developers to Explain Use of APIs to Prevent Fingerprinting

By Muhammad QasimUpdated on December 18, 2023

Muhammad Qasim is a certified Google IT Support Professional.

Image: Apple

Earlier this month, we reported on how, with the launch of Threads, Meta faced criticism for collecting extensive user data. In response to concerns like these, Apple has now taken a bold step by announcing a security update for developers.

This update requires developers to provide detailed explanations for their use of certain APIs that access data from devices. The goal behind this change is to prevent any sort of potential misuse or unauthorized tracking of users’ devices, or their location.

In a recent press release, Apple said that some APIs that are important, and are used to deliver core functionality have the potential to be misused to access device signals and identify the device or user. This is known as fingerprinting. Regardless of whether a user gives an app permission to track, fingerprinting is NOT allowed.

To address this issue, Apple now requires developers to describe the reasons their app or third-party SDK uses these APIs. For each category of required reason API, developers must add a dictionary to the NSPrivacyAccessedAPITypes array in their app or SDK’s privacy manifest file. This dictionary will report the reasons the app uses the API category.

If a developer uses an API in their app’s code, they must report the API in their app’s privacy manifest file. If they use the API in their third-party SDK’s code, they must report the API in their third-party SDK’s privacy manifest file.

Also, to maintain complete transparency, Apple expects developers to choose from a list of “approved reasons” explaining how their app will utilize the designated APIs. This must align with the app’s core functionality and intended user experience, and not something that is reported, but isn’t related to what the app’s offering its users.

What this means for developers now is that they will need to review the APIs they use in their apps and SDKs to confirm if they are affected by this change. If they are, they will need to update their privacy manifest files to report the reasons they use the APIs. Otherwise, they’ll be violating App Store’s Guidelines.

It is important to note that Apple says that this will go into effect starting this Fall. From the next year onwards, any update without proper reasoning will be rejected.

This is all we know for now, but rest assured that we will keep you updated as new information becomes available.

Related Articles

Apple’s First Foldable is Allegedly a 20.3″ MacBook, Not an iPhone

iPhone’s Upcoming 16 Pro Rumored to Feature a Periscope Lens

Vision Pro’s “Plastic” Face Cracks Quite Easily, Replacement Comes at $800

Apple Offering Separate Vision Pro Headband for Developers

Vision Pro Battery Cable is Detachable with a SIM Tool, Reveals the New Lightning Connector

Apple Announces 15 Sports & Entertainment Apps for Vision Pro Including ESPN, Disney Plus and Amazon Prime