Apple has rolled out a new policy requesting developers to submit reasons for requiring certain APIs in their apps starting later in the year with the release of iOS17, iPdOS17, mcOS17, tvOS17, and watchOS10 to prevent their abuse of data collection
In the statement they released on 27th July, Apple said that they are committed to protecting user privacy on their platforms. “This will help to ensure that apps only use these APIs for their intended purpose”, they further explained. “As part of this process, you’ll need to select one or more approved reasons that accurately reflect how your app uses the API, and your app can only use the API for the reasons you’ve selected”.
Some of the PIs that people have listed require reasons for use are related to the following:
- User default PIs
- Active keyboard PIs
- File transfer stamp PS
- Disk space PIS, and
- System boot time
The mobile device giant said it Is making the move to ensure that such APIs are not abused by app developers to either collect data or signals to carry out fingerprinting, which could be employed to uniquely identify users across different apps and websites for other purposes such as targeted advertising.
The enforcement of this policy is to commence Fall of 2023 and will extend to accommodate VisionOS and require app builders to submit new apps or updates to declare their reasons for using these “required reasons APIs” in their app’s privacy manifest file will be rejected.
Apple explicitly cautions that “regardless of whether a user gives your app permission to track, fingerprinting is not allowed.” In its developer documentation, “Your app or third-party SDK must declare one or more approved reasons that accurately reflect your use of each of these APIs and the data derived from the use.”
“You may use these APIs and the data derived from the use for the declared reasons only. These declared reasons must be consistent with your app’s functionality as presented to users, and you may not use the APIs or derived data for tracking.”