Apple has laid down some new rules governing the use of APIs on its App Store in the name of preserving user privacy.
The change means developers will be required to provide a reason for using data-gathering APIs in their apps, which can determine the identity of a user based on information about their device and how it is used.
This process is known as fingerprinting, and it is used to track a user across their online activity. Apple said that it is aware of a small number of APIs that can be misused in this way, which is prohibited under its Developer Program License Agreement.
Fingerprinting
In an announcement on its developer site, Apple noted, "to prevent the misuse of these APIs, we announced at WWDC23 that developers will need to declare the reasons for using these APIs in their app's privacy manifest."
Developers will have a list of valid reasons to choose from which must correspond accurately to how an API will be used in their app, which can only make use of the API for the stated reasons alone.
From this Fall, developers will receive an email asking for a valid reason once they have submitted their new app for Apple's approval or updated it via App Store Connect. From Spring 2024, the reason will have to be included in the privacy manifest.
Apple also told developers to contact the company if their reason for using the API isn't covered in the pre-approved list but is still of benefit to the user. The list of APIs that require a reason can be viewed here.
The new requirement follows in the footsteps of other security and privacy features Apple has released as part of iOS 16, which came to market in September 2022. Lockdown Mode was announced in July 2022, aimed at protecting prime targets from cyberattacks, and was used for the first time in April this year to foil a spyware campaign.
Another is Safety Check, which allows users to block contact with those who may be a threat to them, and turns off location tracking on their device.
- These are the best privacy tools and anonymous browsers
