Apple Imposes Strict Rules On API Use For Data Collection

Apple in-app developer

Apple has announced that starting this fall, developers will be required to provide a reason for using certain APIs once they can be used to collect information about users of their apps. This fundamentally improves privacy.

Creation of a recognizable user profile

This is intended to suppress so-called “fingerprinting”, the creation of a recognizable user profile. This is reported by the online magazine 9to5mac.

The change in the App Store API rules is intended to ensure that developers do not misuse the APIs to collect user data. The technique, also known as device fingerprinting, collects information about a user’s device in order to create a unique identifier, i.e. a fingerprint, for that user.

This fingerprint is a set of characteristics and attributes that can be used to recognize and track individual users across different websites and online activities.

“We are aware that there are a small number of APIs that can be abused to collect data about users’ devices through fingerprinting, which is prohibited by our Developer Program license agreement,” Apple said. “To prevent abuse of these APIs, we announced at WWDC23 that developers must provide reasons for using these APIs in their app’s privacy manifest.”

Required Reason APIs

This measure is intended to ensure that apps strictly adhere to the intended purpose of using “Required Reason APIs”. Developers who cannot prove these reasons are threatened with the exclusion of their apps. From spring 2024, details on the interfaces used must be included in the data protection manifest of the app when uploading new apps or app updates.

The list of APIs that require reasons to use is available on a new developer documentation page.

With the release of iOS 16 in September, Apple introduced features designed to improve security and privacy for iPhone users, including lockdown mode and security check. The “Required Reason APIs” complete this.

Leave a Reply