Apple cracking down on 'fingerprinting' with new App Store API rules
Starting with iOS 17, developers will need to explain why they're using certain APIs.
Apple will soon start cracking down on Apps that collect data on users' devices in order to track them (aka "fingerprinting"), according to an article on its developer site spotted by 9to5Mac. Starting with the release of iOS 17, tvOS 17, watchOS 10 and macOS Sonoma, developers will be required to explain why they're using so-called required reason APIs. Apps failing to provide a valid reason will be rejected started in spring of 2024.
"Some APIs... have the potential of being misused to access device signals to try to identify the device or user, also known as fingerprinting. Regardless of whether a user gives your app permission to track, fingerprinting is not allowed," Apple wrote. "To prevent the misuse of certain APIs that can be used to collect data about users’ devices through fingerprinting, you’ll need to declare the reasons for using these APIs in your app’s privacy manifest."
The new rules could increase the rate of app rejections, some developers told 9to5Mac. For instance, an API called UserDefaults falls into the "required reason" category, but since it stores user preferences, it's used by a lot of apps. At the same time, it sounds like Apple will basically need to take a developer's word for reason declarations. If those prove to be false, though, it would certainly have a paper trail for any potential penalties.
Fingerprinting apps can use API calls to retrieve characteristics of your smartphone or PC, including the screen resolution, model, OS and more. It can then take all this information and create a unique "fingerprint," so it can identify you when you go to other apps or websites.
Apple effectively declared war on tracking when it released iOS 14.5 in 2021, requiring developers to ask users' permission before tracking them. Since that feature arrived, only 4 percent of US iPhone users have agreed to app tracking. Now, it's trying to stop fingerprinting (also called canvas fingerprinting), which first appeared in the digital zeitgeist a decade ago. Back in 2018, Apple said it would address fingerprinting on macOS by limiting the data that websites can access on its Safari browser, and now, it's addressing the issue with apps as well.
