Starting this fall, Apple has announced that developers will be required to provide a reason for using certain APIs that can collect information from their apps’ users.
According to the company, this change to the App Store API rules ensures developers don’t abuse APIs for user fingerprinting.
Also known as device fingerprinting, this is a technique used to collect information about a user’s device to create a unique identifier or “fingerprint” for that user.
This fingerprint is a set of characteristics and attributes that can be used to recognize and track individual users across different websites and online activities.
“We know that there are a small set of APIs that can be misused to collect data about users’ devices through fingerprinting, which is prohibited by our Developer Program License Agreement,” Apple said.
“To prevent the misuse of these APIs, we announced at WWDC23 that developers will need to declare the reasons for using these APIs in their app’s privacy manifest.”
This measure aims to guarantee that apps strictly adhere to the intended purpose of utilizing ‘required reason APIs.’
Developers must choose one or more approved reasons that accurately align with their app’s API usage. Subsequently, the app is restricted to using the API solely for the selected reasons.
Required reason API checks on App Store submissions
Developers will be alerted via email to provide an approved reason for using such APIs when submitting new apps or app updates to App Store Connect starting this fall.
Furthermore, starting in spring 2024, they’ll have to include an approved reason in the app’s privacy manifest to upload new apps or app updates to ensure it accurately aligns with how the app utilizes the API.
“If you have a use case for an API with required reasons that isn’t already covered by an approved reason and the use case directly benefits the people using your app, let us know,” Apple added.
The list of APIs that require reasons for use is available on Apple’s developer resources website on this documentation page.
Apple also implemented features designed to boost security and privacy for iPhone users with the iOS 16 release in September, including Lockdown Mode and Security Check.
Initially announced in July 2022, Lockdown Mode protects high-risk individuals, such as human rights defenders, journalists, and dissidents, safeguarding them against “extremely rare and highly sophisticated cyber attacks,” including targeted deployments of mercenary spyware.
On the other hand, the Safety Check privacy tool provides those whose personal safety is in immediate danger with an emergency reset option for their account security and privacy permissions to block individuals they no longer wish to remain connected to.
Source: www.bleepingcomputer.com