Apple wants to protect user data with new App Store API rules, cracking down on invasive fingerprinting practices

Jul 28, 2023, 4:59 PM UTC
3 mins read
Apple wants to protect user data with new App Store API rules, cracking down on invasive fingerprinting practices
(Illustration/GadgetBond, Image credit: Apple)

Apple‘s relentless pursuit of user privacy continues as it gears up to crack down on the insidious practice of “fingerprinting” within the realm of mobile apps. In a move that demonstrates its unwavering commitment to safeguarding user data, the tech giant is set to introduce new rules for App Store APIs (Application Programming Interfaces), targeting apps that stealthily collect data to track users.

The revelation came to light through a developer site article (and this), which was spotted by the vigilant folks at 9to5Mac. According to the report, Apple will implement these stringent measures with the release of iOS 17, tvOS 17, watchOS 10, and macOS Sonoma. Developers will be required to provide explicit justifications for utilizing specific “required reason” APIs. Any apps that fail to furnish valid reasons will face rejection, starting in the spring of 2024.

In a candid statement, Apple expressed its concern that certain APIs could be misused to access device signals for identifying users, a practice commonly known as fingerprinting. Irrespective of whether users grant permission to be tracked, Apple unequivocally forbids fingerprinting. To counter the misuse of APIs that facilitate data collection through fingerprinting, developers must disclose the reasons for employing such APIs in their app’s privacy manifest.

While this move is laudable in its intent to protect user privacy, it may inadvertently lead to an increase in app rejections, as some developers have cautioned. One such API that falls under the “required reason” category is UserDefaults, extensively used by numerous apps to store user preferences. The process of vetting reason declarations is expected to rely on the developer’s credibility, but Apple may have ways to verify the authenticity of these declarations, making it crucial for developers to be truthful in their disclosures to avoid potential penalties.

Fingerprinting, a technique that has long been an issue in the digital world, enables certain apps to access various characteristics of a user’s device, including screen resolution, model, operating system, and more. By amalgamating this data, a unique “fingerprint” is created, allowing the app to track users across other apps and websites surreptitiously.

Apple’s steadfast battle against user tracking traces back to its iOS 14.5 release in 2021 when the company mandated that developers seek user permission before engaging in any form of tracking. However, the feature has garnered limited support, with a mere 4 percent of US iPhone users opting to grant app tracking permission. Undeterred, Apple now turns its attention to eliminating fingerprinting (also known as canvas fingerprinting), a practice that surfaced in the digital landscape over a decade ago.

In 2018, Apple began its efforts to curb fingerprinting on macOS by restricting website access to data on its Safari browser. Now, with its sights firmly set on apps, Apple is taking an all-encompassing approach to safeguard user privacy, proving that the company remains steadfast in its commitment to providing a secure digital ecosystem for its users.

Notify of
Inline Feedbacks
View all comments

More in "App Store"

Would love your thoughts, please comment.x