In an unprecedented move to improve user privacy, Apple Inc. is set to intensify its policies on apps that collect user data, a tactic known as “fingerprinting”. According to a recently updated article on its developer site, starting from the launch of iOS 17, tvOS 17, watchOS 10, and macOS Sonoma, Apple will require developers to explicitly state their reasons for using specific Application Programming Interfaces (APIs). Apps that fail to comply will face rejection beginning in the spring of 2024.
Fingerprinting – A Privacy Concern
Fingerprinting, a technique that utilizes APIs to retrieve device characteristics and user information, can be used to track users across various apps and websites, forming a unique “fingerprint”. This presents an invasive threat to privacy, prompting Apple to enforce stringent measures to prevent misuse.
Mandatory Declaration for ‘Required Reason APIs’
Developers will be obligated to declare their usage of the so-called ‘required reason APIs’ in their app’s privacy manifest. For instance, UserDefaults, an API often employed by apps to store user preferences, is categorized under ‘required reason APIs’. This new policy poses a challenge for many app creators, potentially increasing app rejection rates.
While Apple is depending on developers’ honesty for reason declarations, a false declaration would leave a paper trail, making potential penalties plausible. The company has also assured developers that they can appeal a rejection and submit a request to approve a situation not covered in the current guidelines.
Apple’s Crusade for User Privacy
Apple has a reputation for prioritizing user privacy. It launched the App Tracking Transparency feature with iOS 14 in 2020, which was met with criticism from advertisers for impacting their revenue. Undeterred, the tech giant is pushing forward with its agenda.
Approximately 30 ‘required reason APIs’ currently apply across all Apple platforms, encompassing various functions such as keyboard access, calculating free disk space, and determining the user’s device runtime. Apple maintains that all accessed or derived information from these APIs should not be sent off-device to ensure user privacy.
Implications and Future Predictions
With these enhanced privacy standards, developers will need to rethink their data collection and handling practices. There’s no denying that these stringent measures may pose a significant challenge, especially for developers who heavily rely on user data for their apps’ functionality. However, this new requirement of providing clear and honest justifications for the use of APIs can serve as an opportunity for developers to refine their apps’ data usage and enhance privacy protections.
Looking Towards a Privacy-Centric Future
The introduction of these stringent measures signifies Apple’s unwavering commitment to user privacy. The tech giant’s stand against fingerprinting can be traced back to 2018 when it limited the data websites on its Safari browser could access. Then, with the release of iOS 14.5 in 2021, it required developers to seek users’ permission before tracking them. Now, it aims to confront the fingerprinting issue head-on with apps.
Apple’s decision to tighten its privacy policies can have far-reaching implications. The company’s goal to give users greater control over their data and hold developers accountable for their data collection practices may reshape how apps are developed in the future. This shift will compel developers to adopt transparency and prioritize privacy, aligning the app industry with Apple’s robust privacy standards.
