Apple
Apple

Apple new App Store API rules: Cracking down on ‘Fingerprinting’

What To Know

  • Apple is set to initiate stringent measures against applications that collect data from users’ devices to track them, commonly known as “fingerprinting,” as per a report on its developer site spotted by 9to5Mac.
  • “Some APIs possess the potential to be exploited for accessing device signals, attempting to identify either the device or the user, a technique referred to as fingerprinting.
  • “To forestall the misuse of specific APIs that may lead to the collection of data concerning users’ devices through fingerprinting, you will be required to declare the underlying reasons for utilizing these APIs in your app’s privacy manifest.
  • In 2018, Apple addressed fingerprinting on macOS by limiting the data accessible to websites through its Safari browser, and now, it is extending the same approach to tackle the issue with apps as well.

Apple is set to initiate stringent measures against applications that collect data from users’ devices to track them, commonly known as “fingerprinting,” as per a report on its developer site spotted by 9to5Mac.

Commencing with the release of iOS 17, tvOS 17, watchOS 10, and macOS Sonoma, developers will be mandated to elucidate why they are utilizing certain essential reason APIs. Any apps that fail to provide a valid explanation will face rejection, starting in the spring of 2024.

“Some APIs possess the potential to be exploited for accessing device signals, attempting to identify either the device or the user, a technique referred to as fingerprinting. Regardless of whether a user grants permission to track through your app, fingerprinting is strictly prohibited,” Apple articulated.

“To forestall the misuse of specific APIs that may lead to the collection of data concerning users’ devices through fingerprinting, you will be required to declare the underlying reasons for utilizing these APIs in your app’s privacy manifest.”

Developers informed 9to5Mac that the new regulations could result in a higher rate of app rejections. For instance, the UserDefaults API falls into the “required reason” category, but since it stores user preferences, it is widely employed by numerous apps.

However, it seems that Apple will have to rely on the developers’ declarations of reasons. Should those declarations be proven false, there may be a paper trail that could lead to potential penalties.

Fingerprinting apps can leverage API calls to access various characteristics of your smartphone or PC, such as screen resolution, model, operating system, and more. Subsequently, it combines this information to form a distinctive “fingerprint,” enabling it to identify users when they visit other applications or websites.

Apple took a decisive stance against tracking when it introduced iOS 14.5 in 2021, making it mandatory for developers to seek users’ permission before tracking them. Since the implementation of this feature, only 4 percent of US iPhone users have agreed to app tracking.

Now, Apple aims to curtail fingerprinting (also known as canvas fingerprinting), which emerged in the digital landscape about a decade ago. In 2018, Apple addressed fingerprinting on macOS by limiting the data accessible to websites through its Safari browser, and now, it is extending the same approach to tackle the issue with apps as well.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply