Apple’s Surprising Demand – Asks App Makers To Justify Application APIs

Apple has issued a mandate to app developers, requiring them to justify using sensitive APIs in their applications. The move comes as the tech giant aims to deter developers from engaging in digital fingerprinting to track users without their consent.

Digital fingerprinting involves the creation of a distinct identifier by analyzing a device's software and hardware attributes. This enables marketers and other entities to track users covertly.

While it has legitimate applications in network security and fraud prevention, its misuse for non-consensual tracking has raised privacy concerns.

A Step to Tackle Rising Fingerprinting Concerns

Over the years, fingerprinting has become increasingly prevalent as companies sought alternative means of tracking users after privacy protections were strengthened.

A 2020 report revealed a significant rise in fingerprinting, with around 37 percent of the top 500 websites and over two-thirds of the top 10,000 websites employing such techniques.

Developers can submit a form, presenting their case to convince Apple that their intended use of an API is not abusive or privacy-invasive.

Apple introduced an API privacy initiative at its Worldwide Developer Conference in June to combat the misuse of sensitive APIs for fingerprinting.

From Fall 2023," developers utilizing Required reason APIs" must offer a valid reason from an approved list to access device data. This includes system boot time, available disk space, and user default settings.

Developers will also have to include a reason code in their privacy manifest file, aligning with one of the sanctioned justifications for accessing specific data.

For instance, Apple's documentation designates CA92.1" as the code solely valid for accessing UserDefaults data. This code imposes restrictions on reading or writing information that other apps could access.

However, the tech giant is open to considering additional reasons not present in the official list through a petition process.

The Expected Outcome

Although it remains unclear whether Apple will actively cross-check declared reasons with the actual code used in the applications, the onus lies on developers to ensure compliance. A thorough investigation into a developer's stated reason could potentially expose any non-compliant code.

Apple's initiative seeks to strike a balance between facilitating legitimate app functionalities and safeguarding user privacy.

By demanding transparent explanations from developers, the company aims to curb unauthorized tracking and enhance user trust in its ecosystem.

As the tech industry grapples with data privacy challenges, initiatives like Apple's API privacy push set important precedents. App developers will need to align with these new guidelines to ensure their apps adhere to the stringent privacy standards demanded by users and regulators alike.

The anticipated iOS 17 release in September or October will bring Apple's new policy into effect. This will prompt developers to adapt to the change and provide explicit and legitimate justifications for using sensitive APIs.

The post Apple's Surprising Demand - Asks App Makers To Justify Application APIs appeared first on The Tech Report.