Apple is set to intensify its battle against apps that harvest data from users’ devices to trace them, commonly referred to as “fingerprinting,” as reported on 9to5Mac, citing an article from Apple’s developer portal. With the forthcoming release of iOS 17, tvOS 17, watchOS 10, and macOS Sonoma, developers will be mandated to justify their usage of necessary reason APIs. From Spring 2024 onwards, any apps that cannot provide a legitimate reason for usage will face rejection.
“Some APIs… carry the risk of being exploited to obtain device signals to attempt to identify the device or user, a process known as fingerprinting. Even if a user allows your app to track them, fingerprinting is unacceptable,” Apple stated. “To avoid misuse of certain APIs that could potentially gather information about users’ devices through fingerprinting, you must declare the purposes for employing these APIs in your app’s privacy manifest.”
This change in rules might result in an increased number of app rejections, as some developers informed 9to5Mac. For example, an API named UserDefaults, which stores user preferences and is heavily utilized by numerous apps, falls into the “required reason” category. On the other hand, it appears Apple will primarily rely on developers’ honesty in declaring their reasons. If these turn out to be incorrect, however, Apple would have a clear record for any ensuing penalties.
Apps employing fingerprinting utilize API calls to extract details about your smartphone or PC, including screen resolution, model, operating system, and more. This information is then used to create a distinct “fingerprint” to identify you across different apps or websites.
Apple effectively started its crackdown on tracking with the launch of iOS 14.5 in 2021, mandating developers to seek user consent before tracking them. Since its introduction, only about 4% of US iPhone users have allowed app tracking. Now, Apple is stepping up efforts to curb fingerprinting (also known as canvas fingerprinting), a concept that emerged in the digital world about ten years ago. In 2018, Apple began limiting the data websites could access on its Safari browser to address fingerprinting on macOS, and is now focusing on the issue within apps as well.
All products suggested by BuyTechBlog are chosen by our independent editorial team, and we are not influenced by our parent company. Our articles may contain affiliate links. Should you purchase something through one of these links, we might earn an affiliate commission. Prices are accurate at the time of publication.
Frequently Asked Questions (FAQs) about Apple’s Anti-Fingerprinting Measures
What is Apple’s latest action against ‘fingerprinting’?
Apple is about to tighten regulations on apps that gather data from users’ devices to track them, a practice known as ‘fingerprinting’. With the launch of iOS 17, tvOS 17, watchOS 10, and macOS Sonoma, developers will be obliged to justify their usage of so-called required reason APIs. If they fail to provide a valid reason, their apps may be rejected starting in the spring of 2024.
What are ‘required reason’ APIs?
‘Required reason’ APIs are APIs that need a specific reason for their use within an app. Developers will be required to declare their reasons for using these APIs in their app’s privacy manifest.
What is the consequence for developers who misuse APIs for fingerprinting?
If developers misuse APIs for fingerprinting and fail to provide a legitimate reason for their usage, their apps may be rejected from the Apple App Store. This is part of Apple’s new rules that will start being enforced in the spring of 2024.
How will Apple enforce these new rules?
While it seems that Apple will primarily rely on developers’ honesty in declaring their reasons for using specific APIs, Apple would have a clear record if these turn out to be incorrect, which could lead to potential penalties for the developers.
How has Apple handled fingerprinting in the past?
Apple declared war on tracking when it released iOS 14.5 in 2021, requiring developers to ask users’ permission before tracking them. In 2018, Apple addressed fingerprinting on macOS by limiting the data websites could access on its Safari browser. Now, it’s tackling the issue within apps as well.
More about Apple’s Anti-Fingerprinting Measures
- Apple’s Privacy Features
- Understanding Digital Fingerprinting
- Apple’s Developer Site
- 9to5Mac’s Coverage of Apple’s Anti-Fingerprinting Measures
- More on Apple’s iOS 14.5 Privacy Changes
- Information about UserDefaults API
- Canvas Fingerprinting Explained
8 comments
So now I gotta explain why I need certain APIs?? Could make the app dev process a bit more complicated.
Isn’t it crazy that only 4% of iPhone users allow app tracking? Speaks volumes about how people feel about privacy.
Way to go, Apple! Keep leading the charge on privacy! Proud to be a Mac user.
Had to google what fingerprinting was. Kinda freaky how much info apps can get about us! :O
oh boy, Apple’s at it again. Isn’t it good to see someone fighting for our privacy though?
Wonder how they’ll enforce this? Relying on devs to be honest sounds like wishful thinking to me. just my 2 cents
Guys, don’t be naive. Even if Apple is cracking down on others, they still got all your info!
This is excellent news! More companies need to step up and protect user data like Apple.