Apple is taking a significant step to protect user privacy by introducing new rules for mobile app development. Starting with iOS 17 and other operating systems, developers will need to provide a valid reason for using certain APIs that can be misused to collect data about users' devices.
To prevent the misuse of these APIs, which have the potential to identify devices or users through fingerprinting, Apple is requiring developers to declare their reasons for using them in their app's privacy manifest. This move follows Apple's earlier efforts to stop tracking by introducing App Tracking Transparency (ATT) in iOS 14.5. Since then, only a small percentage of US iPhone users have agreed to allow app tracking.
Fingerprinting involves using API calls to collect information about devices, such as screen resolution, model, and operating system, to create a unique identifier. This identifier can be used to track users across different apps and websites. Apple is addressing this issue by requiring developers to explain why they're using these APIs, effectively stopping fingerprinting.
The new rules may lead to an increase in app rejections, as some developers will need to update their apps to comply with the new requirements. For instance, APIs like UserDefaults, which store user preferences, are now considered "required reason" APIs and require a valid explanation. While Apple will rely on developers' word for reason declarations, false claims could lead to penalties.
The impact of these changes will be significant, as fingerprinting has been used by some apps to collect data about users' devices without their knowledge or consent. By stopping this practice, Apple is strengthening user privacy and promoting transparency in mobile app development.