Apple's App Store, known for its dedication to user privacy, is introducing more stringent regulations for app developers. The new rules focus on data collection and require developers to explain the necessity for certain data access, aimed at preventing the misuse of Application Programming Interfaces (APIs).
APIs enable developers to extract and exchange data. In the new App Store rule context, Apple highlights that some developers may misuse APIs to gather data about users' devices through "fingerprinting". This technique uses APIs to identify a device or user, which is not permitted by Apple, even if the user has granted app tracking permissions.
As reported by The New York Times in 2019, this method of tracking devices and users, mostly invisible to users, increased in the advertising industry. This was a response to enhanced privacy protections implemented by companies like Apple and Mozilla. These changes made traditional tracking methods, such as cookies or pixels, more challenging for advertisers to use.
However, Apple's 2021 introduction of the App Tracking Transparency rule sought to prohibit fingerprinting. Despite this, there were no additional measures to fully enforce the rule, until now.
Under the new developer requirements, developers must justify their need for specific API access. They must select from "approved reasons" that explain their app's API usage, and can only use the API for those purposes. The APIs affected include those related to file timestamps, disk space, system boot time, active keyboard, and user defaults.
The rule will take effect in fall 2023, and developers must add the approved reason to their app’s privacy manifest before submitting apps or app updates to the App Store. This also applies to third-party software development kits (SDKs) used by their app. Apps and app updates submitted without an approved reason will be rejected from spring 2024.
While some developers have expressed concerns over the new requirement, others argue that it doesn't prevent legitimate use but only requires a stated reason. Despite the risk of increased App Store rejections, Apple aims to provide developers with ample lead time to make necessary adjustments.
