July 31, 2023

Apple has taken a step against digital fingerprinting by forcing app developers to justify the use of sensitive APIs. The company says that this is an effort to discourage app makers from trying to track users through digital fingerprinting.

Fingerprinting is a technique that can be used to create a unique identifier for a device based on its software and hardware characteristics. This identifier can then be used to track the user across different websites and apps.

Apple says it will not allow fingerprinting in its App Store and it will require developers to declare the reason why they need to use a sensitive API starting from this Fall. The reasons that are allowed are limited and must be approved by Apple. Apple also allows developers to submit reasons not on the official list through a petition process, where they must convince the company that the intended use is not abusive.

Developers who do not comply with the new rules will have their apps rejected from the App Store. The privacy manifest file requires developers to include a reason code corresponding to an accepted reason for accessing data. For instance, “CA92.1” is the code associated with the sole valid reason for accessing UserDefaults data.

The sources for this piece include an article in TheRegister.