In an effort to bolster user privacy and crack down on fingerprinting, Apple has announced that developers will soon be required to provide detailed explanations for their app’s use of certain APIs before submitting them to the App Store.
The APIs in question are now classified as “required reason APIs,” meaning developers must articulate the purpose of these APIs in their apps when submitting them for review. Currently, there are around 30 APIs to which the new rule applies.
The move comes as part of Apple’s ongoing efforts to enhance user privacy and ensure that apps comply with the company’s guidelines.
According to the information provided on the Apple Developer website, starting with the release of iOS 17, tvOS 17, watchOS 10, and macOS Sonoma to the public, developers will receive notifications regarding the need to submit an explanation for the use of required reason APIs.
By the spring of 2024, apps using these APIs without a valid reason will face rejection.
Apple stated, “To prevent the misuse of certain APIs that can be used to collect data about users’ devices through fingerprinting, you’ll need to declare the reasons for using these APIs in your app’s privacy manifest. This will help ensure that apps only use these APIs for their intended purpose.”
While the initiative is well-intentioned and focused on safeguarding user privacy, some developers have expressed concerns about potential increases in app rejection rates.
UserDefaults – a commonly used API for storing user preferences – falls under the category of “required reason APIs,” leading to fears of apps being rejected due to oversight in providing an explanation for using this basic functionality.
Developers, however, will have recourse in case of rejection. Apple will allow them to appeal a rejection and submit a request for approval in cases not covered by the existing guidelines. Further details on the appeal process can be found on the Apple Developer website.
Privacy advocates have generally welcomed the move, seeing it as a step in the right direction for curbing intrusive tracking and protecting user data. Nevertheless, concerns linger about the potential challenges in implementing this new requirement effectively, as developers may find it relatively easy to provide generic justifications for utilising APIs like UserDefaults.
Apple has consistently emphasised its commitment to safeguarding user privacy, and these new measures reinforce its dedication to that cause. However, developers will need to adapt to the increasingly strict review process and be meticulous in providing explicit reasons for using certain APIs to avoid unnecessary app rejections.
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The event is co-located with Digital Transformation Week.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.