Click to Skip Ad
Closing in...

Apple clamps down on device fingerprinting that lets sneaky developers track users

Published Jul 28th, 2023 11:19AM EDT
App Store Awards 2023
Image: Apple Inc.

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

After introducing App Tracking Transparency a couple of years ago, Apple wants developers to be even more clear about why they use certain APIs in their apps. On a support page (via AppleInsider) on its developer’s website, the Cupertino firm wants to ensure that a developer’s usage of APIs is consistent with its policy.

Apple explains that some APIs that deliver core functionality to apps have the “potential of being misused to access device signals to try to identify the device or user, also known as device fingerprinting.”

The company clarifies that fingerprinting is not allowed even if a user gives the developer permission to track them. That said, developers will have to describe why their app or third-party SDK on the company’s operating system uses these APIs, and Apple will check if they are being used for the expected reasons.

Apple explains: “From Fall 2023, you’ll receive an email from Apple if you upload an app to App Store Connect that uses the required reason API without describing the reason in its privacy manifest file. From Spring 2024, apps that don’t describe their use of required reason API in their privacy manifest file won’t be accepted by App Store Connect.”

The company follows by saying, “Your app or third-party SDK must declare one or more approved reasons that accurately reflect your use of each of these APIs and the data derived from their use. You may use these APIs and the data derived from their use for declared reasons only. These declared reasons must be consistent with your app’s functionality as presented to users, and you may not use the APIs or derived data for tracking.”

As developers still have time to comply with the new rules, Apple says that if an app uses the required reason API to provide benefits to people for a reason that isn’t already listed, they can submit a request for a new approved reason.

The company also shows what developers need to add to their apps on the documentation page and how to describe data use in privacy manifests.

BGR will let you know once this new policy becomes mandatory and how this could impact your usage of apps.

José Adorno Tech News Reporter

José is a Tech News Reporter at BGR. He has previously covered Apple and iPhone news for 9to5Mac, and was a producer and web editor for Latin America broadcaster TV Globo. He is based out of Brazil.