In the future, developers will have to justify the use of certain APIs. Apple wants to prevent the creation of digital fingerprints of users or devices.

Apple has new ones App approval rules released for the App Store. Above all, they tighten the requirements for the use of certain programming interfaces (Application Programming Interface, API). Beginning this fall, developers will have to explain why they use some APIs.

APIs are building blocks of an application, although some programming interfaces can also be misused, for example to access a user’s confidential data. In general, developers can access such APIs without justification. From autumn, however, there will be an important exception: If the APIs are potentially suitable for creating a digital fingerprint (fingerprinting) of a user, developers must justify their use.

Better protection against fingerprinting

In the future, Apple will classify such programming interfaces as “APIs with a required reason”. These include APIs for file timestamps, system boot time, storage size, and user defaults.

Fingerprinting, in turn, occurs when third-party code or software development kit (SDK) accesses device signals to identify a device or the user. But even if a user gives an app permission to track their activities in the app or other apps, fingerprinting is prohibited in the App Store.

However, the new rules for developers will only have consequences from spring 2024. Then all apps that do not explain their use of an API with a necessary reason will be rejected by the App Store. To prevent this, developers should describe in detail the use of the data collected by the app. In addition, the use of collected app data for purposes other than those authorized is prohibited.

Speaking to 9t05Mac, some developers explained that many apps use APIs for user standards. The fact that they are also among the APIs with a required reason increases the risk of rejection by the App Store. However, user standards APIs allow users to customize an app to their own needs.

Apple gives developers the opportunity to file complaints against app rejection. In addition, the company announced that it would regularly review the list of APIs with a required reason.

Share this: Twitter

Facebook

