Apple’s New Rules Aim to Protect iPhone Users from Data Misuse
Apple has revealed that it intends to implement a policy that would, beginning later this year with the introduction of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10, force developers to justify the usage of specific APIs in their software. This policy is intended to prevent APIs from being abused for the purpose of data collection.
The company stated in a statement that “this will help ensure that apps only use these APIs for their intended purpose.” You must choose one or more authorized reasons that appropriately represent how your app utilizes the API as part of this process, and your app can only use the API for the reasons you’ve chosen.
The APIs that demand justification for their use apply to the following:
- File timestamp APIs
- System boot time APIs
- Disk space APIs
- Active keyboard APIs, and
- User defaults APIs
Apple has stated that it is taking this step to prevent app developers from abusing such APIs in order to gather device signals for the purpose of fingerprinting. This is because fingerprinting has the potential to be used to uniquely identify users across a variety of apps and websites for a variety of purposes, including targeted advertising.
Developers that submit new apps or app updates after the policy enforcement goes live in the fall of 2023 and extends to visionOS are going to be required to specify the reasons for using “required reason APIs” in their app’s privacy manifest. This policy enforcement will also apply to visionOS. Applications that do not include a description of how they use APIs within their privacy manifest file will be denied beginning in the spring of 2024.
In a clear statement found within its developer documentation, Apple has explicitly cautioned that regardless of a user’s decision to grant permission for app tracking, the practice of fingerprinting is strictly prohibited. In a recent development, it has been announced that app developers and third-party SDKs are now required to declare approved reasons for utilizing certain APIs and the data obtained from them.
“You may use these APIs and the data derived from their use for the declared reasons only. These declared reasons must be consistent with your app’s functionality as presented to users, and you may not use the APIs or derived data for tracking.”
This new requirement aims to ensure transparency and accuracy in the use of these APIs. The declaration of approved reasons is crucial as it provides insight into the purpose behind accessing these APIs and the subsequent utilization of the data derived from them. By doing so, developers are expected to provide a clear and legitimate explanation for their use of these APIs. This move comes as part of an effort to enhance user privacy and data protection.
By requiring developers to declare their intentions, it becomes easier to monitor and regulate the use of APIs, thereby safeguarding user information. It is important for developers and third-party SDKs to comply with this new requirement in order to maintain transparency and accountability. Failure to do so may result in consequences such as restrictions or removal from app stores. Overall, this new mandate emphasizes the significance of the responsible and justified use of APIs and the data they provide.
By declaring approved reasons, developers can ensure that their actions align with the principles of privacy and data security.
Check Also: An Apple Security Update Rolls Out for Zero-Day Flaws Affecting Devices.
PTA Taxes Portal
Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal
Explore NowFollow us on Google News!