Apple wants app makers to explain API use due to fingerprinting from 2024

Apple wants app developers to indicate why they want access to certain APIs from the spring of 2024. In this way, the company wants to prevent API access from being abused to track people with fingerprinting.

Company has published a list of thirty APIs for which a required reason will apply from the spring of 2024. This means that the app developer must indicate in a privacy manifest file why he or she wants to use that API. It is already prohibited for apps on Apple platforms to abuse APIs for fingerprinting, but with the new measure Apple wants to further prevent abuse.

Examples of required-reason APIs include APIs that indicate how much storage space a device has left, what keyboard is being used, what default apps a user has set, file timestamps, and information about how long a device has been on since the last time it was started.

Developers may not use these APIs for purposes other than those specified in the privacy manifest file and may not use them for tracking at all. Apps for which the use of required-reason APIs is not explained will no longer be allowed in the App Store from spring 2024.

Almost two years ago it turned out that most popular apps were tracking users with fingerprinting. The apps collect information about, for example, the available storage space, the volume level, the IP address and the chosen accessibility options in order to create a profile of a user. This data allows users to be tracked and advertisers to show them targeted advertisements. With fingerprinting, apps bypass anti-tracking features, such as the App Tracking Transparency feature, which Apple released in April 2021.