Apple’s App Store tightens up on user privacy with new rules for app developers


Share post:

Apple for years has made user privacy a focus for its App Store, with rules around data collection, plus requirements around app labeling, anti-tracking measures and the more private “Sign in with Apple” option. Now, Apple will begin to require that developers explain why they need access to select data, under some circumstances, with a new policy designed to crack down on the misuse of APIs.

APIs, or Application Programming Interfaces, are used by developers to extract and exchange data. In the context of the new App Store rule, Apple explains that some APIs can be missed by developers to collect data about users’ devices through “fingerprinting.” That means the APIs are being used to access certain device signals for the purpose of identifying the device or the user. Apple doesn’t allow fingerprinting, even if the user has given the app permission to track them.

As The New York Times reported in 2019, the use of this largely invisible method of user and device tracking was on the rise in the ad industry in response to the increased privacy protections companies like Apple and others, such as Mozilla, had implemented over the years. Those changes made it more difficult for advertisers to use more traditional tracking methods, like cookies or pixels embedded in social media buttons, for instance, the report explained. And with the launch of Apple’s App Tracking Transparency in 2021, the use of fingerprinting was prohibited, but without additional measures to fully police it.

That is starting to change with the new app developer requirement.

Now, when developers want to access certain APIs they will need to provide a reason. Apple explains developers will need to select from one or more of the “approved reasons” that explain how their app will use the API, and then the app can only use the API for those stated purposes. Among the APIs impacted are those around file timestamps, disk space, system boot time, active keyboard and user defaults.

The requirement will go into effect in fall 2023, Apple says. Developers who upload an app or an app update to the App Store after that point without providing a reason for their use of the API will be informed they need to add the approved reason to their app’s privacy manifest before resubmitting. This also extends to third-party SDKs (software development kits) their app is using.

Then, in spring 2024, apps and app updates that don’t include a reason will be rejected.

Apple says if the app needs to use an API for a different reason the developer believes should be approved, they should reach out. 

In conversations on Hacker News, a site frequented by developers, there were concerns expressed over the requirement to provide a reason for UserDefaults, a basic and regularly-used API. But others pushed back on this, noting that it’s not a crackdown on legitimate use, it’s merely a requirement to provide a stated reason.

While new rules always come with the threat of increased App Store rejections, a troubling subject for app developers, Apple in this instance is giving developers several months of lead time to make the necessary changes by starting with warnings that explain what needs to be done.

Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

VW bails on its plan for a $2.1B EV plant in Germany

Volkswagen’s $2.1 billion plan to launch a dedicated electric-vehicle factory in Wolfsburg, Germany is kaput.  The automaker instead...

When predatory investors damage your chances of success

Welcome to Startups Weekly. Sign up here to get it in your inbox every Friday. You know what...

Pudgy Penguins’ approach may be the answer to fixing NFTs’ revenue problems

Pudgy Penguins was once solely known for its 8,888 NFT collection. But ever since 24-year-old Luca Netz...

VC Office Hours: How data can help improve social impact investing

Erin Harkless Moore was always interested in math. So she headed to Wall Street. “It was intoxicating...

Two large equity funds launched this week. What gives?

Two large equity funds came out of the gate this week. So, what gives? Earlier this year...

TechCrunch+ Roundup: How to pitch 7 VCs, building AI moats, immigration law Q&A

Last week at TechCrunch Disrupt (recaps coming soon), I spent less time than usual in the green...

BeReal pushes back at report that it’s losing steam, says it now has 25M daily users

Just under a year ago, the buzzy new social app BeReal looked to be on the rise,...

Why product equity has become a business imperative for the future of digital products

Timothy Bardlavens Contributor Timothy Bardlavens is the director of product equity at Adobe, where he focuses on amplifying Adobe’s...