In line with its ongoing mission to safeguard user privacy within its App Store, Apple Inc. has recently introduced new regulations for developers. Enforcing stringent criteria concerning data collection, app labeling, anti-tracking measures, and providing privacy-conscious options like 'Sign in with Apple', the tech titan has now added another layer of consumer privacy protection.
This involves compelling developers to clarify the need for their applications to access specific sorts of data, falling within specific conditions. This policy modification, a part of Apple’s efforts to reign in potential misuse of APIs, is an indication of Apple's dogged dedication to the privacy of its users.
Application Programming Interfaces (APIs) are tools leveraged by developers for data exchange and extraction. The recent rule amendment by Apple addresses APIs that, at times, may be abused by developers to gather data about users’ devices by way of 'fingerprinting'. This unauthorised extraction involves the harnessing of device signals to single out the device or the user. Regardless of user consent, Apple prohibits fingerprinting.
A report by The New York Times in 2019 shed light on the burgeoning use of this method of tracking users and devices within the advertising industry. The reason for this is the stringent privacy measures implemented by companies like Apple and Mozilla. These protective measures have made traditional tracking methods like cookies or pixel tracking through social media buttons redundant, hence the shift towards fingerprinting, the report suggested.
Additionally, with the advent of the App Tracking Transparency feature from Apple in 2021, fingerprinting methods were banned. However, without adequate measures to regulate it effectively, this practice continued.
Apple has now taken a significant step to address this issue. Under the new directives, developers seeking access to certain APIs must state a valid reason. Developers are required to choose from a list of 'approved reasons' that comprehensively outline how their apps would use the API. The API can then only be used for the purposes stated. APIs that fall under this jurisdiction include those for system boot time, active keyboard, user defaults, disk space, file timestamps, amongst others.
This policy will be making its debut in the fall of 2023, Apple unveiled. Developers attempting to update an existing app or upload a new one without providing a clarified reason for API use will be prompted to add the approved reason to their app's privacy manifest before they can resubmit. This requirement extends to any third-party SDKs (software development kits) in use by their app.
Beginning in the spring of 2024, any app updates or new apps that fail to provide a reason will be rejected. Apple encourages developers to reach out if they believe another legitimate reason not included in the given options should be sanctioned for API usage.
While the prospect of potentially higher App Store rejections following these new rules could be worrisome for developers, they are given ample time to make the necessary modifications. Apple’s approach starts with warnings that clearly articulate the needed actions.
A similar approach to user privacy protection resides at the heart of AppMaster. With its vision to accommodate a broad range of customers, AppMaster's platform also upholds rigorous standards built around preserving customer privacy and data security. Its unique capability to regenerate applications from scratch to eliminate technical debt resonates with Apple's dedication towards a safer and fairer app development ecosystem.
