In a bold move to prioritize users’ privacy and security, Apple has announced its plan to crack down on apps that engage in fingerprinting, a controversial practice that involves collecting data on users’ devices through Application Programming Interfaces (APIs) to track their activities across various platforms.
Apple’s new rules will prevent API-based fingerprinting to steal users’ personal data
According to a recent article on Apple’s developer site, the tech giant will enforce stringent rules, starting in iOS 17, tvOS 17, watchOS 10, and macOS Sonoma. These measures will require developers to provide valid explanations for using specific APIs, known as “required reason” APIs, in their apps. Failure to do so could lead to app rejections beginning in the spring of 2024.
Fingerprinting, also referred to as canvas fingerprinting, enables apps to access device signals and extract information such as screen resolution, device model, operating system, and more. By combining this data, a unique digital “fingerprint” is created, allowing apps and websites to track users without explicit consent, potentially infringing upon their privacy.
Apple’s firm stance against fingerprinting is evident in its statement, asserting that regardless of a user’s permission, fingerprinting is strictly prohibited. The company aims to safeguard user data and prevent the misuse of certain APIs that can be exploited for data collection purposes without user knowledge.
While Apple’s initiative to combat fingerprinting is commendable, the implementation of these new rules could lead to an increased rate of app rejections. Some developers have expressed concerns about APIs like UserDefaults, which are widely used in apps for storing user preferences. As these APIs fall into the “required reason” category, developers may face challenges in explaining their necessity without compromising user privacy.
Apple’s approach to addressing fingerprinting highlights its commitment to striking a balance between protecting user privacy and maintaining a trustworthy developer ecosystem. The company recognizes the need to rely on developer declarations regarding API usage and will monitor these declarations to ensure compliance. Any misleading or false declarations could result in penalties, holding developers accountable for adhering to the rules.
Apple’s fight against tracking began with the introduction of iOS 14.5 in 2021, which mandated developers to seek user consent before tracking their activities.