Apple to Enforce Stricter API Rules to Improve iOS Privacy

Apple is planning to implement stricter API rules to prevent iOS developers from collecting more user data than they need. The stricter API rules will require developers to justify why they need to use some API with required reasons in their app’s privacy manifest if they don’t want to see it being rejected by Apple.

“Apple is committed to protecting user privacy on our platforms. We know that there are a small set of APIs that can be misused to collect data about users’ devices through fingerprinting, which is prohibited by our Developer Program License Agreement,” the company explained on its developer portal yesterday (via 9to5Mac)

For those unfamiliar, fingerprinting is a mobile identification technique that’s invisible to the user. It relies on IP addresses, operating systems, and other information about mobile devices that advertisers can use to serve targeted ads.

Apple first communicated these new API rules to developers at its WWDC conference last month. The company start to implement them later this fall, and this will be a two-step process:

• Starting this fall, Apple will notify developers if they failed to justify the use of an API that requires a reason in a new app or app update.
• In Spring 2024, Apple will require all developers to document an approved reason for the use of an API when they upload a new app or app update to the App Store.

Apple often likes to emphasize that its iPhones offer the best built-in privacy and security protections. If these stricter API rules sound look like they will better protect users, Apple also said that it may allow developers to use an API that isn’t already covered by an approved reason if it’s justified by a new use case that benefits users.