Apple’s New App Store Policy Requires Developers to Explain Access to Data: Crackdown on API Misuse

Apple to Require Developers to Explain Access to Select Data in New Policy

Apple for years has made user privacy a focus for its App Store with rules around data collection, plus requirements around app labeling, anti-tracking measures, and the more private “Sign in with Apple” option. Now, Apple will begin to require that developers explain why they need access to select data, under some circumstances, with a new policy designed to crack down on the misuse of APIs.

of User Privacy

Apple has been at the forefront of ensuring user privacy in its App Store. With rules surrounding data collection and app labeling, as well as anti-tracking measures and the introduction of the “Sign in with Apple” option, the company has consistently prioritized protecting user data. In its latest move, Apple will now require developers to provide explanations for accessing certain data, aiming to prevent the misuse of APIs.

Cracking Down on API Misuse

APIs, or Application Programming Interfaces, allow developers to extract and exchange data. However, certain APIs have been used to collect user device information through “fingerprinting,” a practice Apple strictly prohibits. Even if users have granted permission for an app to track them, fingerprinting remains forbidden. The use of fingerprinting as a hidden method for user and device tracking had grown in response to increased privacy protections implemented by Apple and other companies. With the launch of Apple’s App Tracking Transparency in 2021, fingerprinting was explicitly banned. However, Apple recognized the need for further measures.

Explaining API Access

Starting in fall 2023, developers will be required to explain why they need access to specific APIs. Apple expects developers to select one or more of the “approved reasons” detailing how their app intends to utilize the API. Consequently, the app will only be permitted to use the API for the stated reasons. Several APIs will be affected, including those related to file timestamps, disk space, system boot time, active keyboard, and user defaults.

Timeline and Consequences

The new requirement will go into effect in fall 2023. After this point, developers who upload apps or app updates to the App Store without providing a reason for their API usage will receive notifications to add the approved reason to their app’s privacy manifest before resubmission. This requirement also extends to third-party SDKs utilized by the app. By spring 2024, apps and app updates lacking a reason will be rejected. Apple encourages developers to reach out if they believe their app needs to use an API for a different approved reason.

and Developer Response

The new policy has sparked discussions among developers, particularly regarding the requirement to provide a reason for the widely-used API, UserDefaults. Some raised concerns, while others emphasized that this policy is not a crackdown on legitimate usage, but simply a requirement for providing a stated reason. Although new rules can lead to App Store rejections, causing concerns for developers, Apple has offered a generous lead time by starting with warnings to ensure compliance.

The post Apple’s New App Store Policy Requires Developers to Explain Access to Data: Crackdown on API Misuse appeared first on AsumeTech.

from Technology - AsumeTech https://asumetech.com/apples-new-app-store-policy-requires-developers-to-explain-access-to-data-crackdown-on-api-misuse/