Apple’s App Store has taken strong measures against apps that gather user data to evade privacy safeguards. However, the company is taking an additional step by requiring developers to provide justifications for using certain features.
With the introduction of App Tracking Transparency in iOS 14, Apple significantly improved user privacy, which posed challenges for advertisers. Some marketing companies turned to more complex methods like device fingerprinting to identify and track users.
In a recent update to Apple’s developer documentation, the company announced a stricter policy. Developers planning to use an Apple API that could potentially contribute to fingerprinting must now provide a clear rationale for its usage.
According to Apple, starting from Fall 2023, developers will receive an email if they upload an app to App Store Connect that uses a required reason API without explaining its purpose in the privacy manifest file. As of Spring 2024, apps that fail to describe their use of the required reason API in the privacy manifest file will not be accepted by App Store Connect.
Apple uses the term “required reason API” to identify APIs that developers must justify, and it reserves the right to modify this list as necessary.
Image credit- Cult of Mac
Currently, there are about 30 required reason APIs applicable across all of Apple’s platforms. They cover various aspects such as accessing the keyboard, calculating free disk space, and determining the user’s device’s running time.
Although some exceptions exist within these APIs, Apple’s documentation emphasizes that “Information accessed for this reason, or any derived information, may not be sent off-device.”
In some cases, the linked documentation describes API calls to retrieve the creation date and modification date of a file as “super awful.” Additionally, obtaining free space seems to have raised concerns. However, all these API calls are harmless.
As a developer, I can understand the frustration surrounding these changes. However, the real issue lies with those who exploit their technical skills for scams instead of creating genuinely valuable technology that benefits people beyond mere advertising revenue.
It’s disheartening to witness the prevailing business model for app developers revolve around capturing users’ attention with free apps and then capitalizing on their data. Sadly, some individuals lack ethics and believe it’s acceptable to exploit others for profit. Consequently, when Apple attempts to limit their data collection methods, they resort to “clever” techniques like using uptime and free space to generate a unique fingerprint.
Speaking for myself, I welcome the opportunity to explain to Apple why I use specific APIs if it means reducing the number of scammers and promoting the development of truly useful applications. It’s time to bid farewell to a business model that hinders progress and instead embrace one that propels humanity forward.
Regarding the mention of the MacOS kernel being a sandbox and accessing free space going “Blockchain style,” it’s important to clarify these terms. “The kernel functions as the nucleus of the operating system, adeptly overseeing system resources to support diverse applications. Conversely, a sandbox represents a delimited realm wherein applications operate autonomously, each endowed with its own allocated storage and memory.” Applications cannot access resources allocated to other apps or the operating system.
When discussing memory access, applications always have the necessary access to perform their intended tasks. However, Apple’s restriction mainly concerns apps that inquire about the total system memory or storage available, as most apps only need access to their specific requirements.
The reference to JavaScript, an interpreted programming language used within web browsers, adds complexity to the discussion. Web browsers control the level of access provided to JavaScript, limiting it to common functionalities across various platforms. “In this context, it is noteworthy that native/non-web applications tend to possess significantly broader access to system resources in comparison to their web-based counterparts.
Lastly, the statement “Apple admits it for URL” seems unclear and disconnected from the overall context. URLs are internet addresses used to locate resources, but their connection to an app’s capabilities on the system remains unclear. It’s essential to focus on the facts and ensure accurate and coherent explanations of technology-related matters.