Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple cracks down on apps identifying users through device fingerprinting

App Store rules have been updated

Apple's App Store has already been rejecting apps that collect user data to circumvent privacy measures, but soon developers will be required to justify their use of certain features.

With its iOS 14 introduction of App Tracking Transparency, Apple improved privacy for all users, and made life harder for advertisers. Some marketing companies switched instead to more complex ways of identifying and tracking users through the use of device fingerprinting.

In a new update to Apple's developer documentation, though, the company says it is going further. Where a developer wants to use an Apple API that could potentially contribute to fingerprinting, they will have to justify using it.

"From Fall 2023 you'll receive an email from Apple if you upload an app to App Store Connect that uses required reason API without describing the reason in its privacy manifest file," says Apple. "From Spring 2024, apps that don't describe their use of required reason API in their privacy manifest file won't be accepted by App Store Connect."

Apple uses the term "required reason API" to distinguish APIs that developers have to justify using, but it also notes that it can change the list as needed.

At present, there are around 30 required reason APIs, and they are applicable across all of Apple's platforms. They cover issues to do with accessing the keyboard, in calculating free disk space left, and how long the user's device has been running.

While there are exceptions within even these APIs, Apple's documentation repeatedly says that "Information accessed for this reason, or any derived information, may not be sent off-device."