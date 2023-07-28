A few years ago, Apple introduced its App Tracking Transparency initiative to improve user privacy by incorporating safety measures that prevent advertisers from identifying and tracking users. The company is now taking another important step in that direction by updating its API usage policy for developers. Once the new privacy policy goes into effect, app developers have to justify using any Apple API that could potentially contribute to device fingerprinting and jeopardize user privacy.

In an update to its developer documentation, Apple explained that some APIs that deliver core functionality to apps could be "misused to access device signals to try to identify the device or user, also known as device fingerprinting." To prevent malicious actors from using these loopholes to surreptitiously collect data about their users, Apple is mandating that developers will have to describe why their app or third-party SDK uses these APIs. The company says it will check the reasoning before approving each app on a case-by-case basis.

Apple also clarified that device fingerprinting is not allowed even with user consent, so apps cannot track users under any scenario on any of Apple's platforms, including iOS, iPadOS, tvOS, visionOS, or watchOS. Starting this fall, the company is planning to warn developers who upload apps that use the required reason API without providing a reason. From next Spring, apps that do not justify their use of these APIs in their privacy manifest file won’t be accepted by the App Store.

Even for apps and third-party SDKs that declare a valid reason for using any of the contentious APIs, Apple says that the "declared reasons must be consistent with your app’s functionality as presented to users, and you may not use the APIs or derived data for tracking." In addition, the company also clarifies that "information accessed for this reason, or any derived information, may not be sent off-device." Overall, the updated policy is a step in the right direction, and one that could make Apple's platforms more private than ever before.