Apple Lists APIs That Developers Can Only Use for Good Reason – Source: www.securityweek.com

In an effort to boost user privacy by preventing unwanted data collection, Apple is requiring application developers to declare the reason for using specific APIs.

Initially announced at its developer conference last month, the initiative targets a small set of APIs that, Apple says, “can be misused to collect data about users’ devices through fingerprinting”, which is prohibited by the company’s developer program.

To prevent misuse, Apple will require developers to include in their application’s privacy manifest the reasons for using such APIs, to ensure that the APIs are used for their intended purpose only.

“Your app or third-party SDK must declare one or more approved reasons that accurately reflect your use of each of these APIs and the data derived from their use. You may use these APIs and the data derived from their use for the declared reasons only,” Apple explains.

The application’s functionality, the tech giant explains, must reflect the declared reason and app developers are prohibited from using the APIs or the derived data for tracking users.

The APIs covered by this policy include those used for accessing file timestamps, the system boot time, the available disk space, the list of active keyboards, and user defaults.

Starting this fall, Apple will notify developers if they submit or update applications that use such an API without providing a reason in the app’s privacy manifest.

Starting 2024, all new applications or app updates will need to include an approved reason in their privacy manifests, to reflect the use of the API. The policy, Apple announced, applies to APIs from third-party SDKs as well.

Apple has published both the list of required reason APIs and details on what developers need to do to declare approved reasons for them.

Developers with applications that use required reason APIs “to provide benefits to the people using the app” for reasons not covered are encouraged to contact Apple to submit requests for an approved reason.

Related: Apple Blocked 1.7 Million Applications From App Store in 2022

Related: Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks

Related: Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities