In an effort to boost user privacy by preventing unwanted data collection, Apple is requiring application developers to declare the reason for using specific APIs.
Initially announced at its developer conference last month, the initiative targets a small set of APIs that, Apple says, “can be misused to collect data about users’ devices through fingerprinting”, which is prohibited by the company’s developer program.
To prevent misuse, Apple will require developers to include in their application’s privacy manifest the reasons for using such APIs, to ensure that the APIs are used for their intended purpose only.
“Your app or third-party SDK must declare one or more approved reasons that accurately reflect your use of each of these APIs and the data derived from their use. You may use these APIs and the data derived from their use for the declared reasons only,” Apple explains.
The application’s functionality, the tech giant explains, must reflect the declared reason and app developers are prohibited from using the APIs or the derived data for tracking users.
The APIs covered by this policy include those used for accessing file timestamps, the system boot time, the available disk space, the list of active keyboards, and user defaults.
Starting this fall, Apple will notify developers if they submit or update applications that use such an API without providing a reason in the app’s privacy manifest.
Starting 2024, all new applications or app updates will need to include an approved reason in their privacy manifests, to reflect the use of the API. The policy, Apple announced, applies to APIs from third-party SDKs as well.
Apple has published both the list of required reason APIs and details on what developers need to do to declare approved reasons for them.
Developers with applications that use required reason APIs “to provide benefits to the people using the app” for reasons not covered are encouraged to contact Apple to submit requests for an approved reason.
Related: Apple Blocked 1.7 Million Applications From App Store in 2022
Related: Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks
Related: Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
