Apple is continuing to implement privacy protections, this time requiring developers to explain why they need access to certain APIs.
Apple has been implementing a number of features to improve transparency regarding what data apps collect and how that data will be used. The company has published a list of APIs that pertain to sensitive user data, and will require developers to explain why their app needs access to that data before it can be published in the App Store.
The company explains its decision in an article on its developer site:
Apple is committed to protecting user privacy on our platforms. We know that there are a small set of APIs that can be misused to collect data about users’ devices through fingerprinting, which is prohibited by our Developer Program License Agreement. To prevent the misuse of these APIs, we announced at WWDC23 that developers will need to declare the reasons for using these APIs in their app’s privacy manifest. This will help ensure that apps only use these APIs for their intended purpose. As part of this process, you’ll need to select one or more approved reasons that accurately reflect how your app uses the API, and your app can only use the API for the reasons you’ve selected.
The new change will take effect in the fall of 2023:
Starting in fall 2023, when you upload a new app or app update to App Store Connect that uses an API (including from third-party SDKs) that requires a reason, you’ll receive a notice if you haven’t provided an approved reason in your app’s privacy manifest. And starting in spring 2024, in order to upload your new app or app update to App Store Connect, you’ll be required to include an approved reason in the app’s privacy manifest which accurately reflects how your app uses the API.
Developers can find the full list of impacted APIs here.