When iOS 17 arrives this fall, it will bring a slew of features that make our iPhones better, including Contact Posters, Standby, and Live Voicemail. But there’s one you might not notice that will make your iPhone safer: a new developer requirement that seeks to cut down on apps that use APIs to track users by “fingerprinting” them.
As spotted by 9to5Mac, iOS 17 introduces a set of “required reason” APIs that need to be defined before an app will be approved for distribution in the App Store. Apple says these APIs “have the potential of being misused to access device signals to try to identify the device or user, also known as fingerprinting.” Developers using one of the five required reason APIs–active keyboard, disk space, file timestamp, system boot time, and user defaults–must declare one or more approved reasons for using each of the APIs and the data they collect.
For example, an app using the file timestamp API must declare why the app needs to display file timestamps to the person using the device, access the timestamps of files inside the app container, or access the timestamps of files or directories that the user specifically granted access to. If those reasons are not met, the developer will not be able to use the API in their app.
For developers that legitimately use these APIs, the extra steps should be quick. However, the rule change could lead to submission rejections for apps that improperly use APIs to collect user data. Apple says the new regulations will go into effect in fall 2023.
