May 6, 2024 at 09:08PM
Apple is compelling iOS developers to justify the use of specific APIs for device fingerprinting while seemingly overlooking compliance by Google, Meta, and Spotify. Device fingerprinting, which gathers unique device identifiers for targeted advertising, raises privacy concerns. Non-compliant apps post-May 1, 2024, face rejection from the iOS App Store. Enforcement of the required reasons API remains ambiguous.
Based on the meeting notes, it seems that there are concerns about certain major app developers, such as Google, Meta, and Spotify, not complying with Apple’s requirements related to the use of specific APIs for device fingerprinting. Apple has made it mandatory for iOS app developers to provide reasons for using designated “required reason APIs” that can be used for device fingerprinting. These reasons need to be included in the privacy manifest file, and data collected from these interfaces must stay on the user’s device to maximize privacy. Apps that fail to include these reasons by May 1, 2024, won’t be accepted in the iOS App Store.
Developers Talal Haj Bakry and Tommy Mysk have highlighted that several major app makers are allegedly ignoring these requirements and not abiding by the rule to keep the collected information on the device. There are concerns that Google, Meta, and Spotify are collecting data from these APIs and not following Apple’s rules.
It’s mentioned that despite Apple’s rules, Google Chrome appears to be sending uptime data off-device, which is in violation of the policy.
Tommy Mysk has also raised concerns about the enforcement of Apple’s “required reason APIs,” suggesting that it might not be effectively preventing fingerprinting and enhancing user privacy if Apple doesn’t rigorously review the reasons submitted by developers.
It’s evident that there are industry concerns about the adherence to Apple’s policies on data privacy and device fingerprinting, and further discussions or actions may be necessary to address these issues.