Apple’s New Privacy Rule: Developers Must Declare API Use

In a move to further protect user privacy, Apple announced this week that developers will now need to declare their reasons for using certain APIs in their app’s privacy manifest.

This change, announced at WWDC23, is aimed at preventing the misuse of APIs that could potentially be exploited to collect user data through fingerprinting, a practice prohibited by Apple’s Developer Program License Agreement.

The new requirement is designed to ensure that apps only use these APIs for their intended purpose. Developers will need to select one or more approved reasons that accurately reflect how their app uses the API, and the app can only use the API for the reasons selected.

Starting in fall 2023, developers uploading a new app or app update to App Store Connect that uses an API requiring a reason will receive a notice if they haven’t provided an approved reason in their app’s privacy manifest. By spring 2024, including an approved reason in the app’s privacy manifest will become a mandatory requirement for uploading new apps or app updates to App Store Connect.

Apple has also opened a channel for developers to suggest new use cases for APIs with required reasons that aren’t already covered by an approved reason. However, the use case must directly benefit the app’s users. This move underscores Apple’s commitment to user privacy and its efforts to ensure that its platforms remain secure and trustworthy.

Check out the video below to see what’s new in iOS 17 beta 4 released this week: