Apple is at war with device fingerprinting — the use of fragments of unique device-specific information to track users online. This fall, it will put in place yet another important limitation to prevent unauthorized use of this kind of tech.
Apple at WWDC 2023 announced a new initiative designed to make apps that do track users more obvious while giving users additional transparency into such use. Now it has told developers a little more about how this will work in practice.
The latest salvo in a long campaign
Eagle-eyed watchers will know this is a continuation of a war against tracking Apple launched when it limited website access to Safari browser data in 2018, and then again with iOS 14.5 in 2021, when it required developers get users’ express permission to track them. This has been a successful move and at present just 4% of iPhone users in the US permit apps to track them this way.
That statistic alone should convince any skeptics that Apple’s customers really want protection of this kind.
Taking on the fingerprinters
The new move takes aim at another set of tools used to track users, so-called fingerprinting. In brief, every device shares certain unique information that can be used to identify it. Such information might be screen resolution, model, even the number of installed apps. That data can be used to identify a device and track its journey between apps and websites. Of course, devices don’t move alone, so this same data can also be used to track users, and Apple absolutely rejects that.
Some APIs (Application Programming Interfaces) Apple and third parties provide to developers to enable certain features in their apps also provide information that can be abused for device fingerprinting.
As a result, at WWDC it told developers that in future use of such APIs will be subject to review and must also be shared with customers in the App Store privacy manifest for those apps. The idea here is that developers must prove a legitimate need to use those APIs, while customers get information to help them identify any apps capable of spying on them.
Apple does concedes there are legitimate uses
It is worth pointing out that some of these controlled APIs may seem relatively minor. User Defaults, for example, is used to apply and carry user preferences for app colors or setting. However, distinctive information of that kind is precisely what is used to track devices, so there seems little harm in insisting developers overtly define their use, and where that data goes. One way such data is also used is to transfer settings between a developer’s own apps, but Apple has clearly seen instances in which some such uses have been problematic.
While there’s a quantity of bloviation in reaction to Apple’s latest announcement, most developers concede the changes are relatively minor. Developers building apps for Apple’s platforms that rely on these APIs must disclose that use when updating or submitting…
2023-07-28 18:00:04
Article from www.computerworld.com rnrn