"Apple cracks down on app identifying users through fingerprinting"

The article at Apple cracks down on apps using fingerprinting to track users sounded awfully vague.

The article links to developer documentation at Describing use of required reason API | Apple Developer Documentation .

Do I understand this correctly? If I want to use awful and privacy invading stuff like getting the creation date, modification date for a file or disk free space then I need a reason starting in 2024??? Are they completely gone bonkers?


It looks like most items have a default “reason” value.
I am sure Xojo can handle this automatically in the plist.

The best is needing a reason to use NSUserDefaults.

What I’m confused about is how this will affect sandboxed apps. Typically, none of these problems have been an issue for sandboxed apps. For example, the file metadata permission doesn’t matter since you can’t access files that are not already whitelisted. But NSUserDefaults is perfectly fine in the sandbox, and if I wanted to track the user, I’d just stick a uuid in there. That sounds like the very thing they are trying to crack down on, so this change might also affect sandboxed apps.

I’m not using NSUserDefaults anyway - just easier for both cross platform and tech support reasons - but I am a bit alarmed.

Edit: Looks like the file metadata stuff does affect sandboxed apps. That’s really strange to me. But do we know if this change will present the user with an “allow access” prompt, or is this just for the app privacy report? And if it’s just for the privacy report, do we care if we’re not targeting the App Store?

1 Like

According to the docs the new privacy reasons are only for sandboxed apps.

You are quite correct. I do a UUID, send that to my website and I can track any user. There is no need to “crack down” on modification dates.

Those requirements are for iOS and iPadOS, but not for macOS, according to a german news source (App Store: Entwickler sollen dokumentieren, warum Schnittstellen zum Einsatz kommen | News | MacTechNews.de)

“In autumn 2023 Apple will display a corresponding message when uploading new apps and in spring 2024 documentation will be mandatory. However, this should initially only apply to iOS and iPadOS – but not to the Mac.”

The German article is way better than the Murican one. However, this still doesn’t make any sense at all. And what Apple introduces for iOS will come sooner or later for macOS.

1 Like

So apps reading system preferences via user defaults may get asked to stop that.
I wonder what some apps read there and why the sandbox didn’t block it.