Apple Inc. will change the App Store’s developer terms of service to combat device fingerprinting, a technique used by some apps to track users’ activity.

The iPhone maker announced the move on Thursday. It first disclosed plans to more actively address device fingerprinting at its WWDC 2023 developer event in June. Earlier, Apple added a clause to its Developer Program License Agreement that prohibits the practice.

“Regardless of whether a user gives your app permission to track, fingerprinting is not allowed,” the company stated in a newly released guide for developers. 

Mobile apps can collect certain technical data about the device on which they’re installed. That data includes the device’s operating system version, configuration settings and related details. Individually, such details are not particularly informative, but in aggregate, they form a unique device fingerprint that can be used to identify and track users across services.

On iOS, apps can only access the data necessary to create a device fingerprint through a limited number of APIs, or application programming interfaces. Those APIs are built directly into the operating system. As part of the changes, Apple will move to more closely regulate the use of the programming interfaces in question.

Some of the APIs that the company is moving to regulate provide device-level data. They can, for example, specify how much time has passed since an iPhone was last restarted. The other APIs provide access to information such as users’ app settings and the amount of storage space available on a device. 

Starting this fall, developers who build an app that connects to the APIs in question will have to explain how the APIs are used. Apple plans to apply the same requirement to software updates released for existing apps. According to the company, a notice will be sent to developers who fail to provide an adequate explanation.

From the spring of 2024 onwards, Apple will only allow apps and updates to be uploaded to the App Store if they use the affected APIs in an authorized manner. Apple has published a list of approved reasons that developers can choose from when explaining their apps’ API use.

“As part of this process, you’ll need to select one or more approved reasons that accurately reflect how your app uses the API, and your app can only use the API for the reasons you’ve selected,” the company stated.

The move is the latest in a series of privacy initiatives launched by Apple over the past few years. In 2021, the company made it easier for iOS users to opt out of app tracking. Earlier, it updated Safari with a set of features designed to block third-party cookies. 

Photo: Pixabay