2 min

Tags in this article

, , , ,

Multiple major app providers, including Google, Meta, and Spotify, are disregarding Apple’s recent regulations against device fingerprinting. In the process, they are directly counteracting Apple’s aim to enhance privacy with these rules. However, Apple has not yet taken action to crack down on these violations

Apple staunchly prohibits the use of device fingerprinting, even with user consent. This method allows app providers to collect data on device configurations, potentially singling out users. As a result, this data can be leveraged for tailored advertising, making individuals easily identifiable online.

Tightening device fingerprinting rules

Recently, Apple significantly tightened the rules for app developers around device fingerprinting. Developers of iOS apps must now comply with a specific set of APIs. Examples include APIs for timestamping files, device startup time, disk space, active keyboard and user defaults.

Additionally, the data collected by these APIs must remain on the devices of the respective end users to ensure maximum privacy.

Furthermore, app developers must provide a clear rationale for the use of these APIs in the privacy statement required with the app. This is based on a list of reasons provided by Apple. If developers do not have a valid reason for using the device fingerprinting APIs, their apps will not be admitted to the Apple AppStore starting May 1 this year.

App developers ignore rules

According to independent researchers, however, the enforcement of these new rules is not yet up to par. Numerous prominent app developers, including Google, Meta, and Spotify, are blatantly disregarding Apple’s recent regulations regarding device fingerprinting. Apps like Spotify, Chrome, Instagram, and Threads stand as notable examples that may have faced removal from the App Store by May 1 due to these breaches.

Although the tech companies offer justifications for why their apps gather data from users’ devices, they fail to guarantee that this collected data stays solely on the devices. Google, Meta, and Spotify either provide no answers or offer evasive responses when questioned about their persistence in collecting and transferring data.

The researchers find the reasons given by app developers for collecting data questionable. Exceptions are often invoked in this regard, whereas, according to the researchers, they do not.

Apple is in no hurry

The researchers further indicate that Apple itself is in no hurry to enforce its own regulations. In particular, Apple does not yet explicitly check the reasons why app developers believe they can still perform device fingerprinting. Apple itself has not yet commented on this either.

Read also: Apple implements stricter SDK rules for apps starting May 1st