Does Apple’s Required Reason API Thwart Device Fingerprinting?

Mysk Blog – In-Depth Cybersecurity & Mobile App Privacy Research – 3 May 24

Does Apple’s Required Reason API Thwart Device Fingerprinting?

Starting May 1, 2024, Apple requires developers to declare reasons if their apps use APIs that can potentially be misused to collect unique device signals. These unique signals enable abusers to derive a device identifier or fingerprint and result in...

While forcing developers to describe their use of required reason API is a great starting point to stop fingerprinting, it gives a false sense of privacy. Apple doesn’t provide a mechanism to enforce what developers declare. We have seen this approach when Apple introduced Privacy Nutrition Labels. There is no mechanism to verify what developers show on their apps’ Privacy Nutrition Labels.