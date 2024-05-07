



Last week, Apple began requiring iOS developers to justify the use of a specific set of APIs that can be used to fingerprint devices. However, it is claimed that iGiant does not seem to be doing much to ensure that Google, Meta and Spotify comply with the regulations.

Device fingerprinting involves collecting information about various device settings and components and combining them into a single identifier. Because this identifier is likely unique, it can help target people with ads and other things tailored to their individual interests and circumstances.

There are other forms of fingerprinting related to browser settings, HTML Canvas elements, WebGL, fonts, etc., some of which have legitimate commercial applications such as bot detection. But digital fingerprints can also violate privacy and be used to track people online.

We found that apps like Google Chrome, Instagram, Spotify, Threads, etc. were not following the stated reasons.

Apple allows user tracking if given permission, but it largely prohibits device-level fingerprinting in iOS, at least in theory. We officially announced that policy in a recent blog post.

As such, iBiz now requires app developers to provide a reason for using one of the designated “Required Reason APIs” that can be used to fingerprint a device.

Importantly, to maximize privacy, data collected from these interfaces can be used for fingerprinting and must be kept on the user's device.

The iPhone maker explains as much in its developer documentation. “Some APIs that apps use to provide core functionality in user-written code or code included in third-party SDKs may access device signals to attempt to identify a device or user. It can be exploited. This is also known as fingerprinting.'' Apple's developer website says: “Fingerprinting is not allowed, regardless of whether the user has given the app tracking permission.”

Examples of these fingerprint-enabled APIs include the File Timestamp API, System Startup API, Disk Space API, Active Keyboard API, and User Defaults API.

Starting May 1, 2024, apps that don't include a reason for using these APIs in their privacy manifest file will no longer be accepted in the iOS App Store. Previously, Apple simply sent email warnings to non-compliant developers.

According to developers Talal Haj Bakry and Tommy Mysk, some major app makers are simply ignoring Apple's requirements and using the Tracker Happy API without following the rules. Big tech companies like Google, Meta, and Spotify have cited reasons for using this API, claiming that they do not comply with requirements to collect that data and keep that information on devices.

In other words, Google, Meta, and Spotify all collect at least some information from these APIs and send that data off the device, against Apple's rules.

“To prevent abuse of these APIs, Apple will reject apps that do not document their use in their privacy manifest files,” the authors wrote in their advisory. “However, we found that apps such as Google Chrome, Instagram, Spotify, and Threads were not following their stated reasons.”

The Register asked Google, Meta, and Spotify if they actually use these “why APIs” to fingerprint iOS devices and send that data to backend servers, but the last There were no responses to 2 cases. A Google spokesperson confirmed that the company is investigating the report, but did not immediately respond.

“It's difficult to determine whether an app is using that information for fingerprinting,” Mysk said in a message to The Register. “However, Apple has already categorized a set of APIs that may be used for fingerprinting, and apps that access such APIs must declare why they need such access. ”

Apple has published a list of valid reasons to use certain APIs that reveal information useful for fingerprinting. For example, iOS provides an API called systemUptime that you can query to get the amount of time since the device was last rebooted.

Developers who want to use this API can choose from a number of reasons why they are allowed to do so. One of them must be declared in the manifest file. For example, Google selected his 35F9.1. Italics added by us for emphasis.

Apple's rules specifically state that uptime data cannot be sent outside the device, and based on Bakry and Mysk's analysis of network data, Google Chrome appears to be doing just that. There are exceptions to this rule, but those exceptions don't apply to Chrome.

“No, this exception is about using system uptime locally on the device to order events, for example,” Mysk told The Register, adding that Google does not have a He explained that while there is an option to send time intervals, absolute device uptime numbers cannot be sent.

Mysk argues that Apple's Why Need API, like privacy nutrition labels, is tantamount to privacy theater because it appears to be unenforceable.

“Similar to privacy nutrition labels, developers are free to enter whatever they want,” Maiske said.

“Apple doesn't seem to check if the description is accurate. The nutrition label is shown to the user, but the API is not shown as a required reason. So how does this prevent fingerprinting and prevent the user from seeing it?” It's unclear whether it improves the user experience.'' If Apple doesn't review the reasons developers submit, it's a privacy violation. ”

Cupertino did not respond to a request for comment.

Sources 1/ https://Google.com/ 2/ https://www.theregister.com/2024/05/07/apple_fingerprinting_rules/ The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos