That's not how UserDefaults work. UserDefaults are created solely by the app. So, if I wrote a book-reading app, for example, the app might write into UserDefaults that I stopped reading on page 43. So, when the app gets relaunched, it remembers where I was at. It's settings generated only by the app, not other apps. These settings are sandboxed (like all apps) and can't be read by other apps - unless the app belongs to an "app group"... And app-groups can only belong to a single developer (like FB & Insta).
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Developers Required to Justify Use of Some APIs in Latest Move to Boost Privacy
- Thread starter MacRumors
- Start date
- Sort by reaction score
As a consumer, it would absolutely stop me from downloading an app.
For fun, just having a good conversation, what's some of the last apps you've downloaded? Threads for Instagram, which looks to be a failure, literally shares everything and in 24 hours had millions of downloads. ChatGPT, another example of everybody shares. I'm curious if you've not used any of these services and still remained competitive and connected. Again, just a conversation, not making any point.
UserDefaults is about saving your settings. You know when you load an app it remembers stuff like, light and dark mode, or the icon you've chosen, or reading preferences? Stuff that's your custom settings. That's what UserDefaults is. And it's just a key value storage. It doesn't read anything sensitive. By default it's like an empty vault. Then you add stuff like "darkmode: true" for your preferences.
I am going to speak as an app developer. This is just going to make things a huge pain in the rear in already a horrible painful process with next to any real gains in privacy if anything at all.
Cutting off easy access to things like userdefaults we all us to store basic things in is well just stupid. I store user preferences in there or have I shown some screen to explain to a new user how something work. Hey what was the last version of the app launch to know do I need to show patch notes.
What color theme does the user want to us.
For screen size stuff. I grab that often times to do minor changes to the layout. On smaller screens I have a smaller default padding to scrape up a little more space. This is also true why the device is grab device for slightly different things to show the user.
If you think it is going to slow down fingerprinting that is a joke. All this is just more paper work to make things more difficult. The biggest part of tracking everyone us is having you create an account then it does not matter at all. They have an account on you.
Cutting off easy access to things like userdefaults we all us to store basic things in is well just stupid. I store user preferences in there or have I shown some screen to explain to a new user how something work. Hey what was the last version of the app launch to know do I need to show patch notes.
What color theme does the user want to us.
For screen size stuff. I grab that often times to do minor changes to the layout. On smaller screens I have a smaller default padding to scrape up a little more space. This is also true why the device is grab device for slightly different things to show the user.
If you think it is going to slow down fingerprinting that is a joke. All this is just more paper work to make things more difficult. The biggest part of tracking everyone us is having you create an account then it does not matter at all. They have an account on you.
Is systemup any faster than just using the timestamp from the clock to get the delta?. I have never dug that deep into Apple API on that level. I know Android has a call to get system clicks (cpu cycle) but I never check to see is Apple has something like that as I tend to just grab the timestamp.
Rejected in terms of REJECTED means apple rejected a build for a release of an app. It does not mean much. Almost every app out there has been rejected at least once if not more than once. Oh and here is a kicker for you. Often times no changes are made and just resubmit and it goes threw. Counts as a rejection but not really.
That or it is some minor paper work thing or something stupid.
Believe me the app review process is more of a exercise in frustration than anything else. It is massively inconsistent. Things approved for years are all of a sudden rejected even though that had not been touched ever. Hell one app I worked on we got rejected multiple times for the exact same thing that we already had written on why Apple is wrong on it and they agree. New review comes in same thing and our response was copy pasted from the last time and point to Apple own response at saying they were wrong. We rinsed and repeated that about every 6 months.
This is why I love the App Store: Every API call has a purpose and reason to be executed. If it’s suspicious, dangerous or compromises privacy, it’s out. No excuses.
It's more like, a clock is that, a clock. It can be modified by the user, or synced from a source
SystemUptime never changes, never syncs, it gets reset once the device gets reset, and by that time your app was already terminated
I know for many cases it is extremely paranoid and any side effects can be mitigated by placing a limit to the delta, but if I'm calculating a delta, I want something that has little chances of failing
I was looking if Apple introduced something like a privacy-concious delta API recently, but it doesn't seems like it. There's still posts on the Swift forum telling people to use SystemUptime for reliable deltas
Good, Apple's stopping some apps from getting through.
Meanwhile others are raking in millions and Apple does nothing:
Apple’s App Store Hosts 84 Scam Apps That Rake In Millions
The fraudulent apps also saw 7.2 million unique downloads for the month of May.
Apple’s $64 billion-a-year App Store isn’t catching the most egregious scams
The App Store has a scam problem
www.theverge.com
Apple’s tightly controlled App Store is teeming with scams
Apple claims its App Store is carefully curated so that only the best apps get through. The truth is, the App Store is littered with scams and "fleeceware," which uses fake user ratings to trick customers into paying for something they don't want.
www.washingtonpost.com
Chiming in to say I wish Apple would also expand the options for location requests to have more in-between. For example, when a form asks for my location to fill in my zip code or state, I wish instead of giving my exact location, I could authorize Apple to share the zip code or county or state only, for example. Or "Deny location this one time," since tapping Deny is permanent and you have to go into Settings to change it.
This is something that barely gets talked about outside of dev circles
Sometimes the reviewer is plainly ignorant and can't understand your explanations and they never try to discuss the issue. In dev circles, when that happens, the advice is to accept the rejection, wait for the next day, submit the exact same thing and hopefully you'll get a better reviewer than the one before. This is faster than trying to escalate things.
I think the general public has a weird concept of what App Review actually is, like 95% of the rejections for apps are subjective technicalities about an app's paywall
You wait a day? I just have my build machine make a new build so it has a new build number and resubmit.
You are right the review process at the end of the day is a joke. It is for the most part feel good and have people filled out paperwork correctly at the end of the day.
I can tell by reading all the comments here who is a real app developer and gets it and then the ones who don't have a clue what it is like. The ones of us who are in the development world know that this new rule change by apple is a complete joke and just is going to make it even more painful and can also tell you nothing is really gained in terms of privacy to the user. It is 100% a feel good move with zero gains. Yet people scream it is so great. Reality is otherwise. It is complete feel good and has marginal if any gains. It makes it slightly and I mean ever so slightly harder to the fingerprinting. By slightly it means I would need to jump threw one more minor hoop and be exactly were I was before.
Last edited:
Without you knowing it FB could hoover up data insta is dropping into user defaults.
I haven’t downloaded either of those. I try to download apps as minimally as possible in general, because with free apps I’m very wary as they usually turn me into the product, and obviously with paid apps I want to make sure I really need it before I pay money.
I probably value my personal information more than most. If given a choice I would much rather pay for each app I use than have them track me and take my information. But alas with apps like social media apps, that isn't really a choice, which is one of the reasons I don’t use them. With rare exception, I’m generally very willing to stop using an app if I believe it unnecessarily invades my privacy.
But I’m also not great at guarding my information because I’m not extremely knowledgeable about all the ways that apps collect my information, as that takes time to research and keep on top of the changing strategies for every app. That’s why I’m very appreciative of Apple’s efforts like this to reduce tracking on my behalf, or at least make tracking transparent. The reason I switched to Apple from Android many years ago was because I wanted to spend less time researching and fixing my tech tools and more time just using them—but now that I’ve become more aware of the rampant privacy issues in tech, maybe the biggest reason I stay with Apple is because of their efforts to safeguard my privacy.
I think it’s an interesting point. To me, it’s even more reason for Apple to put in privacy safeguards. Many users don’t care. I think even more don’t understand.
While an argument could be made that it’s not Apple job to keep data on iPhone private as much as possible, that wouldn’t be my view.
Good. Period. It's for the 'USER' not AI and other info collectors. Let the rants begin....but most USERS will support this..it's a never ending war.
In an effort to bolster user privacy, developers will need to justify their use of certain Apple APIs before their apps can be listed on the App Store, according to a new article on the Apple developer website spotted by 9to5Mac.
The Apple Developer website now lists some APIs as "Required Reason APIs," meaning that developers have to clarify why they are using them in their privacy manifest. Some commonly used APIs, such as UserDefaults, which stores user preferences, now fall under the Required Reason category.
With the launch of watchOS 10, iOS 17, iPadOS 17, tvOS 17, and macOS Sonoma later this year, developers will receive a warning if they submit apps using a Required Reason API without specifying its usage. From spring 2024, any apps using these APIs without a legitimate justification will be rejected in the review process.
Apple explains that main reason for this change is to curb fingerprinting, a method used to track users across different apps and websites. Fingerprinting uses API calls to gather details about a user's device, such as screen resolution, model, and operating system. This data is then used to create a unique "fingerprint," enabling the user to be identified across various apps or websites.
According to Apple, Required Reason APIs will guarantee that apps only employ these APIs for their prescribed use. In the event of a rejection, Apple will permit developers to contest the decision and submit a request for approval if their case does not fit within the existing guidelines. See the Apple Developer website for more information.
Article Link: Apple Developers Required to Justify Use of Some APIs in Latest Move to Boost Privacy
I’m not a developer, just a consumer tech enthusiast who values privacy. Obviously I have no technical insight to offer, but I do question what Apple would have to gain by implementing this new rule if it has no effect.
You say it’s a “feel good move”, but do you mean for Apple to feel good? That doesn’t sound like a realistic and adequate motivation for a corporation.
Or do you mean for the public to “feel good”, as in Apple is doing it to get more sales? Maybe I’m wrong, but I don’t think they are going to advertise this new rule as a selling point, so I’m doubtful that it will bring in significantly more sales.
You could say that Apple is just doing it so that they can tout that they’re doing something in the name of privacy—but why would Apple put any time and energy into doing something completely ineffective that will only make life harder for developers and bring blowback? Why not put effort into something actually effective? It just doesn’t seem like Apple would do something like this unless they really believed it was helpful. So are they just dumb? That seems unlikely as well.
I have no answers, just my doubts and questions.
I’m not glad that this rule gives more work to developers, but if it does indeed help to deter tracking, then the extra work should be blamed on the developers who abuse and undervalue privacy.
As the old adage goes: “This is why we can’t have nice things”.
Therein lies the irony - something that’s inconvenient for the developer is actually to the benefit of the consumer.
Yeah, let's get mad at Apple instead of the ducktard developers who are abusing the API's to track users without their consent.
First of all, you have no idea what the process will be at this time. It may just require you to type up a simple explanation of why you need to use the API's, so they can check and make sure that's all you're doing. 2 minutes of your time.
And I'm pretty sure wrong about the "gains". If there was nothing going on, then Apple wouldn't be doing this. Apple has obviously noticed some developers trying to sneak around or completely ignore their tracking consent system, so they felt the need to implement this change.
I don't think is even benefits the consumer. Instead it is going to cause more noise of pointless text so when bigger items thst have to get listed get ignored.
Plus the newest list of items will most likely make things worse.
Every crash and basic analitics tool access all the device basic info. Device model matters, device os matters. Hell even system uptime matters when a crash happens.
Almost every app will access user defaults and it been in use as long as the app store has been around. The number of 3rd party libraries in use that touch this stuff in use are affected. The items listed are not small numbers in use.
Apple crash tracking and metrics supplied are God awful and very limited and don't provide much to get useful data. At best it is 10% of the user base.
And the fact that you think blocking this from use is going to make doing fingerprinting any harder is laughable.
Let me tell you a single line that is valid and covers full access to the list of API'S. "Improve system/app performance. Improve use for the user. Monitoring system performance".
The api listed are amount the most common one used ALL apps. System defaults is pretty much used on any app in some way. Screen size is again super common to use.
If apple wants to make it harder simple load basic things for like phone name appa read. Just say iOS device or iPhone there and it makes more useless for tracking purposes. In my own app development I have used the phone name to find my own test data to make sure something was working right.
The stuff they are blocking or requiring stuff just means paper work at best for the most commonly used Apis.