Apple has always been strict about what it allows on the App Store. Compared to Google Play Store, the App Store has a stricter and longer process of reviewing apps for their eligibility.
This whole process is soon going to get even more rigorous as Apple will start requiring developers to explain why their apps use certain APIs before submitting them for approval.
As detailed on the Apple Developer Website, APIs that can access device signals and could be used to identify a device or user are now classified as "Required Reason APIs".
Starting in fall 2023, when iOS 17, tvOS 17, watchOS 10, and macOS Sonoma are released to the public, Apple will send emails to developers who upload apps to App Store Connect that use these APIs without describing the reason in their privacy manifest file.
Apple explains on its developer site:
To prevent the misuse of certain APIs that can be used to collect data about users' devices through fingerprinting, you'll need to declare the reasons for using these APIs in your app's privacy manifest. This will help ensure that apps only use these APIs for their intended purpose.
If a developer receives an email from Apple about this issue, they will need to update their privacy manifest file to include the reasons for using the required reason API.
The declared reasons must be consistent with the app's functionality as presented to users. In case the developers do not update their privacy manifest file by fall 2024, their app will be rejected from the App Store.
Although this new policy will limit user data tracking, it could also lead to more apps being rejected from the App Store, according to some developers who spoke to 9to5mac. For example, the UserDefaults API is classified as a "Required Reason API," even though it's used by many apps to store user preferences.