In this blog post, I'll share a shell script that helps you to identify if your code base might use a required reason API.
What are "required reason APIs"
Apple classified several APIs that can be misused to access device signals to try to identify the device or user (a.k.a fingerprinting).
The APIs were grouped as follows:
File timestamp APIs
System boot time APIs
Disk space APIs
Active keyboard APIs
User defaults APIs
The actual list of "required reason API", consisting of UserDefaults
, ProcessInfo.systemUptime
and many others, can you find here.
Why check and declare "required reason APIs"
Starting in fall 2023, when you upload a new app or app update to App Store Connect that uses such an API (might be from third-party SDKs) that requires a reason, you’ll receive a notice if you haven’t provided an approved reason in your app’s privacy manifest.
A custom shell script to find those APIs
You might not want to wait on the (future) checks executed during the App Store Connect upload.
I wrote the following shell script to scan Swift / Objective-C files to find potential use of those APIs.
The script is not perfect. The shell script can deliver false positives, e.g. if you declare a creationDate
variable, then the script will find it, although you only have to be concerned if you are using the FileAttributeKey.creationDate
.
If you scan a large code base, I recommend you pipe the results in a text file for easier manual inspection.
bash findRequiredReasonAPIUsage.sh /Users/MarcoEidinger/MySLargeSwiftProject > results.txt
Let me know if you find ways to improve the script further, and I'll update it.