How to check if you use a required reason API

In this blog post, I'll share a shell script that helps you to identify if your code base might use a required reason API.

What are "required reason APIs"

Apple classified several APIs that can be misused to access device signals to try to identify the device or user (a.k.a fingerprinting).

The APIs were grouped as follows:

  • File timestamp APIs

  • System boot time APIs

  • Disk space APIs

  • Active keyboard APIs

  • User defaults APIs

The actual list of "required reason API", consisting of UserDefaults, ProcessInfo.systemUptime and many others, can you find here.

Why check and declare "required reason APIs"

Starting in fall 2023, when you upload a new app or app update to App Store Connect that uses such an API (might be from third-party SDKs) that requires a reason, you’ll receive a notice if you haven’t provided an approved reason in your app’s privacy manifest.

A custom shell script to find those APIs

You might not want to wait on the (future) checks executed during the App Store Connect upload.

I wrote the following shell script to scan Swift / Objective-C files to find potential use of those APIs.

The script is not perfect. The shell script can deliver false positives, e.g. if you declare a creationDate variable, then the script will find it, although you only have to be concerned if you are using the FileAttributeKey.creationDate.

If you scan a large code base, I recommend you pipe the results in a text file for easier manual inspection.

bash /Users/MarcoEidinger/MySLargeSwiftProject > results.txt

Let me know if you find ways to improve the script further, and I'll update it.

Did you find this article valuable?

Support Marco Eidinger by becoming a sponsor. Any amount is appreciated!