mysk, Apple's attempt to prevent fingerprinting through the required reason API seems to be useless. Facebook just updated their iOS app. The app still sends the uptime and disk space information off-device. It declares reasons that prevent the app from sending such data as per Apple documentation:
#privacy #iOS #tracking #InfoSec #Apple
Screenshot of a request sent by Facebook showing free disk space being sent in the body of the request.
Screenshot of the privacy manifest of the Facebook app listing the following reasons for accessing uptime and disk information: 36F9.1 85F4.1 E174.1
Important If you upload an app to App Store Connect that uses required reason API without describing the reason in its privacy manifest file, Apple sends you an email reminding you to add the reason to the app's privacy manifest. Starting May 1, 2024, apps that don't describe their use of required reason API in their privacy manifest file aren't accepted by App Store Connect.