Skip to main content
HashnodeExpert App Devs

Command Palette

Search for a command to run...

What’s New in Apple's Privacy Manifests?

Published
4 min read
What’s New in Apple's Privacy Manifests?
E
Expert App Devs

We are a leading-edge mobile software and IoT solutions provider in India and the United States with award-winning teams of designers and developers.

Apple has introduced a new requirement for app developers. Now, developers need to explain what data their app or any third-party SDKs collect, and why they need this data.

To comply with this, any apps or third-party SDKs distributed as XCFrameworks, Swift packages, or Xcode projects must include a privacy manifest file called PrivacyInfo.xcprivacy.

What is Privacy Manifest File and Why We Need to Add It?

A privacy manifest is an XML file, named PrivacyInfo.xcprivacy, that follows Apple’s .plist format. It is located in the root of your iOS app's bundle.

The privacy manifest explains all the ways your app might collect data about you or your device. It also tells if the data is used for 'tracking'. 'Tracking' means sharing the data with another company to show you targeted ads (like Google and Meta).

Types of Keys in Privacy Manifest What are They?

#1. Privacy Tracking Enabled

This is a Boolean value indicating whether an app or SDK uses data for tracking, as defined by the App Tracking Transparency framework.

If tracking is enabled, the app collects data about users’ behavior, interactions, or preferences.

If tracking is disabled, the app respects user privacy by not collecting such data without explicit consent.

#2. Privacy Accessed API Types

These are the different types of APIs (Application Programming Interfaces) that an app or third-party SDK (Software Development Kit) uses to access data.

For example, an app might use APIs to access a user’s location, contacts, or camera.

It’s important to specify which APIs your app or SDK accesses and the reasons for doing so.

#3. Privacy Nutrition Label Types

Privacy nutrition labels help app developers communicate their privacy practices to users.

These labels provide information about data collection, data sharing, and security practices.

Think of them as a nutritional label for privacy, helping users understand how their data is handled by an app.

#4. Privacy Tracking Domains

These are internet domains that an app or third-party SDK connects to for tracking purposes.

When an app accesses these domains, it engages in tracking activities.

If a user hasn’t granted tracking permission (e.g., through the App Tracking Transparency framework), network requests to these domains will fail.

Under App Privacy Configuration, create new item and choose Privacy Accessed API Types.

The categories of required reason APIs, which APIs are in each category, and the reasons you can include in a privacy manifest are described in the sections below.

How to create a Privacy Manifest in Xcode

Step 1: Utilize Xcode 15 or later to create the file by navigating to New > File > iOS > Resource > App Privacy.

Step 2: Add the newly created Privacy Manifest file to your app’s bundle resources, ensuring it resides in the root directory.
Step 3: At the top level of this plist file, add these keys to the dictionary:

1. NSPrivacyTracking:

A Boolean indicating if your app or third-party SDK uses data for tracking as defined by the App Tracking Transparency framework.

2. NSPrivacyTrackingDomains:

An array of strings listing the internet domains your app or SDK connects to for tracking. If the user hasn’t granted tracking permission, network requests to these domains fail. If NSPrivacyTracking is true, you must list at least one domain; if false, you can list zero or more.

3. NSPrivacyCollectedDataTypes:

An array of dictionaries describing the data types your app or SDK collects. Data categories include:

  • Third-party advertising

  • Developer’s advertising or marketing

  • Analytics

  • Product personalization

  • App functionality

  • Other purposes

4. NSPrivacyAccessedAPITypes:

An array of dictionaries describing the API types your app or SDK accesses that require reasons. The list of these APIs includes:

  • File timestamp APIs

  • System boot time APIs

  • Disk space APIs

  • Active keyboard APIs

  • User defaults APIs

Step 4: Add the list of NSPrivacyCollectedDataTypes with the Tytpe and the list of reasons your app or third-party SDK accesses.

Step 5: Add the list of NSPrivacyAccessedAPITypes with the Type and the list of reasons your app or third-party SDK accesses.

Step 6: Confirm the inclusion of the Privacy Manifest in the app’s build product or archive, verifying its membership in the target.

Key Components of NSPrivacyCollectedDataTypes

Here’s a breakdown of the key components that should be included in the NSPrivacyCollectedDataTypes category:

1. NSPrivacyCollectedDataType: Specifies the type of data collected (e.g., location, contacts).

2. NSPrivacyCollectedDataTypeLinked: A Boolean indicating if the data is linked to the user’s identity.

3. NSPrivacyCollectedDataTypeTracking: A Boolean showing if the data is used for tracking purposes.

4. NSPrivacyCollectedDataTypePurposes: Lists the reasons for data collection, ensuring they align with predefined purposes by Apple.

Key Components of NSPrivacyAccessedAPITypes

The privacy manifest must detail the specific APIs used by the app and its dependencies. For each API, provide clear justifications for its use and ensure it adheres to Apple’s guidelines.

For more updates subscribe our newsletter on Expert App Devs- iOS App Development Company.

#web-development#app-development#ios-app-development

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Expert App Devs

16 posts

Expert App Devs is a leading customer-focused mobile app development company based out of India. We specialize in native app development as well as specific cross-platform technologies.