Logo

How to Create a Privacy Manifest for Your iOS App or SDK

Posted - 2024-03-21
Reading time: 4 min read

Table of Contents

How to Create a Privacy Manifest for Your iOS App or SDK

Introduction

As privacy becomes an increasingly important concern for users, Apple is tightening its grip on how apps and third-party SDKs handle sensitive data and APIs. Starting May 1, 2024, Apple will require all iOS, iPadOS, tvOS, visionOS, and watchOS apps and SDKs submitted to the App Store to include a privacy manifest file, describing their use of certain privacy-sensitive APIs and the reasons for accessing them.

This new requirement aims to prevent misuse of these APIs for fingerprinting or tracking users without their consent, even if the user has granted permissions to the app. Failure to comply with this mandate will result in your app or SDK being rejected from the App Store.

In this blog post, we’ll walk you through the process of creating a privacy manifest for your iOS app or third-party SDK, ensuring that you meet Apple’s upcoming requirements.

What is a Privacy Manifest?

A privacy manifest is a property list file (with the extension .xcprivacy) that contains information about your app’s or SDK’s data collection practices and the reasons for using specific privacy-sensitive APIs. This file must be included in your app’s or SDK’s bundle and added to your target’s resources in Xcode.

Creating a Privacy Manifest in Xcode

Follow these steps to create a privacy manifest in Xcode:

  1. Go to File > New > File.
  2. Under the Resource section, select “App Privacy File” as the file type.
  3. Click Next, and ensure that your app’s or SDK’s target is checked in the Targets list.
  4. Click Create.

By default, the file will be named PrivacyInfo.xcprivacy, which is the required name for bundled privacy manifests.

How to Create a Privacy Manifest for Your iOS App or SDK

Configuring the Privacy Manifest

After creating the privacy manifest file, you need to add the following top-level keys to the dictionary:

NSPrivacyTracking

A boolean indicating whether your app or SDK uses data for tracking as defined under the App Tracking Transparency framework.

NSPrivacyTrackingDomains

An array of strings listing the internet domains your app or SDK connects to for tracking purposes.

NSPrivacyCollectedDataTypes

An array of dictionaries describing the data types your app or SDK collects.

NSPrivacyAccessedAPITypes

An array of dictionaries describing the privacy-sensitive API types your app or SDK accesses and the reasons for accessing them.

The NSPrivacyAccessedAPITypes array is where you’ll list the specific API categories and the approved reasons for using them, as outlined by Apple.

For each category of required reason APIs that your app or SDK uses, you’ll need to add a dictionary to the NSPrivacyAccessedAPITypes array. Each dictionary should contain the following keys:

Apple provides a list of API categories and approved reasons that can be included in the privacy manifest. Your app or SDK can only use these APIs for the stated approved reasons, and these reasons must be consistent with your app’s functionality as presented to users.

Additional Considerations

Conclusion

By following these steps and adhering to Apple’s guidelines, you can ensure that your iOS app or third-party SDK meets the upcoming privacy manifest requirements, providing transparency to users and maintaining a strong commitment to privacy.

Stay tuned for more updates and best practices as we approach the May 1, 2024 deadline.

Ready to transform your digital presence?
Contact us today to learn more about our services and how we can help your business grow.
Get Started
Logo

We App Dev Sri Lanka,Transform your digital presence with our expert web and app development services in Sri Lanka.

Services
Company
Get Social

© 2024 App Dev Sri Lanka.

Built with

Next.js Logo