References for Apple's Privacy Requirement for App Developers
I hadn’t planned to write this because it seemed that most apps should already be dealing with these requirements. However, after spending a considerable amount of time on this, I felt it would be a waste not to document the experience. Thus, I’ve managed to summarize it in this post.
Why
Developers need to ensure that their privacy manifests include the required reasons when using certain libraries (e.g., an analytics library) and APIs (such as UserDefaults
). This policy applies to all app submissions after May 1st, 2024.
As excerpted from Apple’s announcement:
Starting May 1, 2024, new or updated apps that have a newly added third-party SDK that‘s on the list of commonly used third-party SDKs will need all of the following to be submitted in App Store Connect:
- Required reasons for each listed API
- Privacy manifests
- Valid signatures when the SDK is added as a binary dependency
I don’t remember the exact version, but I’m certain that the current Xcode no longer automatically generates the required privacymanifest.info
file when creating a project. Thus, some developers might need to manually generate one due to this requirement.
While resolving this requirement isn’t overly complicated, I found the descriptions scattered and somewhat difficult to comprehend (at least for me). Therefore, I compiled the related references, hoping this can serve as a useful resource should I need to revisit this issue.
Reference
- Adding a privacy manifest to your app or third-party SDK
- Describing data use in privacy manifests
- Describing use of required reason API
- Upcoming third-party SDK requirements
- Detecting when your app contacts domains that may be profiling users
- Get started with privacy manifests (WWDC23)
Tool
And finally, I randomly came across this site while dealing with Apple’s privacy requirements. It’s such a useful tool that I regret not finding it earlier. Kudos to Donny Wals!