Enforcement of Apple Privacy Manifest starting from May 1, 2024

One of the latest privacy changes by Apple is that developers need to describe the data they are collecting in the app by themselves, or through third-party SDKs and to provide the required reasons for the APIs it uses. This blog post outlines some of the latest changes, from the main deadlines Apple has set to explaining what a privacy manifest file is, and covers how to create and configure these files, among other updates.  

There are two main deadlines that Apple has shared:

• March 13th, 2024: From this date, Apple is already contacting app developers if their uploaded applications need to explain the reasons behind data collection.
• May 1st, 2024: Starting this date, new apps that don’t describe their use of required reasons API in their privacy manifest file aren’t accepted by App Store Connect. Additionally, new or updated apps with a newly added third-party SDK on the list of commonly used third-party SDKs will need to be added as well.

In the future, these required reason requirements will expand to include the entire app binary.

What is a Privacy Manifest file?

The privacy manifest file, a `plist` file, records the types of data collected by the application or third-party SDKs. For each API requiring justification, it details the reasons for its usage. When you prepare to distribute your app, Xcode will combine the privacy manifests across all the third-party SDKs used by your app into a single, easy-to-use report with the app’s privacy manifest file. With one comprehensive report summarizing all the third-party SDKs found in an app, it will be even easier to create more accurate Privacy Nutrition Labels.

You can find an example Privacy Manifest file that uses the user’s first and last name as a personalization and User Defaults API to read/write data accessible only by the app to help you get started. 

What are Privacy Nutrition Labels?

Introduced with iOS 14, Privacy Nutrition Labels is an App Store feature that provides users with enhanced transparency regarding the data the app collects from their device and how that data is used. This creates standardized information to help users make informed decisions.

App developers must provide accurate information in these labels, which privacy manifests are designed to enable. 

How to create a Privacy Manifest file?

To create a Privacy Manifest file, in Xcode go to File → New → File → App Privacy under the Resources section.

By default, it will be added by the name, `PrivacyInfo.xcprivacy`. Select your app or third-party SDK’s target in the Targets list.

If you distribute your third-party SDK as a static library, use the support for static frameworks in Xcode 15 or later to bundle resources, including the privacy manifest file. Create a framework target in Xcode that builds your product, set its Mach-O type build setting to “Static Library”, and add the privacy manifest file to your target’s bundle resources along with any other resources.

Configuring your Privacy Manifest file

After creating the privacy manifest file, you need to add the following top-level keys to the dictionary:

• NSPrivacyTracking: A boolean indicating whether your app or SDK uses data for tracking as defined under the App Tracking Transparency framework.
• NSPrivacyTrackingDomains: An array of strings listing the internet domains your app or SDK connects to that engage in tracking. Network requests to these domains will fail if the user has not been granted permission through the App Tracking Transparency framework. If you set NSPrivacyTracking to true, you must list at least one domain. Otherwise, you can leave it empty.
• NSPrivacyCollectedDataTypes: An array of dictionaries describing the data types your app or third-party SDK collects.
• NSPrivacyAccessedAPITypes: An array of dictionaries describing the privacy-sensitive API types your app or third-party SDK accesses and the reasons for accessing them.

In “What is a Privacy Manifest file?” above,  you can find an example of a privacy manifest file with all these details added to the `plist`.

Setting up Collected Data Types

Developers must record the categories of data that the app or third-party SDK collects about the users and the reasons for the data collection. For each type of data your app or third-party SDK collects, add a dictionary to the NSPrivacyCollectedDataTypes array in your privacy information file. Add the following keys to the dictionary.

• NSPrivacyCollectedDataType: A string that identifies the type of data your app or third-party SDK collects. For more information, check out all the data types.
• NSPrivacyCollectedDataTypeLinked: A Boolean that indicates whether your app or third-party SDK links this data type to the user’s identity. For more information, see Data linked to the user in App privacy details on the App Store.
• NSPrivacyCollectedDataTypeTracking: A Boolean that indicates whether your app or third-party SDK uses this data type to track.
• NSPrivacyCollectedDataTypePurposes: An array of strings that lists why your app or third-party SDK collects the data. Choose values from the list of purposes documented that match the reasons your app or third-party SDK collects this data type.

Setting up Required Reasons API Types

Some APIs that your app uses have the potential of being misused to access device signals to try to identify the device or user, also known as fingerprinting. Regardless of whether a user gives your app permission to track, fingerprinting is not allowed. Apps using the required reason APIs must declare approved reasons for their use, and they may only be used  for the stated purposes.

For each category of required reason APIs that your app or third-party SDK uses, you’ll need to add a dictionary to the NSPrivacyAccessedAPITypes array. Each dictionary should contain the following keys:

• NSPrivacyAccessedAPIType: A string identifying the category of required reason APIs your app or SDK uses. The value must be one of the approved categories listed by Apple.
• NSPrivacyAccessedAPITypeReasons: An array of strings identifying the approved reasons for using the APIs. The values must be the approved reasons associated with the accessed API type, as listed by Apple.

You can see all the specific details in the following Apple article.

Summary of required reason APIs

• File timestamp APIs: Require reasons for accessing file timestamps, like creationDate, modificationDate, fileModificationDate, contentModificationDateKey, stat, etc. Declare reasons like displaying file timestamps, accessing metadata within the app container, or user-granted directories. Use specific reason codes for third-party SDKs or displaying timestamps to users without sending information off-device.
• System boot time APIs: APIs for accessing the system boot time require reasons for use, like systemUptime, mach_absolute_time(). Declare reasons for app functionality or optional bug reports while considering data usage. Ensure prominence in bug reports and adherence to user choices when sending information off-device.
• Disk space APIs: APIs for accessing the available disk space, like volumeAvailableCapacityKey, volumeAvailableCapacityForImportantUsageKey, volumeAvailableCapacityForOpportunisticUsageKey, and volumeTotalCapacityKey require reasons for use. Declare reasons based on app behavior, low disk space impact in health research apps, and user-initiated bug report submissions. Adhere to permission protocols for sending disk space details, avoiding unnecessary downloads, and informative bug report inclusions.
• Active keyboard APIs: ActiveInputNodes API for accessing the list of active keyboards requires reasons for use. Declare reasons for primary app functionality, user interface adjustments, and ensuring active keyboard data remains on the device without transmission.
• User defaults APIs: UserDefaults API for accessing user defaults requires reasons for use. Declare reasons for reading and writing app-restricted data, app group exclusivity, or third-party SDK functionality. Access managed app configurations or feedback stored under specific key sets for Mobile Device Management compatibility, ensuring compliance with the Apple protocol.

Generating a privacy report file

In Xcode after you have archived your app, head to Product → Archive. Control-click the archive in the organizer and choose “Generate Privacy Report.” Save the generated report for future reference.

In conclusion

The enforcement of Apple's Privacy Manifest from May 1, 2024, marks a significant step toward better privacy standards for app developers. This regulation mandates that developers document all data their apps collect, including data through third-party SDKs, and specify why they access certain APIs, all through a privacy manifest file.  

With the introduction of enhanced Privacy Nutrition Labels, Apple aims to standardize privacy disclosures, enabling users to make informed decisions. The crucial deadlines require initial compliance contacts by March 13, 2024, and will reject new apps without proper privacy manifests from the App Store starting May 1, 2024. 

This policy aligns with global privacy trends and sets a benchmark that could influence other platforms. It emphasizes a proactive privacy management approach, urging developers to address potential privacy issues upfront and fostering a safer digital environment for users.