iOS17 Privacy Manifest File
- Background
- About Privacy Nutrition Labels
- Declaration of the data collected by Smaato SDK
- Privacy Manifest Report
- Answering app privacy questions
Background
At WWDC22, Apple introduced Privacy Nutrition Labels, which give users a clear picture of how an app manages their data. These labels offer important details about an app’s privacy practices, helping users understand how their data is handled.
Privacy Manifests allow app developers to document the types of data their app collects on its own and through third-party tools like SDKs. This helps developers provide accurate privacy information to users, such as through privacy labels. Often, developers might not know what data a third-party SDK collects or how it’s used. The Privacy Manifest helps SDKs share this information with developers, ensuring they can create precise privacy labels.
Apple aims to enhance user awareness regarding app privacy practices by providing detailed information on data collection before downloading. As part of this initiative, each app product page on the App Store outlines the types of data collected by the app and whether it is linked to the user or used for tracking purposes.
When submitting an app to App Store Connect, developers are required to address Apple’s privacy inquiries. This involves explaining the data practices of third-party collaborators, such as the Smaato SDK, whose code is integrated into the app.
About Privacy Nutrition Labels
Privacy Nutrition Labels, introduced with iOS 14, give users clear insights into how apps handle their data. They offer standardized details to help users make informed choices. App developers must provide accurate data usage information, including any third-party partnerships, through privacy manifests. These labels, resembling food nutrition labels, are available on each app’s App Store page, providing users with an easy-to-understand summary of data usage practices. Developers must input this information via App Store Connect before publishing or updating an app.
Declaration of the data collected by Smaato SDK
Below is an example of a Privacy Manifest File:-
1. Data usage categories
The following disclosures outline the data collected exclusively by the Smaato SDK.
You are accountable for providing any extra disclosures for your app, encompassing other third-party SDKs utilized in your app. This document serves as a guide for your convenience; Smaato does not make any assertions regarding such information, including its accuracy or comprehensiveness.
For further details on Apple’s data collection disclosure purposes, refer to the provided link.
To more about describing data use in the Privacy Manifest file, please refer to this.
Data collected by Smaato SDK:-
| Identifier Data | Used for Tracking | Linked to User | Purpose |
| Device ID | Yes | Yes | Analytics, Developer’s Advertising or Marketing and Third-Party Advertising |
| Usage Data | Used for Tracking | Linked to User | Purpose |
| Advertising Data | Yes | Yes | Analytics, Developer’s Advertising or Marketing and Third-Party Advertising |
| Location Data | Used for Tracking | Linked to User | Purpose |
| Coarse Location | Yes | Yes | Analytics, Developer’s Advertising or Marketing and Third-Party Advertising |
2. Required reasons for APIs
Apple has introduced new APIs to combat fingerprinting. Apps using these APIs must declare them in the privacy manifest and provide a valid reason. Starting from iOS 17, developers must include an approved reason in the privacy manifest when uploading or updating apps using these APIs. Developers can suggest new approved reasons, and Smaato’s iOS SDK already has identified approved reasons.
| Privacy Accessed API | Privacy Accessed API Type | Privacy Accessed API Reason | Comments |
| File Timestamp APIs | NSPrivacyAccessedAPICategoryFileTimestamp | C617.1: Inside app or group container, per documentation | The SDK is using the NSFileCreationDate and NSFileModificationDate APIs to determine the app installation date and the app update date. |
| System boot time APIs | NSPrivacyAccessedAPICategorySystemBootTime | 35F9.1: Measure time on-device, per documentation | Measure SDK performance (time it took to execute a request etc.) This will be removed in an upcoming release. |
| User defaults APIs | NSPrivacyAccessedAPICategoryUserDefaults | CA92.1: Access info from same app, per documentation | The SDK stores data that is needed for its operation. For example – maintaining how many times the app was launched. |
Privacy Manifest Report
In summary, a privacy manifest provides developers with a comprehensive report on the frameworks and permissions needed by the app and its dependencies. The Smaato SDK’s manifest will be included alongside your app’s manifest, offering a complete overview of your app’s privacy needs.
This is how a privacy report looks when a privacy report is generated with an application integrated with Smaato iOS SDK.
Answering app privacy questions
As you get ready to select your answers from the options presented in App Store Connect, keep in mind:
- You need to identify all of the data you or your third-party partners collect, unless the data meets all of the criteria for optional disclosure listed below.
- Your app’s privacy practices should follow the App Store Review Guidelines and all applicable laws.
- You’re responsible for keeping your responses accurate and up to date. If your practices change, update your responses in App Store Connect. You may update your answers at any time, and you do not need to submit an app update in order to change your answers.
Account Holders, Admins, and App Managers can learn how to enter their responses in App Store Connect.
Last Modified: April 8, 2024 at 12:41 pm