Introducing Apple’s Privacy Manifest for iOS Apps

Welcome to a practical guide on creating a PrivacyInfo.xcprivacy file for seamless approval on the App Store. After witnessing the significant interest from users who read my previous article and watched the YouTube video, I’ve decided to provide a hands-on approach in this new article. If you’re new to this topic, don’t worry. This article is designed to provide you with clear and actionable steps to navigate through the process effectively. However, if you need a primer on the topic, feel free to check out the previous article I wrote.

In practical terms, Apple has started sending out notifications about enforcing this policy for your apps. As of May 1, 2024, compliance will be required to pass the App Store review process.

I’ll show you how I created a PrivacyInfo.xcprivacy file that meets Apple’s App Store approval criteria

Step-by-Step Guide: Creating a PrivacyInfo.xcprivacy File for App Store Approval

Before diving into creating the PrivacyInfo.xcprivacy file, it’s essential to understand the app’s privacy practices as outlined on the App Store. This information provides valuable insights into how user data is handled and informs the creation of the privacy manifest.

To streamline the process of describing the data collected by your app or third-party SDKs, Apple provides a helpful tool: the Privacy Report. In Xcode 15, you can easily generate this report by performing an Archive build and then clicking the ‘Generate Privacy Report’ button. This report will provide valuable insights into the data usage within your app, facilitating the creation of your PrivacyInfo.xcprivacy file.

1. Navigate to the “Product” menu in Xcode.
2. Select “Archive” to generate an archive of your project.
3. Once the archive is created, right-click on it.
4. From the context menu, select “Generate Privacy Report”
5. Xcode will then generate a Privacy Report, offering insights into your app’s data usage.

After generating the PercentageCalc-PrivacyReport for your application, take a moment to examine its contents. This report provides valuable insights into how your app handles user data, including information on data collection, third-party SDK usage, and API access. By reviewing this report, you’ll gain a deeper understanding of your app’s privacy practices, which will inform the creation of your PrivacyInfo.xcprivacy file.

To incorporate the privacy manifest into your app or third-party SDK in Xcode, follow these steps:

1. Select ‘File’ > ‘New File’ from the Xcode menu.
2. Scroll down to the ‘Resource’ section and choose the ‘App Privacy File’ type.
3. Click ‘Next’ to proceed.
4. Ensure that your app or third-party SDK’s target is selected in the ‘Targets’ list.
5. Finally, click ‘Create’ to generate the privacy manifest file for your project.

For my app, as it does not utilize data for tracking purposes or connect to any internet domains for tracking, our focus will be solely on providing Privacy Nutrition Labels. In this regard, we will concentrate on filling out the ‘NSPrivacyCollectedDataTypes’ section. This requires an array of dictionaries describing the data types collected by your app or SDK.

It’s best to split the screen, with one part displaying the PrivacyInfo.xcprivacy file and the other showing the generated Privacy Report. While it may be meticulous and tedious work, someone has to do it 🙂

• In the PrivacyInfo.xcprivacy file, navigate to ‘App Privacy Configuration’ and add ‘Privacy Nutrition Label Types’.
• Add the first item.
• Next, go to the Privacy Report, copy the ‘Coarse Location’ data type, and paste it into the ‘Collected Data Type’ value.
• Check the Privacy Report to determine what to write in the ‘Linked to User’ and ‘Used for Tracking (YES/NO)’ values.
• Proceed to add all the items listed in the report under ‘Collection Purpose’, such as:
  • ‘Third-Party Advertising’
  • ‘Analytics’
  • ‘Developer’s Advertising or Marketing’.
• Repeat this process until finished…

Understanding Required Reason APIs in Apple’s Privacy Manifest

Some APIs utilized by your app, either in your code or within third-party SDKs, have the potential to access device signals for identification purposes, known as fingerprinting.

Failure to describe the use of required reason APIs in your app’s privacy manifest file may result in rejection by App Store Connect, with reminders sent via email. Starting May 1, 2024, non-compliant apps won’t be accepted.

Each API usage must be declared with approved reasons that align with the app’s presented functionality. APIs and their derived data should only be used for declared reasons and not for tracking purposes.

Each dictionary in the NSPrivacyAccessedAPITypes array should include the following keys and values:

• NSPrivacyAccessedAPIType: Identifies the category of required reason APIs used by your app.
• NSPrivacyAccessedAPITypeReasons: Specifies the reasons for API usage.

In my case, i added

• NSPrivacyAccessedAPIType of type NSPrivacyAccessedAPICategoryDiskSpace with the value E174.1 to declare this reason to monitor disk space for writing files or deleting them when space is low. The app must visibly adjust behavior based on disk space.
• NSPrivacyAccessedAPIType of type NSPrivacyAccessedAPICategoryUserDefaults with the value E174.1 to declare this reason to access user defaults to read and write information that is only accessible to the app itself.

Finally, you can submit your app to the App Store. If you’ve entered all the entries as in my example and are lucky, your app will be ready to go on the App Store, and you won’t receive any emails informing you of potential privacy issues in your app.

Conclusion: Reflections on Privacy Approach

In conclusion, having published apps across various platforms such as J2ME, Symbian, Windows CE, the App Store, and Android, I find Apple’s stringent privacy requirements somewhat discouraging as an individual developer. It sparks a desire to explore alternative avenues like Progressive Web Apps or alternative app stores. Instead of burdening developers with the task of creating PrivacyInfo.xcprivacy files, Apple could consider directly generating and publishing them on the App Store, given their ability to analyze app packages and identify missing components.

As a bonus, I’m sharing the PrivacyInfo.xcprivacy file that I used for my app. You can download and utilize it as a reference or directly incorporate it into your own project. Happy coding!

If you think your friends or network would find this article useful, please consider sharing it with them. Your support is greatly appreciated.