Engineering

Apple Privacy: A Comprehensive Guide to Privacy Manifest Files

This article offers a guide to Privacy Manifest files in Apple's ecosystem, stressing their importance for transparency and compliance, especially with the upcoming 2024 mandate, outlining steps for implementation, and underscoring their role in promoting user trust and adherence to regulations.

Thu 18 April 2024

Introduction

Privacy Manifest files are a new way for developers to declare the privacy practices associated with a mobile application and its dependencies.

These files maintain transparency and elevate privacy standards by allowing third-party SDK developers to disclose their frameworks' privacy practices. Given the importance of privacy for both users and developers, understanding and implementing privacy manifest files has become indispensable for compliance with Apple's privacy requirements.

With the upcoming mandate in May 2024 requiring the inclusion of privacy manifests for commonly used SDKs in all new app submissions and updates on App Store Connect, the importance of these files is set to increase substantially. Developers are now tasked with grasping the concept and utility of privacy manifest files and mastering the steps for creating and implementing them to adhere to Apple's elevated privacy and security benchmarks. This guide aims to demystify the process, offering developers a comprehensive understanding of privacy manifest files and practical insights into their adoption and execution.

Understanding Privacy Manifest Files

Privacy manifests are essential for developers to clearly outline app dependencies' privacy practices. Named "PrivacyInfo.xcprivacy," these files declares the types of data collected by SDKs, their usage, linkage to the user, and compliance with the App Tracking Transparency policy. They serve multiple purposes:

1- Data Description: They list the categories of data collected, such as contact information, health and fitness data, financial information, and more.

2- Usage Explanation: Each data type's purpose is detailed, whether for analytics, advertising, app functionality, or other uses.

3- Tracking Disclosure: The files specify whether the data is used for tracking purposes, helping developers adhere to privacy regulations.

These manifests are about compliance and transparency, providing developers and, ultimately, users with a clear view of data usage. Starting in May 2024, their inclusion becomes mandatory for all third-party SDKs used in apps on the App Store, ensuring a higher standard of privacy and security across the platform. This initiative is part of a broader movement towards enhancing user trust and data integrity in the Apple Store ecosystem.

Adoption state of Privacy Manifest Files as of today

The analysis covered over 3000 iOS applications in multiple sectors with different characteristics.

As of April 2024, the graph illustrates a concerning trend in iOS application development, with most apps either not implementing or only partially implementing privacy manifest files.

Figure
Graph 1: Global adoption April 2024

In the banking sector, the implementation of privacy manifest files remains predominantly unfinished, with only a minority of apps having fully integrated them, suggesting a potential gap in privacy measures within this critical industry as of the reported period.

Figure
Graph 3: Adoption in the banking sector

In the healthcare sector, while a more significant proportion of applications have made progress toward implementing privacy manifest files compared to the banking sector, a notable portion has not yet started implementation, indicating ongoing challenges in ensuring comprehensive privacy measures within this sensitive industry.

Figure
Graph 3: Adoption in the health sector

Creating and Implementing Your Privacy Manifest

Creating and implementing a Privacy Manifest for your app involves several steps that ensure compliance with Apple's guidelines. Here’s a straightforward guide to help developers through the process:

Steps to Create and Implement the Privacy Manifest:

  • Step 1: Utilize Xcode 15 or later to create the file by navigating to New > File > iOS > Resource > App Privacy.

    Figure
    Figure 1: Add Privacy file manifest file

  • Step 2: Add the newly created Privacy Manifest file to your app’s bundle resources, ensuring it resides in the root directory.

    Figure
    Figure 3: Select Privacy file manifest file target

Figure
Figure 3: Privacy manifest file target added

  • Step 3: At the top level of this property list file, add the following keys to the dictionary:
    • NSPrivacyTracking: A Boolean that indicates whether your app or third-party SDK uses data for tracking as defined under the App Tracking Transparency framework.
    • NSPrivacyTrackingDomains: An array of strings that lists the internet domains your app or third-party SDK connects to that engage in tracking. If the user has not granted tracking permission through the App Tracking Transparency framework, network requests to these domains fail and your app receives an error. If you set NSPrivacyTracking to true then you need to provide at least one internet domain in NSPrivacyTrackingDomains; if set to false, you can provide zero or more domains.
    • NSPrivacyCollectedDataTypes: An array of dictionaries that describes the data types your app or third-party SDK collects. The data categories are Third-party advertising, Developer’s advertising or marketing, Analytics, Product personalization, App functionality, Other purposes.
    • NSPrivacyAccessedAPITypes: An array of dictionaries that describe the API types your app or third-party SDK accesses that have been designated as APIs that require reasons to access. The list of required reasons API is File timestamp APIs, System boot time APIs, Disk space APIs, Active keyboard APIs, User defaults APIs.

Figure
Figure 4: Add Privacy manifest file items

  • Step 4: Add the list of NSPrivacyCollectedDataTypes with the Tytpe and the list of reasons your app or third-party SDK accesses.

Figure
Figure 5: Add NSPrivacyCollectedDataTypes

  • Step 5: Add the list of NSPrivacyAccessedAPITypes with the Type and the list of reasons your app or third-party SDK accesses.

    Figure
    Figure 6: Add NSPrivacyAccessedAPITypes

  • Step 6: Confirm the inclusion of the Privacy Manifest in the app’s build product or archive, verifying its membership in the target.

Key Components of NSPrivacyCollectedDataTypes

Here’s a breakdown of the key components that should be included in the NSPrivacyCollectedDataTypes category:

  • NSPrivacyCollectedDataType: Specifies the type of data collected (e.g., location, contacts).
  • NSPrivacyCollectedDataTypeLinked: A Boolean indicating if the data is linked to the user’s identity.
  • NSPrivacyCollectedDataTypeTracking: A Boolean showing if the data is used for tracking purposes.
  • NSPrivacyCollectedDataTypePurposes: Lists the reasons for data collection, ensuring alignment with predefined purposes by Apple.

Key Components of NSPrivacyAccessedAPITypes

  • The privacy manifest must articulate the specific APIs used with the app and its dependencies.
  • For each API, clear justifications for why this API is used and make sure it adheres to Apple’s guidelines.

Management of Tracking Domains

Privacy manifests aid in managing network connections by cataloging tracking domains. With iOS 17, any unapproved tracking connection is automatically blocked unless the user has granted explicit permission, reinforcing privacy protections.

Creating and Implementing Your Privacy Manifest

List all network connections to identify tracking domains

Figure
Figure 7: Summary network communication

When you run a dynamic scan, Ostorlab lists all the network domains the application communicates with. This is an important resource for identifying the ones used for tracking.

Figure
Figure 8: List all network communication

The API section in the Analysis Environment, list the requests/responses sent to those domains. Using this information you can add the list of domains to the NSPrivacyTrackingDomains.

List all APIs used in the application

Figure
Figure 9: Summary APIs/features

In addition to the domains, Ostorlab lists all the APIs that are used in the application. You need to add those APIs to NSPrivacyAccessedAPITypes If they belong to the required reason APIs defined by Apple.

Identify SDKs missing the privacy manifest files

During the static analysis, Ostorlab will check for the presence of the privacy manifest file in the application and all its Frameworks and will report the ones that are missing the privacy manifest file.

Figure
Figure 10: Missing privacy file manifest

Conclusion

Understanding and implementing privacy manifest files is critical for developers navigating Apple's privacy requirements. This article has walked through the pivotal role these files play in enhancing transparency, adhering to Apple’s privacy standards, and the step-by-step guide on creating and incorporating them into your app development process. As we edge closer to the May 2024 mandate, the importance of mastering privacy manifest files cannot be overstated. Ensuring your app's compliance not only aligns with regulatory expectations but also builds trust with your users by upholding high privacy and security standards. As developers prepare to meet these requirements, it's imperative to continuously review and validate your app's privacy manifests to align with the latest Apple guidelines. To assist in this step, consider scanning your app's IPA in Ostorlab.co to verify the integrity and compliance of your privacy manifest files. By doing so, you not only safeguard your app's standing on the App Store but also reinforce your commitment to privacy, a cornerstone in today's digital ecosystem. Engaging with these practices ensures that we, as a developer community, are not just coding for functionality but are also champions of user privacy and security, setting a standard for the future of app development.