My Experience with Adding Privacy Manifest in Xcode

In October 2023, Chris announced in a vlog series that our team began developing a mood tracker app, which we plan to sell on the App Store. We were all thrilled about the development, and I was especially excited since it was a great opportunity for me to build another app entirely in SwiftUI.

The app took several weeks to develop and was put on hold for a while as two team members, including myself, went on paternity leave. Although the app is a simple mood tracker, the journey to achieve this simplicity took a long time. The app underwent multiple revisions in both design and requirements, reflecting our evolving understanding of how the app should work from a user perspective.

By the time we finished the app, we received an email from Apple requiring all developers to declare a privacy manifest for app submissions and updates. This requirement took effect on May 1, 2024.

From my understanding, there are three important aspects to comply with the new privacy requirements:

1. Requiring a privacy manifest for the use of popular third-party SDKs.
2. Requiring a privacy manifest for the use of APIs that require specified reasons.
3. Declaring your app’s data collection practices in the privacy manifest.

Personally, I found the documentation quite complex and had to navigate through different pages to determine what was needed for the privacy manifest for the mood tracker app.

The mood tracker app we developed was small and simple, so we only added Telemetry for data analytics. If your app uses a third-party SDK, ensure that you install a version that includes a privacy manifest and signature. To know if your third-party library is affected by this requirement, see the list on Apple’s third-party SDK requirements.

If you maintain or contribute to an open-source library and publish it to either SPM or CocoaPods (or both), you must declare a privacy manifest for your library as follows: Adding a Privacy Manifest.

Certain APIs require you to provide reasons for their use, whether from your code or a third-party library. The purpose of providing the reason is to avoid misusing an API to access information that could potentially identify the device or user (also known as fingerprinting).

According to the developer docs, fingerprinting is not allowed under any circumstances, regardless of whether a user gives your app permission to track.

These are the APIs that require you to describe your reasons for use:

1. File timestamp APIs
2. System boot time APIs
3. Disk space APIs
4. Active keyboard APIs
5. User defaults APIs

From the list above, the User defaults API would be used by many apps. If you’re using the UserDefaults API (or any API from the list above), I suggest reviewing the developer docs to declare the reason for its use in your privacy manifest.

Fortunately, the mood tracker app does not use any of the required reasons APIs mentioned above.

This section involves describing the categories of data that your app or third-party SDK collects. You need to read through the developer doc to see if your app’s data use falls into any of the data categories.

Important: Third-party SDKs must provide their own privacy manifest files that record the types of data they collect. Your app’s privacy manifest file doesn’t need to cover data collected by third-party SDKs your app links to.

The mood tracker app uses Telemetry for data analytics, mainly for tracking which scenes or features are being used. In this case, we don’t need to describe the data collected by Telemetry in our app’s privacy manifest; instead, Telemetry describes its data use with its privacy manifest included in its Swift package.

For the mood tracker app, we declared Health and Customer Support as part of the app’s privacy nutrition labels.

The mood tracker app collects health data in the form of emotions and moods logged into the app. However, the app does not provide any user accounts or authentication that would uniquely identify the app user or associate any logged emotions/moods with the user. Therefore, we declared health data use only for App Functionality.

The mood tracker app has a Report a Problem feature located in the app settings screen. This feature opens the Mail app with prefilled information so the user can send feedback via email. When we receive the email feedback, we also receive the user’s email address as the email’s sender information, so we need to declare this as data that can be linked to the user. This data use is described under the Customer Support label in the app’s privacy manifest, and its purpose is mainly to provide App Functionality.

A Common Mistake: When I was declaring the app’s privacy nutrition labels in the privacy manifest, I initially wrote complete sentences to describe the collection purpose. However, at the bottom of the developer doc, you will find the string values that you can use to describe the reason for data collection. You only need to provide one or more of these string values for the privacy label’s collection purposes array:

1. Third-party advertising
2. Developer’s advertising or marketing
3. Analytics
4. Product personalization
5. App functionality
6. Other purposes

The final step is to generate your app’s privacy report. Xcode creates this report by aggregating the privacy manifest from your app and the third-party SDKs it links to. Learn how to create your app’s privacy report from the developer docs.

The privacy report is organized in a way similar to Privacy Nutrition Labels. You can refer to this report when you provide your app’s privacy details in the App Store Connect.