Last year, during Apple's yearly developer conference, the company introduced several privacy updates, including Privacy Manifests, a new tool for app developers & third-party SDK developers to provide the necessary information about their privacy practices and the use of consumer data they collect.

 

This article covers the context behind these updates, what they entail, how Didomi is adapting its iOS SDK accordingly, and what developers must do next to comply with the new requirements.

 

Summary

 

 

 

What are Apple's new privacy requirements?

 

During last year’s Worldwide Developers Conference 2023 (or WWDC23), Apple acknowledged the challenges app developers often face when trying to comply with privacy requirements on the App Store. 

 

Reliance on third-party software development kits (SDKs) often poses practical issues to ensure exemplary privacy practices due to dependencies and a potential lack of transparency. This is why the company decided to introduce Privacy Manifests and signatures:

 

“You are responsible for all code included in your apps, per the App Store Review Guidelines. This includes any data collection and tracking practices. A large part of your app's privacy story often depends on third-party SDKs. We have heard from developers like you that it can be challenging to get all the information you need from the great third-party SDKs that your apps depend on.

 

Privacy manifests are a new way for third-party SDK developers to provide information about their privacy practices. This information helps you accurately represent privacy in your app.”

 

- Tony Tan, Privacy Engineering at Apple (Source: Get started with privacy manifests, Apple WWDC23)

 

Essentially, commonly used third-party SDKs will now be required to help developers better understand what data they use, how, and why to secure software dependencies and provide additional user privacy protection.

 

Privacy manifest files outline the privacy practices of third-party code used in apps to simplify the creation of accurate Privacy Nutrition Labels.

 

Signatures for SDKs will help validate when a third-party SDK is signed by the same developer when adopting a new version.

 

Apple is laying out two main deadlines for app developers in the company’s most recent communication:

 

  • March 13th, 2024: From that date, Apple will contact app developers uploading or updating their apps if their privacy manifest does not explain the reasons behind data collection.

  • May 1st, 2024: From that point forward, app developers must include approved reasons for using the APIs listed in their app’s code. Both privacy manifests and signatures will be required.

 

As a third-party SDK provider, Didomi is introducing changes to ensure compliance with Apple's new requirements.

 

Next steps: Introducing our changes to the Didomi iOS SDK

 

These recent updates from Apple align with our commitment at Didomi to helping our customers provide great privacy experiences (learn more about Privacy UX) to their users and build trust through transparent data practices.

 

We are introducing two updates to our iOS SDK, a month ahead of Apple’s deadline, to ensure our customers have ample time to be compliant with the new requirements:

 

  • We have added the manifest file to our iOS SDK, where we declare the use of User Defaults.

  • We have added a signature mechanism to our SDK.

 

The changes are effective immediately and reflected in the latest version of our iOS SDK.

 

We strongly encourage app developers using the Didomi iOS SDK to upgrade to its latest version 2.3.0. To learn more about our iOS SDK and how to get started, head to our developer documentation:

 

Read our technical documentation