Open in app

Sign in

Write

Sign in

Photo by Sergey Zolkin on Unsplash

YOU are NOT prepared for Apple’s New Privacy Requirements for iOS App Developers: Comprehensive Guide

Joshua Hart
6 min readJul 29, 2023

As an iOS app developer, one of the most vital parts of your role is to ensure that your app aligns with Apple’s stringent policies and guidelines. In recent years, Apple has placed significant emphasis on user privacy and has mandated a number of new rules designed to offer more transparency about the data collection practices of iOS apps. In this context, Apple has introduced new privacy requirements for app developers that necessitate declaring the data collected by your app or any third-party Software Development Kits (SDKs) used.

Understanding the New Privacy Requirements

Apple’s new privacy requirements focus on the declaration of the data collected by your app, which is documented in the ‘privacy manifest’. The privacy manifest is a report that outlines the categories of data your app and third-party SDKs collect about the user, and the reasons for collecting this data. As an app developer, you need to create this privacy report using Xcode, Apple’s Integrated Development Environment (IDE).

The data collection practices are divided into different categories such as ‘Contact Info’, ‘Health & Fitness’, ‘Financial Info’, ‘Location’, ‘Sensitive Info’, ‘Contacts’, ‘User Content’, ‘Browsing History’, ‘Search History’, ‘Identifiers’, ‘Purchases’, ‘Usage Data’, ‘Diagnostics’, and ‘Other Data Types’. Each category encompasses specific data types that your app may collect.

The reasons for collecting this data are categorized as ‘Third-Party Advertising’, ‘Developer’s Advertising or Marketing’, ‘Analytics’, ‘Product Personalization’, ‘App Functionality’, and ‘Other Purposes’.

Step-by-Step Guide to Compliance

Step 1: Review Your App’s Data Collection Practices

Begin with a comprehensive review of your app’s data collection practices. You need to scrutinize not only the data collected by your app, but also the data collected by any third-party SDKs that your app uses.

Remember, third-party SDKs need to provide their own privacy manifest files, and your app’s privacy manifest doesn’t need to cover data collected by third-party SDKs.

From Apple:
Important

Third-party SDKs need to provide their own privacy manifest files that record the types of data they collect. Your app’s privacy manifest file doesn’t need to cover data collected by third-party SDKs that your app links to.

Step 2: Identify the Categories of Data Your App Collects

Your next step is to identify the categories of data that your app collects.

To get started, you will need to add a dictionary to the NSPrivacyCollectedDataTypes array in your privacy information file for each type of data your app or SDK collects.

In this dictionary, you'll add the following keys: NSPrivacyCollectedDataType, NSPrivacyCollectedDataTypeLinked, NSPrivacyCollectedDataTypeTracking, and NSPrivacyCollectedDataTypePurposes.

Let’s break down some examples based on these categories:

CONTACT INFORMATION:

If your app collects user’s names, you will categorize this data as follows:

  • NSPrivacyCollectedDataType: NSPrivacyCollectedDataTypeName

If your app collects user’s email addresses:

  • NSPrivacyCollectedDataType: NSPrivacyCollectedDataTypeEmailAddress

HEALTH & FITNESS:

If your app collects user’s health and medical data, perhaps through the HealthKit API:

  • NSPrivacyCollectedDataType: NSPrivacyCollectedDataTypeHealth

If your app collects user’s fitness and exercise data, maybe via the Motion and Fitness API:

  • NSPrivacyCollectedDataType: NSPrivacyCollectedDataTypeFitness

FINANCIAL INFORMATION:

If your app collects user’s payment info such as form of payment, payment card number, or bank account number:

  • NSPrivacyCollectedDataType: NSPrivacyCollectedDataTypePaymentInfo

If your app collects other financial information such as salary, income, assets, or debts:

  • NSPrivacyCollectedDataType: NSPrivacyCollectedDataTypeOtherFinancialInfo

LOCATION:

If your app collects user’s precise location:

  • NSPrivacyCollectedDataType: NSPrivacyCollectedDataTypePreciseLocation

If your app collects user’s coarse location:

  • NSPrivacyCollectedDataType: NSPrivacyCollectedDataTypeCoarseLocation

Remember, it’s crucial to be honest and precise about the data your app collects. Misrepresenting your app’s data collection can lead to penalties, and more importantly, it can erode trust with your users.

Once you’ve identified the data types your app collects, the next steps would be to specify whether this data type is linked to the user’s identity (NSPrivacyCollectedDataTypeLinked), and whether your app or SDK uses this data type to track the user (NSPrivacyCollectedDataTypeTracking).

In the next step, you should also identify the reasons your app collects this data by providing an array of strings for the NSPrivacyCollectedDataTypePurposes key, choosing from the list of purposes provided by Apple.

All these steps are critical in crafting your app’s privacy report, which helps maintain transparency and trust with your users. In the next part of this guide, we will walk through the process of generating this privacy report.

Step 3: Add the Relevant Keys to the Dictionary

The dictionaries you create for each data type should include four keys:

  1. NSPrivacyCollectedDataType: A string that identifies the type of data your app collects. This should be chosen from the provided list of data types.
  2. NSPrivacyCollectedDataTypeLinked: A Boolean that indicates whether this data type is linked to the user’s identity.
  3. NSPrivacyCollectedDataTypeTracking: A Boolean that indicates whether this data type is used for tracking purposes.
  4. NSPrivacyCollectedDataTypePurposes: An array of strings that list the reasons your app collects the data. The reasons should be chosen from the provided list of purposes.

Remember, you should only use values from Apple’s provided lists for the NSPrivacyCollectedDataType and NSPrivacyCollectedDataTypePurposes keys. Defining your own data types or reasons will prevent Xcode from generating a correct privacy report.

EXAMPLE:

Here is an example for an app that would be collecting the user’s name, email, phone number and location data:

{
  "NSPrivacyCollectedDataTypes": [
    {
      "NSPrivacyCollectedDataType": "NSPrivacyCollectedDataTypeName",
      "NSPrivacyCollectedDataTypeLinked": true,
      "NSPrivacyCollectedDataTypeTracking": false,
      "NSPrivacyCollectedDataTypePurposes": [
        "NSPrivacyCollectedDataTypePurposeAppFunctionality"
      ]
    },
    {
      "NSPrivacyCollectedDataType": "NSPrivacyCollectedDataTypeEmailAddress",
      "NSPrivacyCollectedDataTypeLinked": true,
      "NSPrivacyCollectedDataTypeTracking": false,
      "NSPrivacyCollectedDataTypePurposes": [
        "NSPrivacyCollectedDataTypePurposeAppFunctionality",
        "NSPrivacyCollectedDataTypePurposeDeveloperAdvertising"
      ]
    },
    {
      "NSPrivacyCollectedDataType": "NSPrivacyCollectedDataTypePhoneNumber",
      "NSPrivacyCollectedDataTypeLinked": true,
      "NSPrivacyCollectedDataTypeTracking": false,
      "NSPrivacyCollectedDataTypePurposes": [
        "NSPrivacyCollectedDataTypePurposeAppFunctionality"
      ]
    },
    {
      "NSPrivacyCollectedDataType": "NSPrivacyCollectedDataTypePreciseLocation",
      "NSPrivacyCollectedDataTypeLinked": true,
      "NSPrivacyCollectedDataTypeTracking": true,
      "NSPrivacyCollectedDataTypePurposes": [
        "NSPrivacyCollectedDataTypePurposeAppFunctionality"
      ]
    }
  ]
}

Step 4: Generate Your App’s Privacy Report

Once you’ve completed these steps, you’re ready to generate your app’s privacy report. This can be done directly in Xcode by following these steps:

  1. Open your project in Xcode.
  2. Choose Product > Archive. Xcode will create the archive and reveal it in the organizer.
  3. Control-click the archive in the organizer and choose Generate Privacy Report.
  4. Choose a location to save the privacy report.
  5. Switch to Finder and navigate to the location where you saved the privacy report. Double-click to open the report in Preview.

The generated privacy report will be organized similarly to the Privacy Nutrition Labels you might have seen on the App Store. Refer to this report when you provide your app’s privacy details in App Store Connect.

Step 5: Provide Your App’s Privacy Details in App Store Connect

The final step in this process is to provide your app’s privacy details in App Store Connect. The privacy report you generated in the previous step will guide you in this process. Providing accurate privacy details in App Store Connect is crucial, as it allows users to understand what data your app collects and why.

Staying Updated with Apple’s Privacy Requirements

Apple’s commitment to user privacy means that their guidelines and requirements for app developers may be updated regularly. As an app developer, it’s essential to keep abreast of any changes and ensure that your app stays in compliance with these requirements.

Helpful Links:

Conclusion

With how serious Apple is with Privacy these days, it’s best to be at the forefront of this wave, instead of trying to fight for air after the wave has hit. The addition of the privacy manifest to Apple’s guidelines demonstrates their commitment to user privacy and transparency. While the new requirements may necessitate some additional work, adhering to these guidelines can build trust with your app’s users, ultimately leading to better engagement and success for your app. By following this guide, you should be well-prepared to navigate the new privacy requirements and ensure your app’s compliance.

Programming
Mobile App Development
IOS Development
Coding
Swift Programming

--

--

Joshua Hart

Written by Joshua Hart

151 Followers

I have been developing iOS mobile apps for over 10 years. I am a father of 5 and reside in Land O' Lakes, Florida.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams