iOS Privacy Measures: GDPR, Privacy Nutrition Labels, App Tracking Transparency and Privacy Manifest Files
Apple has long been recognized as a leader in advocating for user privacy, consistently emphasizing the importance of safeguarding personal information. Over the years, the company has introduced several initiatives designed to enhance transparency and user control over data. This commitment is evident from their sequence of privacy requirements, starting with Apple Privacy Nutrition Labels, then App Tracking Transparency, and most recently, Apple Privacy Manifest Files. This article will focus on these developments, particularly the latest and most complex: the App Privacy Manifest Files.
Before jumping in the details, let’s dive in the legal basics of privacy in the EU.
GDPR in iOS and Android Apps
The General Data Protection Regulation (GDPR), implemented by the European Union in 2018, brought a comprehensive framework aimed at protecting personal data and privacy for individuals within the EU and the European Economic Area (EEA). For iOS and Android apps, adhering to GDPR means navigating both legal requirements and technical challenges, as native apps interact with user data differently compared to web services.
GDPR enforcement in native apps involves understanding the scope and territorial application of the law, ensuring that data processing has a lawful basis, and adhering to data subject rights. App developers must also appoint a Data Protection Officer (DPO) where necessary, provide notifications of data breaches, integrate privacy by design and default, and manage data transfers in compliance with GDPR.
Technical compliance includes integrating Consent Management Platforms (CMP) that manage user consents in a transparent and accessible manner. For instance, TCF-compliant SDKs should listen to the consent signals from CMPs, storing and reading consent statuses to comply with privacy regulations. Native apps must also address how they manage third-party services such as tag managers and in-app browsers, ensuring that they handle user data in line with user consents.
Ongoing compliance monitoring and privacy compliance tools are essential to detect and address potential violations. These tools can help app developers ensure they are not inadvertently tracking users without consent, especially in complex environments like advertisements displayed in WebViews.
Apple Privacy Nutrition Labels
Launched in December 2020, Apple’s Privacy Nutrition Labels on the App Store require developers to disclose their app’s data collection practices. Much like a nutrition label on food products, these privacy labels help consumers understand what personal data their apps may collect and whether it is used to track them, linked to their identity, or used for advertising. This move has brought a new level of transparency, pushing developers to be more forthcoming about their data practices.
App Tracking Transparency
Following the Privacy Nutrition Labels, Apple introduced the App Tracking Transparency (ATT) framework in April 2021. ATT compels app developers to request user permission before tracking their activity across apps and websites owned by other companies. This requirement was a significant step forward in giving users greater control over their personal information and aimed at curbing the pervasive nature of cross-site and cross-app tracking.
It’s crucial to understand, how Apple defines tracking:
“Tracking” refers to linking data collected from your app about a particular end-user or device, such as a user ID, device ID, or profile, with Third-Party Data for targeted advertising or advertising measurement purposes, or sharing data collected from your app about a particular end-user or device with a data broker.
“Third-Party Data” refers to any data about a particular end-user or device collected from apps, websites, or offline properties not owned by you.
Connected with the consent to ATT was back then the restricted access to the ID for Advertisers (IDFA) only.
Apple Privacy Manifest Files
The introduction of Privacy Manifest Files represents Apple’s ongoing commitment to privacy. These manifests require developers to declare the data their apps and any embedded third-party Software Development Kits (SDKs) collect and the APIs being used, particularly to avoid abusing the APIs for fingerprinting the device or user.
The goal is to increase transparency and control further by making it clear what data is collected and how it is used, fostering a safer digital environment. Starting May 1, 2024, apps that don’t describe their use of required reason API in their privacy manifest file aren’t accepted by App Store Connect.
Some APIs that your app uses to deliver its core functionality — in code you write or included in a third-party SDK — have the potential of being misused to access device signals to try to identify the device or user, also known as fingerprinting. Regardless of whether a user gives your app permission to track, fingerprinting is not allowed. Describe the reasons your app or third-party SDK on iOS, iPadOS, tvOS, visionOS, or watchOS uses these APIs, and check that your app or third-party SDK only uses the APIs for the expected reasons.
Besides noting the used APIs, all tracking domains need to be explicitly specified, being blocked by iOS, if user choses NOT to consent to ATT.
Finally the Privacy Nutrition Labels, that initially needed to be entered manually, are now supposed to be part of the privacy manifest of the main app and the used SDKs.
Instructions for App and SDK Developers
App Developers
App developers must now integrate a new level of detail in how they manage and report privacy practices:
1. Create a privacy report with Xcode: Utilize Xcode’s latest features to generate comprehensive privacy reports for apps, identifying potential data collection and usage not compliant with Apple’s guidelines.
2. Address warnings in email from Apple: Respond to any compliance issues flagged by Apple through detailed feedback provided in developer emails.
3. Check SDKs that REQUIRE a privacy manifest and plan updates: It’s crucial to ensure all third-party SDKs used in the app adhere to the new requirements by having updated privacy manifests.
4. Check & ask for SDK privacy manifests: Developers should verify and request privacy manifests from their SDK providers to ensure compliance.
5. Refer to Xcode privacy report: Continually refer back to the privacy report generated by Xcode to monitor and adjust data practices as needed.
6. Plan an appointment if additional questions arise: If developers have further questions or need clarification, they should note these and plan to consult directly with Apple support.
SDK Developers
SDK developers are also required to adopt new practices:
1. Adopt signatures and manifests: Include detailed privacy manifests and use digital signatures to authenticate these documents.
2. Declare tracking domains and required reason API usage: Clearly state any domains used for tracking and justify the use of APIs that require detailed privacy reasons, ensuring they meet Apple’s strict privacy standards.
As part of the privacy manifests, when you are using tracking services or SDKs (NSPrivacyTracking), you also have to specify the tracking domains (NSPrivacyTrackingDomains) either in your app or the SDK. It’s crucial to understand the link between App Tracking Transparency and the Apple Privacy Manifest Files, especially the specification of tracking domains:
If user declined the App Tracking Transparency prompt, ALL URLs specified as Tracking Domains will be blocked by iOS.
This means that without ATT consent, the tracking services affected will partly or completely stop working!
To check the API usage of the SDKs in your app, the following repository might be of good use:
By adhering to these guidelines, developers can help ensure that user data is handled responsibly, reducing the risk of privacy breaches and enhancing user trust.
Examples of Privacy Manifest Files in SDKs
To illustrate the real-life effect, find here some examples of SDKs and how they deal with the requirements.
Tealium
The app privacy manifest files includes two more properties that might be related to Tealium:
NSPrivacyTrackingNSPrivacyTrackingDomains
These two properties refer to Apple’s definition of tracking, so they do not include Tealium’s SDK activity. However, some Tealium customers may still be tracking visitors with the data that is sent through the Tealium Swift SDK. In such cases, it might be required to specify Tealium’s domain as a tracking domain, and that their app is actively tracking their visitors.
If you list Tealium’s domain as tracking domain, Apple will actively block Tealium from receiving tracking data for visitors who deny the authorization for tracking.
Adobe Analytics
Mobile SDK customers are responsible for updating and maintaining their app’s Privacy Manifest. Which extensions customers use, and the specific actions performed using the Mobile SDK, may affect what customers should include in the Privacy Manifest Data Use section.
If you use Tealium as Tag Manager, and Adobe as tracking service, you need to specify the CNAMEs of the tracking domains used:
If you choose to use DNS
CNAMEs for your data collection, you may choose to add those CNAMEs to the Tracking Domains instead of the domain names listed.
https://developer.adobe.com/client-sdks/resources/privacy-manifest/
BRAZE
In Braze Swift SDK v7.5.0, we released a Privacy Manifest outlining the default data that we collect for non-sharing purposes (i.e. for use by brands to support their first-party customer engagement efforts.) Then, in Braze Swift SDK v7.6.0, we released new SDK methods for brands to customize and declare which individual data points fall under the “tracking” category. This means that if a brand chooses to collect specific custom attributes which they intend to share with third parties, the brand can tell Braze to capture those attributes in connection with our new tracking URL, ensuring that they remain blocked from sharing for users who haven’t consented.
We believe that declaring all data to be non-tracking (a common practice among customer engagement platforms, marketing automation solutions, and other SDK providers) may not align with the spirit of Apple’s policies. User privacy is important, and taking thoughtful steps to respect consumer consent is something that all apps should prioritize.
AppsFlyer
Following are the Data Types collected by the AppsFlyer SDK, that are included in the Privacy Manifest:
NSPrivacyCollectedDataTypeDeviceIDNSPrivacyCollectedDataTypeProductInteractionNSPrivacyCollectedDataTypePurposeThirdPartyAdvertisingNSPrivacyCollectedDataTypePurposeAnalytics
These are the Required Reson APIs that are included in the AppsFlyer SDK version 6.14.0 Privacy Manifest:
Any Tracking Domain used in an app or a third-party SDK must be recorded in the privacy manifest. If users do not grant permissions (opt-out) through the App Tracking Transparency (ATT) framework, the iOS operating system will block all outgoing traffic to that domain.
The AppsFlyer SDK checks the user’s ATT status before any server request and executes the request based on whether the user has opted in.
Outbrain
https://sdk.outbrain.com/docs/iOS-SDK/Getting-Started/#privacy-manifest-file-privacyinfo
NSPrivacyTracking = YESNSPrivacyTrackingDomains specified
Conclusion
Apple’s implementation of Privacy Nutrition Labels, App Tracking Transparency, and Privacy Manifest Files showcases their relentless pursuit of enhanced user privacy. Each step has built upon the last, creating a comprehensive framework that empowers users and holds developers accountable. As we continue to navigate the complexities of digital privacy, Apple’s proactive measures offer a blueprint for others in the industry, highlighting the importance of transparency and user control in the modern digital ecosystem.
