What’s new in privacy on the App Store

At Apple, we believe privacy is a fundamental human right. That is why we’ve built a number of features to help users understand developers’ privacy and data collection and sharing practices, and put users in the driver’s seat when it comes to their data. App Tracking Transparency (ATT) empowers users to choose whether an app has permission to track their activity across other companies’ apps and websites for the purposes of advertising or sharing with data brokers. With Privacy Nutrition Labels and App Privacy Report, users can see what data an app collects and how it’s used.

Many apps leverage third-party software development kits (SDKs), which can offer great functionality but may have implications on how the apps handle user data. To make it even easier for developers to create great apps while informing users and respecting their choices about how their data is used, we’re introducing two new features.

First, to help developers understand how third-party SDKs use data, we’re introducing new privacy manifests — files that outline the privacy practices of the third-party code in an app, in a single standard format. When developers prepare to distribute their app, Xcode will combine the privacy manifests across all the third-party SDKs that a developer is using into a single, easy-to-use report. With one comprehensive report that summarizes all the third-party SDKs found in an app, it will be even easier for developers to create more accurate Privacy Nutrition Labels.

Additionally, to offer additional privacy protection for users, apps referencing APIs that could potentially be used for fingerprinting — a practice that is prohibited on the App Store — will now be required to select an allowed reason for usage of the API and declare that usage in the privacy manifest. As part of this process, apps must accurately describe their usage of these APIs, and may only use the APIs for the reasons described in their privacy manifest.

Second, we want to help developers improve the integrity of their software supply chain. When using third-party SDKs, it can be hard for developers to know the code that they downloaded was written by the developer that they expect. To address that, we’re introducing signatures for SDKs so that when a developer adopts a new version of a third-party SDK in their app, Xcode will validate that it was signed by the same developer. Developers and users alike will benefit from this feature.

We’ll publish additional information later this year, including:

    n

  • A list of privacy-impacting SDKs (third-party SDKs that have particularly high impact on user privacy)
  • n

  • A list of “required reason” APIs for which an allowed reason must be declared
  • n

  • A developer feedback form to suggest new reasons for calling covered APIs
  • n

  • Additional documentation on the benefits of and details about signatures, privacy manifests, and when they will be required
  • n

Leave a Reply