Third-party SDK privacy manifest and signatures
Third-party software development kits (SDKs) can provide great functionality for apps; they can also have the potential to impact user privacy in ways that aren’t obvious to developers and users. As a reminder, when you use a third-party SDK with your app, you are responsible for all the code the SDK includes in your app, and need to be aware of its data collection and use practices.
At WWDC23, Apple introduced new privacy manifests and signatures for SDKs to help app developers better understand how third-party SDKs use data, secure software dependencies, and provide additional privacy protection for users. Starting in spring 2024, if your new app or app update submission adds a third-party SDK that is commonly used in apps on the App Store, you’ll need to include the privacy manifest for the SDK. Signatures are also required when the SDK is used as a binary dependency. This functionality is a step forward for all apps, and Apple encourage all SDKs to adopt it to better support the apps that depend on them.
New use cases for APIs that require reasons
When you upload a new app or app update to App Store Connect that uses an API (including from third-party SDKs) that requires a reason, you’ll receive a notice if you haven’t provided an approved reason in your app’s privacy manifest. Based on the feedback we received from developers, the list of approved reasons has been expanded to include additional use cases. If you have a use case that directly benefits users that isn’t covered by an existing approved reason, submit a request for a new reason to be added.
Starting in spring 2024, in order to upload your new app or app update to App Store Connect, you’ll be required to include an approved reason in the app’s privacy manifest which accurately reflects how your app uses the API.
SDKs that require a privacy declaration and signature
Apple has already listed SDKs commonly used in apps in the App Store that, from spring 2024, you will be required to include in a privacy manifest. Signatures are also required when the listed SDKs are used as binary dependencies. Any version of a listed SDK, as well as any SDKs that repackage a listed SDK, are included in the requirement.
- BoringSSL / openssl_grpc
Mobile App Development Trends – 29.02
Working with dates and Codable, Fun with shapes in Compose, The missing guide to deep linking and more!
The open source StarCoder 2 model runs on regular GPUs
Companies are making more and more artificial intelligence-based code generators at an astonishing rate – services like GitHub Copilot and...
Google TV updates the homescreen
You may notice your apps taking a different shape on your Google TV For You screen.
Decompose – Kotlin Multiplatform lifecycle-aware business logic components with routing and pluggable UI
Decompose is a Kotlin Multiplatform library for breaking down your code into tree-structured lifecycle-aware business logic components (aka BLoC), with...
Mobile App Development Trends – 28.02
How to use VariadicView, Comprehensive Guide To Kotlin Context Receiver, OWASP Mobile Top 10 and more!
GitHub opens access to Copilot Enterprise
Copilot Enterprise includes all the features of the existing Business plan, including intellectual property indemnification, but extends it with a...