At WWDC23, Apple unveiled new privacy manifests and signatures tailored for frequently employed third-party SDKs and declared that developers will need to specify approved reasons for using a particular set of APIs within their app’s privacy manifest. In a blog post, the company outlined the timelines for developers to declare approved reasons for using a set of APIs in their privacy manifest.
Starting March 13, developers uploading a new or updated app to App Store Connect, which uses an API requiring approved reasons, will receive an email notification highlighting any missing reasons in their app’s privacy manifest. This notification complements the existing alert within App Store Connect, providing developers with a comprehensive overview of their privacy compliance status.
Effective May 1, developers should include approved reasons for the listed APIs utilized by their app’s code to successfully upload a new or updated app to App Store Connect. Apple emphasizes the importance of using APIs only for approved reasons and encourages developers to seek alternatives if a particular API isn’t aligned with its intended purpose. Furthermore, if developers integrate a new third-party SDK listed among commonly used third-party SDKs, they should adhere to the API, privacy manifest, and signature requirements associated with that SDK. It is crucial to deploy a version of the SDK that includes its privacy manifest, and signatures become mandatory when the SDK is added as a binary dependency.
This functionality represents a positive stride for all apps, Apple says, aiming to create a more secure and privacy-focused app ecosystem. The company encourages all SDKs to adopt these updates, fostering a supportive environment for the multitude of apps that depend on them.
Comments
Loading…