Apple recently announced that beginning in spring 2024, developers of certain SDKs and apps that use those SDKs will be required to include a “Privacy Manifest,” which lists all tracking domains used in the relevant SDK or app. To determine whether this is relevant to your company, a list of SDKs that require a Privacy Manifest can be found here. Privacy Manifests are required in order to either:
- Submit a new app to the App Store that includes a listed SDK or
- Submit an app update to the App Store that adds one of the listed SDKs.
If users have opted out through the App Tracking Transparency (ATT) framework, iOS system will block outgoing network connections to that domain.
What is in Privacy Manifest? The Privacy Manifest consists of four top-level keys:
- NSPrivacyTracking – Reflects whether your app or third-party SDK uses data for tracking (i.e., behavioral advertising)?
- NSPrivacyTrackingDomains – Lists tracking domains.
- NSPrivacyCollectedDataTypes (i.e., Privacy Nutrition Labels) – Lists the categories of data that your app or third-party SDK collects together with purpose. The responses should match what is currently listed in the relevant app’s Privacy Nutrition Label.
- NSPrivacyAccessedAPITypes – Lists the pre-approved “required reason APIs” used by the app or SDK and the corresponding approved purpose.
How we can help
Through the use of our in-house tool, NT Analyzer, Norton Rose Fulbright can assist attorneys and developers with the new Privacy Manifest requirements, including confirming SDK uses and tracking domains and verifying the accuracy of Privacy Nutrition Labels.
If you are interested in learning more about the firm’s technical capabilities, including a demo of NT Analyzer, please contact NTAnalyzer@nortonrosefulbright.com.