Apple Privacy Manifest Update

Overview

At WWDC23, Apple introduced new privacy manifests and signatures for SDKs to help app developers better understand how third-party SDKs use data, secure software dependencies, and provide additional privacy protection for users.

Starting in spring 2024, if your new app or app update submission adds a third-party SDK that is commonly used in apps on the App Store, you must include the privacy manifest for the SDK.

Signatures are also required when you use the SDK as a binary dependency. This functionality is a step forward for all apps, and we encourage all SDKs to adopt it to better support the apps that depend on them. For more information, refer to the official announcement from Apple.

How Does MoEngage Comply with this?

This section describes how MoEngage complies with the new privacy manifests and signatures for SDKs.

Privacy Manifest

The Privacy Manifest is a file that describes the specific privacy practices and data collection activities of an iOS app. It provides essential information to users about how their personal data is collected, used, and shared by the app. This is a requirement by Apple for developers to ensure transparency and allow users to make informed decisions about their privacy. It includes details on the types of data collected (such as personal information, location, browsing history), how the data is used, and whether it is shared with third parties.

Based on the documentation from Apple, "Third-party SDKs need to provide their own privacy manifest files that record the types of data they collect. Your app’s privacy manifest file doesn’t need to cover data collected by third-party SDKs that your app links to."

MoEngage SDKs and associated modules above core version 9.15.0 are compliant with the guidelines from Apple and the following data is declared from the Privacy manifests.

NSPrivacyCollected
DataType
NSPrivacyCollected
DataTypePurposes
Modules with NSPrivacyCollected
DataTypeLinked
Modules with NSPrivacyCollected
DataTypeTracking
UserID Analytics, Product personalization, App functionality MoEngage-iOS-SDK -
Device ID (IDFV) Analytics, Product personalization, App functionality MoEngage-iOS-SDK -
Product interaction Analytics, Product personalization, App functionality - MoEngage-iOS-SDK, MoEngageRichNotification, MoEngageInApps, MoEngageCards, MoEngageInbox, MoEngageRealTimeTrigger, MoEngageGeofence
Precise location Analytics, Product personalization, App functionality - MoEngageGeofence
Coarse location Analytics, Product personalization, App functionality - MoEngageGeofence

Code Signing

When you add third-party binary SDKs to your target as XCFrameworks, the behavior of those packages becomes part of the behavior of your product. An attacker who can inject a compromised version of the SDK into your project can change your app’s behavior and cause security and privacy issues for your developers, testers, and people who use your product. To avoid those, we have code-signed all the MoEngage frameworks.

To comply with the policy, you must upgrade your iOS app with the latest MoEngage SDK.

By When Should I Upgrade My App?

Though the Apple documentation does not mention a specific date, it mentions the following:

"Starting in spring 2024, if your new app or app update submission adds a third-party SDK that is commonly used in apps on the App Store, you’ll need to include the privacy manifest for the SDK."

Therefore, we strongly recommend updating the MoEngage iOS SDK with your next app update. Otherwise, your app update may get rejected.

Previous

Next

Was this article helpful?
0 out of 0 found this helpful

How can we improve this article?