Context #
On WWDC23 Apple introduced privacy manifests, a new tool to help developers identify the privacy practices of their app’s dependencies. These Privacy Manifest should include:
- Required Reasons APIs. The use of APIs considered by Apple as “privacy APIs”.
- Privacy Nutrition Labels. The privacy data used by your app.
- Tracking Domains. Apple defines tracking as “the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes.”
Situm SDK uses some of these Privacy Nutrition Labels (privacy data) and Required Reason APIs but not Tracking Domains.
Starting on May 1st 2024 developers will need to declare approved reasons for using a set of APIs in their app’s Privacy Manifest. Before May 1st 2024 we will publish an SDK version that will already include this data in its privacy manifest. If you don’t plan to upgrade or if you don’t want to wait for this new release, you will have to add the following information in your app.
Situm SDK doesn’t use any of the privacy data for Analytics purpose, however if within your app data provided by Situm is used for this purpose you will have to add this information in your app privacy manifest. You can find detailed information about the privacy data used by Situm here.
Situm SDK doesn’t link data to the user, however if whitin your app you associate our anonymized user id with some private user information as it may be the user email or phone number ou will have to add this information in your app privacy manifest.
Information to include in your app Privacy Manifest #
Required Reason APIs used by Situm SDK #
As April 25th, 2024 there appears to be to be a bug in App Store Connect that is impacting SDKs distributed as static frameworks that declare required reasons in privacy manifests. As result of this bug you may reveive a mail from Apple when you try to publish your app. In this mail, Apple warns you that there are three issues with your app of the type ITMS-91053: Missing API declaration for the three required reason APIs used by Situm. To solve this issue you need to add to your’s app’s privacy manifest the NSPrivacyAccessedAPITypes showed in Adding the Privacy Manifest info for Situm SDK.
Situm SDK uses some of the Required Reason APIs. You can find the list of the Required Reason APIs and the reasons you should provide here.
The APIs used by Situm and the reasons are the following:
Required reason APIs | Reasons |
---|---|
File Timestamp APIs | C617.1 |
System Boot Time APIs | 35F9.1 |
User Default APIs | CA92.1 |
Privacy Nutrition Levels (privacy data) used by Situm SDK #
Situm SDK requires some user data that is marked as private by Apple. You can find more information about privacy data and the reason to use it here.
The Privacy Nutrition Labels (privacy data) used by Situm and their purposes are showed in the following table as Situm Purposes. However if your app uses Situm SDK with analitycs purposes, you will have to include the following data types with analytics purposes in your app privacy manifest.
Collected Data Type | Situm Purposes | App Optional Purposes |
---|---|---|
Precise Location | App Functionality | Analytics (e.g. if you use location-based heatmaps) |
Device ID | App Functionality | Analytics (e.g. if you retrieve trajectories for each user) |
Product Interaction | App Functionality | Analytics (e.g. if you retrieve MapViewer usage reports, such as knowing the most clicked POIs) |
Search History | App Functionality | Analytics (e.g. if you retrieve MapViewer usare reports related to the most searched POIs) |
Performance Data | App Functionality | None |
Other diagnostic data | App Functionality | None |
How to compose your app’s Privacy Manifest to include Required Reasons APIs and Privacy Nutrition Labels #
Apple provides a guide to adding your app’s privacy manifest file here. We replicated that guide by adding some images to facilitate its understanding.
- Open your app with Xcode
- Go to File>New>File
- Go to Resource and choose App Privacy
- Check your app in the target list
- Click Create.
- Add the proper info to the file a explained in the next section
Adding the Privacy Manifest info for Situm SDK #
If you use Situm SDK, your Privacy Manifest should look like this. Note that you might need to include other info if required by your app or other libraries you use.
If you prefer to copy & paste the code of the Privacy Manifest, it should look like this:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NSPrivacyCollectedDataTypes</key> <array> <dict> <key>NSPrivacyCollectedDataType</key> <string>NSPrivacyCollectedDataTypePreciseLocation</string> <key>NSPrivacyCollectedDataTypeLinked</key> <false/> <key>NSPrivacyCollectedDataTypeTracking</key> <false/> <key>NSPrivacyCollectedDataTypePurposes</key> <array> <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string> </array> </dict> <dict> <key>NSPrivacyCollectedDataType</key> <string>NSPrivacyCollectedDataTypeDeviceID</string> <key>NSPrivacyCollectedDataTypeLinked</key> <false/> <key>NSPrivacyCollectedDataTypeTracking</key> <false/> <key>NSPrivacyCollectedDataTypePurposes</key> <array> <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string> </array> </dict> <dict> <key>NSPrivacyCollectedDataType</key> <string>NSPrivacyCollectedDataTypeProductInteraction</string> <key>NSPrivacyCollectedDataTypeLinked</key> <false/> <key>NSPrivacyCollectedDataTypeTracking</key> <false/> <key>NSPrivacyCollectedDataTypePurposes</key> <array> <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string> </array> </dict> <dict> <key>NSPrivacyCollectedDataType</key> <string>NSPrivacyCollectedDataTypeSearchHistory</string> <key>NSPrivacyCollectedDataTypeLinked</key> <false/> <key>NSPrivacyCollectedDataTypeTracking</key> <false/> <key>NSPrivacyCollectedDataTypePurposes</key> <array> <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string> </array> </dict> <dict> <key>NSPrivacyCollectedDataType</key> <string>NSPrivacyCollectedDataTypePerformanceData</string> <key>NSPrivacyCollectedDataTypeLinked</key> <false/> <key>NSPrivacyCollectedDataTypeTracking</key> <false/> <key>NSPrivacyCollectedDataTypePurposes</key> <array> <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string> </array> </dict> <dict> <key>NSPrivacyCollectedDataType</key> <string>Other diagnostic data</string> <key>NSPrivacyCollectedDataTypeLinked</key> <false/> <key>NSPrivacyCollectedDataTypeTracking</key> <false/> <key>NSPrivacyCollectedDataTypePurposes</key> <array> <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string> </array> </dict> </array> <key>NSPrivacyAccessedAPITypes</key> <array> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryFileTimestamp</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>C617.1</string> </array> </dict> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategorySystemBootTime</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>35F9.1</string> </array> </dict> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryUserDefaults</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>CA92.1</string> </array> </dict> </array> </dict> </plist>