Apple Third Party Privacy Manifest Requirement

Question

I created a privacyInfo file for our SDK and added to Sources. Our SDK is open source and we publish it via Cocoapods.

privacyInfo

How can we ensure that the privacyInfo is added to the correct location and it will be picked up correctly?

I tried to check if it was being picked up whilst generating a privacy report within a sample app that uses our SDK, but it's not.

I have updated the sdk podspec to include: spec.resource_bundles ={ "MYSDK" => ["Sources/PrivacyInfo.xcprivacy"]}

Answer 1

Apple recently published a page describing the correct location for the PrivacyInfo.xcprivacy manifest file in apps and frameworks. https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/adding_a_privacy_manifest_to_your_app_or_third-party_sdk

It includes how to set the Package for Swift Package Manager, but not for Cocoapods. Your spec.resource_bundles line looks like what I've seen others using to include the manifest file. See also: Adding Privacy Manifest to CocoaPods iOS SDK

If your manifest is not being included in Xcode's privacy report from an archive, it might be malformed, or missing one or more of the 4 required entries.

As for how to know if your privacy manifest is being picked up by Apple's submission process, they would have to answer that. But so far, many people have seen the emails only mention things found in the app binary and the app extensions. There was nothing about manifests or APIs from embedded dynamic frameworks (even if they lacked manifests.)

In this article https://developer.apple.com/news/?id=pvszzano they list the rules of what is not accepted and say:

In the future, these required reason requirements will expand to include the entire app binary. If you’re not using an API for an approved reason, please find an alternative.