Privacy Compliance is not just Privacy Laws --- Apple app store Privacy version

Apple defines Privacy as a fundamental human right. App store currently boasts of about 62% of market share, $1.1 trillion revenue, 2 million apps, 235K enterprise apps and requires compliance with Apple's strict privacy standards to push updates or new apps onto the platform, making this greater than any location centric privacy laws.

In 2022, according to Business Insider, Meta lost $10 Billion of ad revenue, due to unexpected privacy changes in the app store -- Apple enabling iPhone users to opt out of behavior tracking. This amount is 10x the GDPR fines, Meta has paid - $1.2 Billion.

Going into 2024, if you are planning to update or publish an app on the Apple store, here are some important Apple's privacy engineering guidelines to keep track of ---

• App Tracking Transparency Policy (ATT) - Aimed at giving people control over their data tracking, requires apps to incorporate user consent to track user activity across multiple orgs/websites/apps for purpose of advertising or sharing with data brokers.
• Privacy Nutrition Labels - For each app on the app store, Apple wants to show users, what data is collected (categories) and how it is used --- If an user is tracked or data is linked to user identity -- Read Data disclosure details here.
• Privacy Manifests - Files outlining privacy practices of third party integrations (platforms/sdks) for an app in a standardized format. Each privacy manifest, as defined by App Tracking Transparency Policy, contains what data types the code collects, how it is used, whether it is linked to user or tracked. Privacy Manifests and nutrition labels require same definition for data type/use.

a. If you are a Third Party Developer - Create privacy manifest, aligning with the third party functionality, in Xcode navigator by creating a file "PrivacyInfo.xcprivacy".

b. If you are the app developer - You are allowed a separate Privacy manifest for your app, different from the third party provided manifests. Fingerprinting -- using signals to identify device or user is prohibited on the app store. Tracking domains and required reason API usage across approved categories (request for expansion here) can be declared in the privacy manifest. Ios17 Tracking domain feature declines third party code from user tracking without user consent in app tracking functionality and declaration in privacy manifest. App store will actively look for a privacy manifest and signature for Privacy Impacting SDK usage in apps.

• Privacy Report - Aimed at providing a single pane of glass for privacy practices of your app & dependencies. On preparing (building) your app to submit to App store, Xcode will combine all privacy manifests across the app and its third party code into a single, easy-to-report privacy pdf report, summarizing declared data uses. It can be generated by Xcode organizer > Rightclick > Generate Privacy Report.
• Signatures for SDKs - When using third party SDKs, developers want to identify the code that was written by trusted developers. Signatures for SDKs empowers developers to adopt a new version of a third-party SDK in their app, by allowing Xcode to validate that it was signed by the same developer.

Also read Apple's mandatory Account deletion policy and additional Apple Privacy guidelines here.

Sign up for Privacy License 's pilot program, which automates generating of privacy docs for Apple store, here.

Sign up for Privacy Champions program for many informative privacy tips like this!

If you are currently navigating privacy considerations while uploading your app to Apple app store, I'd love to talk to you, sign up here.

Questions I want to leave you with :

Is marketplaces becoming privacy censors -- a necessary step for upholding privacy as a human right or giving away too much power?