It’s been a few months since Apple’s annual Worldwide Developers Conference (WWDC) and the mobile ecosystem is still evaluating how Apple’s latest round of privacy rollouts will impact their mobile marketing campaigns on iOS.

As we prepare for Apple’s policies, we are committed to keeping our partners informed every step of the way. With that said, in part two of our iOS Retargeting Series, we’re diving into Privacy Manifests — a new policy that will provide users with information about their apps’ data handling across third party SDKs.

Below, learn the basic requirements of Privacy Manifests, how they could impact your mobile marketing campaigns, and what they mean for the mobile ecosystem going forward.

Privacy Manifests: An Overview

As we’ve written before briefly, Privacy Manifests are a continuation of Apple’s Privacy Nutrition Labels introduced at WWDC 2022.

Back in 2020, Apple announced it would require developers to provide privacy “nutrition labels”. Like a nutrition label that lists ingredients and caloric content, these privacy labels will present what information an app collects on a page that looks like the label on the back of a product at the grocery store.

Privacy Manifests will simplify the label creation process by making it easier for developers to provide transparent and unified information about their app’s data handling across all third party SDKs. This will be done through the use of a file called the Privacy Manifest. This file will be collaboratively created by both app and SDK developers.

Privacy Manifests: How it works

With Privacy Manifests, there will be a few more steps required in the app store submission process.

1. Make a Privacy Manifest

If your app uses data for tracking or targeting — which, if your app invests in mobile acquisition or retargeting campaigns it likely is — then you’re going to have to create a Privacy Manifest.

Apple defines tracking as:

“... the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes. Tracking also refers to sharing user or device data with data brokers.”

Some examples Apple gives of tracking includes behavioral targeting, creating and sharing audiences and device graph generation. Data collection that is not considered tracking includes data used for fraud detection and security, to generate credit scores and, of course, data that stays on device.

2. List the data you’re collecting in your Privacy Manifest

List the domains that you’re sending data to using the NSPrivacyCollectedDataTypes dictionary provided in the Privacy Manifest. This dictionary describes the data types an app or third-park SDK collects.

In the Privacy Manifest, developers will be tasked with giving two main types of information.

  • NSPrivacyTracking. This is a Boolean (i.e. a result that can only have one of two possible values: true or values) that indicates whether an app or third-party SDK uses data for tracking as defined under Apple’s ATT framework.
  • NSPrivacyTrackingDomains. An array of strings that lists the internet domains an app or third-party SDK connects to that engage in tracking. If the user has not granted tracking permission through the ATT framework, network requests to these domains will fail.

Once you have input all your privacy information, Xcode will aggregate it to create your full privacy report.

How Privacy Manifests could impact your app marketing campaigns

According to Apple, Privacy Manifests will give app users a better understanding of how their data is used. Furthermore, they’re meant to give app owners better clarity over what data is being collected from their users. This transparency will stop the potential for fingerprinting.

For app developers partnering with DSPs or attribution partners that undertake fingerprinting, this could have a drastic impact on their campaigns.

What is fingerprinting? 

Fingerprinting, also known as device recognition, is a method of attribution sometimes used in mobile marketing. It occurs when publicly available attributes from a person’s phone are used to create a “fingerprint”. These attributes include the device type, operating system, IP, carrier and even screen characteristics. Together, these attributes — or fingerprints — are used by advertisers to track a user across the mobile ecosystem and show them targeted ads.

How Privacy Manifests will affect fingerprinting

With Privacy Manifests, app owners and ad tech vendors will be required to explain why they’re using certain features to collect and track data. For iOS features that are listed by app owners that could be misused for the purpose of fingerprinting, app owners will be required to give a reason why they’re using said tools from a prepared list. This list is not available yet. App owners that do not give a reason for using iOS tools that could be misused for fingerprinting will be contacted by Apple.

Privacy Manifests will require app owners and ad tech vendors to declare tools and reasons used for data collection. This, in turn, will hold players accountable in a way that will likely deter the practice of fingerprinting. However, it will not necessarily render fingerprinting impossible.

But, other upcoming Apple features might. This includes Private Relay, a privacy safeguard that renders a person’s IP address useless for fingerprinting because it redirects web traffic through two separate servers.

At YouAppi, we welcome Privacy Manifests and giving app users more information and control of their data. We are committed to aligning with Apple’s new requirements at the highest level to respect users’ privacy.

Takeaways

Privacy Manifests are a new policy introduced by Apple as a continuation of the Privacy Nutrition Labels. They aim to provide users with information about app data handling across third-party SDKs.

  • Developers must create a Privacy Manifest if their app uses data for tracking or targeting. It will simplify the process of providing transparent information about data handling.
  • Privacy Manifests require listing the data collected and the domains data is sent to. This will include information about tracking and tracking domains.
  • The purpose of Privacy Manifests is to enhance user understanding of data usage. Additionally, they will provide app owners with clarity on collected data. This will deter the practice of fingerprinting.

Get a better understanding of Privacy Manifests and plan your marketing campaigns to align with requirements by reaching out to our team of mobile retargeting and data privacy experts.