iOS 17 FAQ

Apple’s iOS 17 is generally available. This FAQ explains the behavior changes and upcoming privacy reporting requirements from Apple that will impact developers’ implementations of mParticle for iOS.

What are the new privacy changes in iOS 17?

Apple is introducing a new privacy reporting policy with the iOS 17 release that requires app developers to disclose what data they track and what that data is used for.

Apple’s new privacy reporting policy includes two new features in iOS 17:

Privacy manifests

Privacy manifest files are dictionaries that define the different categories of collected data an app tracks. These files also specify which data can be linked with a user’s identity and they list the different uses of the data.

mParticle’s Apple SDK includes a Privacy Manifest as of version 8.19.0. The mParticle privacy manifest has been written to cover the minimum implementation of mParticle - collecting data for the purposes of analytics.

However, depending on the integrations that you enable within mParticle, you may be required to add more purposes to your app’s manifest. Tracking, even under Apple’s definition, is something the mParticle SDK could contribute to depending on how it is used.

For these scenarios, we’ve implemented tracking domains that are unique from our other endpoints. The SDK automatically switches to these endpoints if the end-user has consented to tracking, based on the ATTStatus reported to the SDK by your app.

If your application uses data for tracking as defined by Apple, you should request the user’s permissions to track and add the following two domains to your app’s privacy manifest under the purpose NSPrivacyTrackingDomains.

• tracking-nativesdks.mparticle.com
• tracking-identity.mparticle.com

For more information about privacy manifest files, see Describing data use in privacy manifests in Apple’s developer documentation.

Required reason APIs

With the release of iOS 17, Apple has designated several APIs as “required reason APIs”. These are APIs that can be misused for device fingerprinting, which is not permitted by Apple even if app users have consented to tracking. The categories of required reason APIs are:

• File timestamp APIs
• System boot time APIs
• Disk space APIs
• Active keyboard APIs
• User default APIs

Each category contains several specific required use APIs. For a full list, see Describing use of required reason API in Apple’s developer documentation.

If an app developer uses any of these APIs, they must include a list of which APIs along with their reasons for use, according to the definitions set by Apple, in the privacy manifest file.

The only required reason API used by the mParticle SDK is the user default APIs. This allows mParticle to access user defaults to read and write information that is only accessible to the app itself. This disclosure is included in mParticle’s privacy manifest.

What is the deadline to comply with the privacy requirements for iOS 17?

Apple is expected to start enforcing the use of privacy manifests on May 1st 2024. Read Apple’s post for more details.

Compliance vs. compatibility regarding iOS 17

The mParticle iOS SDK is compatible with iOS 17.

This doesn’t mean that apps using the latest version of the mParticle iOS SDK are compliant with the new privacy requirements introduced by Apple for iOS 17.

Who is responsible for complying with Apple’s privacy requirements?

mParticle is not responsible for ensuring that developers using the mParticle SDK are in compliance with Apple’s privacy requirements.

By providing a complete privacy manifest, mParticle makes it easier for developers using the iOS SDK to comply with Apple’s privacy requirements, but developers are responsible for ensuring that their apps are compliant.

Do I need to upgrade my mParticle Apple SDK to support iOS 17?

We recommend you update to version 8.22.0 or later which incorporates a privacy manifest and uses dedicated domains for users that consent to tracking.

How is mParticle supporting privacy manifests within “kit” integrations?

mParticle is coordinating with partners who provide kit integrations to help app developers be compliant by spring 2024.

What changes is mParticle making for required reason APIs?

Any required reason APIs the mParticle SDK uses will be disclosed in a privacy manifest included with the mParticle SDK prior to the spring of 2024.

What are tracking domains?

Apple defines tracking domains as internet domains that your app or a 3rd party SDK connects to that engage in tracking. Apple requires any tracking domains to be listed in an app’s privacy manifest.

Does mParticle list tracking domains in the iOS SDK privacy manifest?

No we do not. Though mParticle has dedicated domains which if desired are meant to be used specifically for tracking:

• tracking-nativesdks.mparticle.com
• tracking-identity.mparticle.com

The mParticle SDKs will only use these domains if an ATTStatus of “authorized” is provided to the SDK. However, even when the SDK is using these domains, the data may not necessarily be used for “tracking” - it is dependent on how you’ve configured your mParticle workspace. For this reason, the mParticle SDK does not list these domains as tracking domains.

How are kits affected by iOS 17?

All mParticle kits are compatible with iOS 17.

All mParticle kits are being updated to include privacy manifests, and all kits will be provided as binary releases signed by mParticle. While all mParticle kits will be updated to use the latest version of any partner SDKs, mParticle cannot guarantee that all partner SDKs include their own privacy manifests.

How do Apple’s changes in response to the Digital Markets Act (DMA) affect mParticle’s services?

Apple’s recent updates to comply with the Digital Markets Act have introduced several changes, including new options for app distribution and browser engines. After a thorough investigation, mParticle has confirmed that these changes do not require any modifications to mParticle’s SDKs. Our SDKs are designed to function independently of the app’s distribution method, meaning it remains unaffected whether an app is downloaded from the App Store or any alternative platforms. This ensures that mParticle’s services continue to operate seamlessly, providing consistent functionality and privacy compliance for our clients across all supported iOS versions, including iOS 17.

Additional resources

• Apple’s announcement for the new privacy requirements: What’s new in privacy on the App Store, published June 15th, 2023

• Apple Developer Documentation:

  • Privacy Manifest Files
  • Describing data use in privacy manifests
  • Describing use of required reason API
  • Video: Get Started with Privacy Manifests
  • User Privacy and Data Use