Apple’s iOS 17 is generally available. This FAQ explains the behavior changes and upcoming privacy reporting requirements from Apple that will impact developers’ implementations of mParticle for iOS.
Apple is introducing a new privacy reporting policy with the iOS 17 release that requires app developers to disclose what data they track and what that data is used for.
Apple’s new privacy reporting policy includes two new features in iOS 17:
Privacy manifest files are dictionaries that define the different categories of collected data an app tracks. These files also specify which data can be linked with a user’s identity. They also specify what data collected can be linked with a user’s identity, and they list the different uses of the data.
The mParticle privacy manifest has been written to cover the most common implementations of the mParticle SDK. This means that for most mParticle users, the mParticle privacy manifest is a sufficiently accurate report of what data types are collected.
However, some mParticle users may integrate other 3rd party SDKs within their implementation to do even more with their users’ data. Tracking, even under Apple’s definition, is something the mParticle SDK could contribute to depending on how it is used. For these scenarios, we’ve implemented tracking domains that are unique from our other endpoints. The SDK automatically switches to these endpoints based on the ATTStatus reported to the SDK by your app. If your application uses data for tracking as defined by Apple, add the following two domains to your app’s privacy manifest under the purpose
For more information about privacy manifest files, see Describing data use in privacy manifests in Apple’s developer documentation.
With the release of iOS 17, Apple has designated several APIs as “required reason APIs”. These are APIs that can be misused for device fingerprinting, which is not permitted by Apple even if app users have consented to tracking. The categories of required reason APIs are:
Each category contains several specific required use APIs. For a full list, see Describing use of required reason API in Apple’s developer documentation.
If an app developer uses any of these APIs, they must include a list of which APIs along with their reasons for use, according to the definitions set by Apple, in the privacy manifest file.
The only required reason API used by the mParticle SDK is the user default APIs. This allows mParticle to access user defaults to read and write information that is only accessible to the app itself. This disclosure is included in mParticle’s privacy manifest.
Apple is expected to start enforcing the use of privacy manifests by the spring of 2024. App developers must update to the latest version of the mParticle iOS SDK by this time to remain compliant.
mParticle expects to release a privacy manifest for the iOS SDK to help developers comply with Apple’s new privacy requirements by the fall of 2023. mParticle is planning to release privacy manifests for kits shortly after.
The mParticle iOS SDK is compatible with iOS 17.
This doesn’t mean that apps using the latest version of the mParticle iOS SDK are compliant with the new privacy requirements introduced by Apple for iOS 17.
mParticle is not responsible for ensuring that developers using the mParticle SDK are in compliance with Apple’s privacy requirements.
By providing a complete privacy manifest, mParticle makes it easier for developers using the iOS SDK to comply with Apple’s privacy requirements, but developers are responsible for ensuring that their apps are compliant.
The most recent version of the mParticle iOS SDK (at the time of iOS 17’s release) is compatible with iOS 17. So, if developers are using the latest version of the mParticle SDK at the time of iOS 17’s release, they do not need to upgrade.
The mParticle iOS SDK was updated in version 8.15.0 to support one change in iOS 17. The language code used in iOS 17 now includes the country by default. For example, what was previously reported as “en” is now “en-US”. To maintain consistency in the language data developers collect in iOS apps, mParticle has updated the SDK to change “en-US” back to “en”.
If developers don’t require this consistency, they can use any recent version of the mParticle iOS SDK.
No, mParticle is releasing support for privacy manifests and required use APIs as a GA release.
mParticle is releasing a privacy manifest for the iOS SDK in addition to releasing a privacy manifest for each kit to help developers comply with Apple’s new requirements by spring 2024.
mParticle is coordinating with partners who provide kit integrations to help app developers be compliant by spring 2024.
Any required reason APIs the mParticle SDK uses will be disclosed in a privacy manifest included with the mParticle SDK prior to the spring of 2024.
Apple defines tracking domains as internet domains that your app or a 3rd party SDK connects to that engage in tracking. Apple requires any tracking domains to be listed in an app’s privacy manifest.
The mParticle iOS SDK privacy manifest will list any tracking domains as defined by Apple prior to spring 2024.
If developers use CNAMEs for custom domains, they are responsible for adding any applicable tracking domains to their app’s own privacy manifest. mParticle will provide additional guidance about tracking domains as early as possible in advance of the spring 2024 deadline.
All mParticle kits are compatible with iOS 17.
Before spring 2024, all mParticle kits will be updated to include privacy manifests, and all kits will be provided as binary releases signed by mParticle. While all mParticle kits will be updated to use the latest version of any partner SDKs, mParticle cannot guarantee that all partner SDKs include their own privacy manifests.
Apple Developer Documentation:
Was this page helpful?