Developers
Apple’s iOS 17 is generally available. This FAQ explains the behavior changes and upcoming privacy reporting requirements from Apple that will impact developers’ implementations of mParticle for iOS.
Apple’s recent updates to comply with the Digital Markets Act have introduced several changes, including new options for app distribution and browser engines. After a thorough investigation, mParticle has confirmed that these changes do not require any modifications to mParticle’s SDKs. Our SDKs are designed to function independently of the app’s distribution method, meaning it remains unaffected whether an app is downloaded from the App Store or any alternative platforms. This ensures that mParticle’s services continue to operate seamlessly, providing consistent functionality and privacy compliance for our clients across all supported iOS versions, including iOS 17.
Apple is introducing a new privacy reporting policy with the iOS 17 release that requires app developers to disclose what data they track and what that data is used for.
Apple’s new privacy reporting policy includes two new features in iOS 17:
Privacy manifest files are dictionaries that define the different categories of collected data an app tracks. These files also specify which data can be linked with a user’s identity. They also specify what data collected can be linked with a user’s identity, and they list the different uses of the data.
mParticle’s Apple SDK includes a Privacy Manifest as of version 8.19.0. The mParticle privacy manifest has been written to cover the minimum implementation of mParticle - collecting data for the purposes of analytics.
However, depending on the integrations that you enable within mParticle, you may be required to add more purposes to your app’s manifest. Tracking, even under Apple’s definition, is something the mParticle SDK could contribute to depending on how it is used.
For these scenarios, we’ve implemented tracking domains that are unique from our other endpoints. The SDK automatically switches to these endpoints if the end-user has consented to tracking, based on the ATTStatus reported to the SDK by your app.
If your application uses data for tracking as defined by Apple, you should request the user’s permissions to track and add the following two domains to your app’s privacy manifest under the purpose NSPrivacyTrackingDomains.
tracking-sdks.mparticle.comtracking-identity.mparticle.comFor more information about privacy manifest files, see Describing data use in privacy manifests in Apple’s developer documentation.
With the release of iOS 17, Apple has designated several APIs as “required reason APIs”. These are APIs that can be misused for device fingerprinting, which is not permitted by Apple even if app users have consented to tracking. The categories of required reason APIs are:
Each category contains several specific required use APIs. For a full list, see Describing use of required reason API in Apple’s developer documentation.
If an app developer uses any of these APIs, they must include a list of which APIs along with their reasons for use, according to the definitions set by Apple, in the privacy manifest file.
The only required reason API used by the mParticle SDK is the user default APIs. This allows mParticle to access user defaults to read and write information that is only accessible to the app itself. This disclosure is included in mParticle’s privacy manifest.
Apple is expected to start enforcing the use of privacy manifests by the spring of 2024.
The mParticle iOS SDK is compatible with iOS 17.
This doesn’t mean that apps using the latest version of the mParticle iOS SDK are compliant with the new privacy requirements introduced by Apple for iOS 17.
mParticle is not responsible for ensuring that developers using the mParticle SDK are in compliance with Apple’s privacy requirements.
By providing a complete privacy manifest, mParticle makes it easier for developers using the iOS SDK to comply with Apple’s privacy requirements, but developers are responsible for ensuring that their apps are compliant.
We recommend you update to version 8.19.0 or later which incorporates a privacy manifest and uses dedicated domains for users that consent to tracking.
mParticle is coordinating with partners who provide kit integrations to help app developers be compliant by spring 2024.
Any required reason APIs the mParticle SDK uses will be disclosed in a privacy manifest included with the mParticle SDK prior to the spring of 2024.
Apple defines tracking domains as internet domains that your app or a 3rd party SDK connects to that engage in tracking. Apple requires any tracking domains to be listed in an app’s privacy manifest.
No we do not. Though mParticle has dedicated domains which if desired are meant to be used specifically for tracking:
tracking-sdks.mparticle.comtracking-identity.mparticle.comThe mParticle SDKs will only use these domains if an ATTStatus of “authorized” is provided to the SDK. However, even when the SDK is using these domains, the data may not necessarily be used for “tracking” - it is dependent on how you’ve configured your mParticle workspace. For this reason, the mParticle SDK does not list these domains as tracking domains.
All mParticle kits are compatible with iOS 17.
All mParticle kits are being updated to include privacy manifests, and all kits will be provided as binary releases signed by mParticle. While all mParticle kits will be updated to use the latest version of any partner SDKs, mParticle cannot guarantee that all partner SDKs include their own privacy manifests.
Apple Developer Documentation:
Was this page helpful?