abanoub-ashraf/privacy-compliance

iOS Privacy Compliance

Apple has significantly increased privacy requirements. Non-compliance can result in App Store rejection. This skill covers everything you need for privacy compliance.

Privacy Manifests (PrivacyInfo.xcprivacy)

Starting Spring 2024, apps must declare privacy practices in a Privacy Manifest file.

Creating Privacy Manifest

1. In Xcode: File → New → File → App Privacy
2. Creates PrivacyInfo.xcprivacy in your project

Structure

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <!-- Privacy Tracking -->
    <key>NSPrivacyTracking</key>
    <false/>
    
    <!-- Tracking Domains (if tracking is true) -->
    <key>NSPrivacyTrackingDomains</key>
    <array>
        <string>analytics.example.com</string>
    </array>
    
    <!-- Required Reason APIs -->
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>CA92.1</string>
            </array>
        </dict>
    </array>
    
    <!-- Data Collection -->
    <key>NSPrivacyCollectedDataTypes</key>
    <array>
        <dict>
            <key>NSPrivacyCollectedDataType</key>
            <string>NSPrivacyCollectedDataTypeEmailAddress</string>
            <key>NSPrivacyCollectedDataTypeLinked</key>
            <true/>
            <key>NSPrivacyCollectedDataTypeTracking</key>
            <false/>
            <key>NSPrivacyCollectedDataTypePurposes</key>
            <array>
                <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
            </array>
        </dict>
    </array>
</dict>
</plist>

Required Reason APIs

These APIs now require justification in your Privacy Manifest:

File Timestamp APIs

// Requires reason: DDA9.1, C617.1, 3B52.1, or 0A2A.1
let attributes = try FileManager.default.attributesOfItem(atPath: path)
let modDate = attributes[.modificationDate]

Approved Reasons:

• DDA9.1: Display to user
• C617.1: Access timestamps inside app container
• 3B52.1: Access timestamps from user-granted access
• 0A2A.1: Third-party SDK for above purposes

System Boot Time APIs

// Requires reason: 35F9.1, 8FFB.1, 3D61.1
let bootTime = ProcessInfo.processInfo.systemUptime

Approved Reasons:

• 35F9.1: Measure elapsed time (not absolute time)
• 8FFB.1: Calculate absolute timestamps for user display
• 3D61.1: Include in bug reports

Disk Space APIs

// Requires reason: 85F4.1, E174.1, 7D9E.1, B728.1
let freeSpace = try URL(fileURLWithPath: "/")
    .resourceValues(forKeys: [.volumeAvailableCapacityKey])
    .volumeAvailableCapacity

Approved Reasons:

• 85F4.1: Display to user
• E174.1: Check before writing files
• 7D9E.1: Submit with bug reports
• B728.1: Check disk space for app functionality

User Defaults APIs

// Requires reason: CA92.1, 1C8F.1, C56D.1
UserDefaults.standard.set(value, forKey: key)

Approved Reasons:

• CA92.1: Access user defaults within your app
• 1C8F.1: Access managed app configuration
• C56D.1: Third-party SDK for above purposes

Active Keyboard APIs

// Requires reason: 3EC4.1, 54BD.1
let keyboards = UITextInputMode.activeInputModes

Approved Reasons:

• 3EC4.1: Customize UI based on keyboard
• 54BD.1: Implement custom keyboard

App Tracking Transparency (ATT)

Required when tracking users across apps or websites owned by other companies.

Implementation

import AppTrackingTransparency
import AdSupport

class TrackingManager {
    static let shared = TrackingManager()
    
    func requestPermission() async -> ATTrackingManager.AuthorizationStatus {
        // Wait for app to be active
        await MainActor.run {
            if UIApplication.shared.applicationState != .active {
                // Schedule for later
            }
        }
        
        return await ATTrackingManager.requestTrackingAuthorization()
    }
    
    var canTrack: Bool {
        ATTrackingManager.trackingAuthorizationStatus == .authorized
    }
    
    var advertisingIdentifier: String? {
        guard canTrack else { return nil }
        let idfa = ASIdentifierManager.shared().advertisingIdentifier
        return idfa.uuidString
    }
}

// Usage
Task {
    let status = await TrackingManager.shared.requestPermission()
    
    switch status {
    case .authorized:
        // Can use IDFA for tracking
        analytics.enableTracking()
    case .denied, .restricted:
        // Use privacy-preserving alternatives
        analytics.usePrivateMode()
    case .notDetermined:
        // User hasn't seen prompt yet
        break
    @unknown default:
        break
    }
}

Info.plist Entry

<key>NSUserTrackingUsageDescription</key>
<string>We use this identifier to show you personalized ads and measure ad effectiveness.</string>

When ATT is Required

Required:

• Using IDFA for advertising
• Linking device data with third-party data for ads
• Sharing device data with data brokers
• Using SDKs that track across apps

NOT Required:

• First-party analytics (your own servers)
• Fraud detection
• Security purposes
• Linking on device only (no server sharing)

SKAdNetwork for Privacy-Preserving Attribution

import StoreKit

// Register for attribution
class AppDelegate: UIResponder, UIApplicationDelegate {
    func application(_ application: UIApplication, 
                     didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
        // Register for ad network attribution
        SKAdNetwork.registerAppForAdNetworkAttribution()
        return true
    }
}

// Update conversion value (0-63)
func updateConversionValue(_ value: Int) {
    if #available(iOS 16.1, *) {
        SKAdNetwork.updatePostbackConversionValue(value) { error in
            if let error = error {
                print("Failed to update conversion value: \(error)")
            }
        }
    } else {
        SKAdNetwork.updateConversionValue(value)
    }
}

Info.plist Ad Network IDs

<key>SKAdNetworkItems</key>
<array>
    <dict>
        <key>SKAdNetworkIdentifier</key>
        <string>cstr6suwn9.skadnetwork</string>
    </dict>
    <!-- Add all ad network IDs -->
</array>

Privacy Nutrition Labels (App Store)

Required information for App Store Connect:

Data Types

• Contact Info (name, email, phone, address)
• Health & Fitness
• Financial Info
• Location (precise, coarse)
• Sensitive Info
• Contacts
• User Content
• Browsing History
• Search History
• Identifiers (user ID, device ID)
• Purchases
• Usage Data (product interaction, advertising data)
• Diagnostics (crash data, performance data)

Data Use Purposes

• Third-Party Advertising
• Developer's Advertising or Marketing
• Analytics
• Product Personalization
• App Functionality
• Other Purposes

Linked vs Not Linked to Identity

• Linked: Data connected to user identity (account, device)
• Not Linked: Data cannot be tied to a specific user

GDPR Compliance (EU)

Consent Management

import UIKit

class ConsentManager: ObservableObject {
    @Published var hasConsent: Bool = false
    @Published var analyticsConsent: Bool = false
    @Published var marketingConsent: Bool = false
    
    static let shared = ConsentManager()
    
    private let defaults = UserDefaults.standard
    
    init() {
        loadConsent()
    }
    
    func showConsentDialog() {
        // Present consent UI
    }
    
    func updateConsent(analytics: Bool, marketing: Bool) {
        analyticsConsent = analytics
        marketingConsent = marketing
        hasConsent = true
        saveConsent()
        
        // Update SDK configurations
        configureAnalytics(enabled: analytics)
        configureMarketing(enabled: marketing)
    }
    
    func withdrawConsent() {
        analyticsConsent = false
        marketingConsent = false
        saveConsent()
        
        // Disable all tracking
        disableAllTracking()
    }
    
    private func saveConsent() {
        defaults.set(hasConsent, forKey: "hasConsent")
        defaults.set(analyticsConsent, forKey: "analyticsConsent")
        defaults.set(marketingConsent, forKey: "marketingConsent")
    }
    
    private func loadConsent() {
        hasConsent = defaults.bool(forKey: "hasConsent")
        analyticsConsent = defaults.bool(forKey: "analyticsConsent")
        marketingConsent = defaults.bool(forKey: "marketingConsent")
    }
}

Data Deletion Request

struct GDPRService {
    func requestDataDeletion(userId: String) async throws {
        // 1. Delete from local storage
        deleteLocalData(userId: userId)
        
        // 2. Request deletion from server
        try await api.requestDeletion(userId: userId)
        
        // 3. Clear keychain
        KeychainService.deleteAll(for: userId)
        
        // 4. Reset analytics
        Analytics.reset()
        
        // 5. Log out user
        AuthService.shared.logout()
    }
    
    func exportUserData(userId: String) async throws -> Data {
        // Export all user data in machine-readable format
        let userData = try await api.exportUserData(userId: userId)
        return try JSONEncoder().encode(userData)
    }
}

Privacy Best Practices

1. Minimize Data Collection

// Bad: Collect everything "just in case"
struct Analytics {
    func track(event: String, 
               userId: String,
               deviceId: String,
               location: CLLocation,
               contacts: [Contact]) { }
}

// Good: Collect only what's needed
struct Analytics {
    func track(event: String, 
               anonymousId: String) { }
}

2. Local Processing

// Process on device when possible
class RecommendationEngine {
    func getRecommendations(for items: [Item]) -> [Item] {
        // Use Core ML for on-device ML
        // No data sent to server
        return model.predict(items)
    }
}

3. Data Encryption

import CryptoKit

struct SecureStorage {
    static func encrypt(_ data: Data, key: SymmetricKey) throws -> Data {
        try AES.GCM.seal(data, using: key).combined!
    }
    
    static func decrypt(_ data: Data, key: SymmetricKey) throws -> Data {
        let box = try AES.GCM.SealedBox(combined: data)
        return try AES.GCM.open(box, using: key)
    }
}

4. Secure Network Requests

// Always use HTTPS
// Pin certificates for sensitive data
class NetworkSecurity {
    func createSession() -> URLSession {
        let config = URLSessionConfiguration.default
        config.tlsMinimumSupportedProtocolVersion = .TLSv12
        return URLSession(configuration: config, delegate: PinningDelegate(), delegateQueue: nil)
    }
}

class PinningDelegate: NSObject, URLSessionDelegate {
    func urlSession(_ session: URLSession, 
                    didReceive challenge: URLAuthenticationChallenge,
                    completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
        // Implement certificate pinning
    }
}

Audit Checklist

Privacy Manifest

• [ ] PrivacyInfo.xcprivacy exists in project
• [ ] All Required Reason APIs have approved reasons
• [ ] NSPrivacyTracking correctly reflects tracking status
• [ ] NSPrivacyTrackingDomains lists all tracking domains
• [ ] Third-party SDKs include their own Privacy Manifests

App Tracking Transparency

• [ ] ATT prompt shown before any tracking
• [ ] NSUserTrackingUsageDescription is clear and accurate
• [ ] App works correctly when tracking denied
• [ ] IDFA only accessed after authorization

App Store Privacy Labels

• [ ] All data types accurately disclosed
• [ ] Data linkage correctly specified
• [ ] Purposes accurately described
• [ ] Third-party SDK data collection included

GDPR (if applicable)

• [ ] Consent obtained before processing EU user data
• [ ] Users can withdraw consent
• [ ] Data deletion request mechanism exists
• [ ] Data export (portability) available
• [ ] Privacy policy accessible in app

General

• [ ] Data minimization practiced
• [ ] Encryption used for sensitive data
• [ ] No hardcoded credentials or keys
• [ ] Secure network communication only
• [ ] Regular privacy audits scheduled