If you have an app on the iOS App Store, the chances are that you’ve heard about new policies for iOS app submissions. Effective May 1, 2024, Apple has implemented new policies to “enhance user privacy” around APIs – and as a developer, it’s up to you to ensure you’re protecting your users and offering transparency and security. Below, the Zudu team has put together everything you need to know about the recent changes to the policies…
To ensure your app remains on the iOS App Store and future versions are approved, you will need to work with your app developer to include a new privacy manifest in your submission, where you’ll outline the use of any third-party APIs that require justification. You’ll also need to do the same for any third-party SDKs, each requiring privacy manifests and signatures. This won’t affect any Apple-owned APIs or SDKs, as these are monitored in-house.
Your app developer must now document how each API is used in your apps and offer a justified reason for each use. For example, if you’re using MagicalRecord to access and analyse data, you’ll need to explain why a third-party API was necessary and how you’re using it. All third-party SDKs included in your app must also follow the privacy standards.
To ensure you comply with Apple’s new API declaration requirements, spend some time identifying and reviewing all of your APIs and determining which ones require a declared reason for use. The chances are that you’ll be using more APIs than you first thought. Once that’s done, write down clear justifications for API usage and put them together into a privacy manifest.
Apps and third-party SDKs — distributed as XCFrameworks, Swift packages, or Xcode projects — should contain a privacy manifest file named PrivacyInfo.xcprivacy. The privacy manifest must contain the types of data collected by your app or third-party SDK and the reasons APIs your app or third-party SDK uses. The information must be provided for any app or third-party SDK that’s available on iOS, iPadOS, tvOS, visionOS, and watchOS.
You should also verify that any third-party SDKs you’re using meet the new requirements and then conduct testing to make sure the new build of your app complies with Aopple’s new privacy standards. Once that’s done, you can submit your app via App Store Connect and add a privacy manifest which may be reviewed by the App Store team. Once that’s done, your new app build will be available on the App Store for users to download and enjoy.
It’s natural to see new App Store policies as a headache and something to put off for another day, but it’s vital that you update your software to follow the new guidelines. If you fail to meet Apple’s API declaration requirements, the chances are that your app will be considered non-compliant, and it may be rejected from the App Store. Sure, the existing version of your app installed on users’ phones won’t disappear, but new user downloads and updates for existing users won’t be possible, limiting user engagement and potential App Store revenue.
If the third-party APIs and SDKs used aren’t adequately documented, you may need to disable app features or look for compliant partners. This could diminish your app’s user experience and functionality, encouraging people to look to others. Another drawback is that non-compliance could damage your company’s reputation. Now more than ever, users are hypervigilant when it comes to their online security. Failure to offer a secure platform could lead them to uninstall your app or leave a negative review, impacting future downloads.
Finally, it’s important to note that developers who repeatedly fail to comply could face stricter reviews from Apple and longer approval times for future app submissions. This could delay releases and updates and frustrate your user base. Compliance makes sense!
Apple aims to promote a more secure app ecosystem by requiring developers to document sensitive APIs, and the new policy will ultimately result in a safer App Store. At Zudu, we understand that complying with a new API declaration can be time-consuming and confusing, especially for apps that rely on multiple APIs or third-party SDKs. If you’re looking for support meeting and maintaining these new standards, reach out to the team today.
