At the Worldwide Developers Conference 2023 (WWDC23), Apple unveiled pivotal changes regarding privacy declarations and signatures tied to frequently used third-party Software Development Kits (SDKs). Developers are now obligated to furnish valid justifications for the utilization of specific Application Programming Interfaces (APIs) in their app’s privacy declaration. In a detailed blog post, Apple outlined a specific timeframe for developers to incorporate reasons for API usage into their privacy statements.
Implementation Deadlines and Notifications:
Commencing on March 13, developers submitting a new or updated app on the App Store Connect, employing APIs necessitating explanations, will receive email notifications spotlighting any deficiencies in their app’s privacy statement. This notification seamlessly supplements the existing system in App Store Connect, presenting developers with a comprehensive overview of their privacy compliance status.
From May 1 onwards, developers must activate approved justifications for the designated APIs employed in their app code to successfully upload new or updated apps to App Store Connect. Apple underscores the significance of using APIs strictly for sanctioned purposes, urging developers to explore alternatives if an API proves unsuitable. Furthermore, integrating a new third-party SDK from the list of commonly used SDKs mandates adherence to the API, privacy statement, and signature requirements linked with that SDK. Crucially, deploying a version of the SDK inclusive of the privacy manifest is imperative, and signatures become mandatory when incorporating the SDK as a binary dependency, notes NIXsolutions.
Apple’s Vision and Encouragement:
According to Apple, these changes represent a positive stride towards cultivating a more secure and privacy-centric app ecosystem. The company actively encourages all SDKs to adopt these updates, fostering an environment conducive to the multitude of applications reliant on them.