Apple announces upcoming requirements for 3rd party SDKs to enhance user privacy

Apple announces upcoming requirements for 3rd party SDKs to enhance user privacy

Apple this week announced upcoming requirements for third-party software development kits (SDKs) to enhance user privacy and transparency. These requirements, which will take effect in spring 2024, will apply to a list of commonly used SDKs on the App Store and will mandate the inclusion of privacy manifests and signatures for those SDKs.

Privacy manifests are standardized files that provide a comprehensive overview of the data collection practices of third-party SDKs. When developers submit their apps to the App Store, they will be required to include the privacy manifests for all the SDKs their app utilizes. This will enable Apple to review and verify the privacy practices of these SDKs, ensuring that app developers are aware of the data their users' data is being collected and used.

Digital signatures will be another new requirement for third-party SDKs. These signatures will help verify the authenticity and integrity of the SDKs, ensuring that developers are downloading and using the correct versions of these SDKs. This will help prevent malicious actors from injecting harmful code into apps via compromised SDKs.

SDKs Subject to the New Requirements

The following list includes the commonly used SDKs on the App Store that will be subject to the new requirements:

  • Abseil
  • AFNetworking
  • Alamofire
  • AppAuth
  • BoringSSL / openssl_grpc
  • Capacitor
  • Charts
  • connectivity_plus
  • Cordova
  • device_info_plus
  • DKImagePickerController
  • DKPhotoGallery
  • FBAEMKit
  • FBLPromises
  • FBSDKCoreKit
  • FBSDKCoreKit_Basics
  • FBSDKLoginKit
  • FBSDKShareKit
  • file_picker
  • FirebaseABTesting
  • FirebaseAuth
  • FirebaseCore
  • FirebaseCoreDiagnostics
  • FirebaseCoreExtension
  • FirebaseCoreInternal
  • FirebaseCrashlytics
  • FirebaseDynamicLinks
  • FirebaseFirestore
  • FirebaseInstallations
  • FirebaseMessaging
  • FirebaseRemoteConfig
  • Flutter
  • flutter_inappwebview
  • flutter_local_notifications
  • fluttertoast
  • FMDB
  • geolocator_apple
  • GoogleDataTransport
  • GoogleSignIn
  • GoogleToolboxForMac
  • GoogleUtilities
  • grpcpp
  • GTMAppAuth
  • GTMSessionFetcher
  • hermes
  • image_picker_ios
  • IQKeyboardManager
  • IQKeyboardManagerSwift
  • Kingfisher
  • leveldb
  • Lottie
  • MBProgressHUD
  • nanopb
  • OneSignal
  • OneSignalCore
  • OneSignalExtension
  • OneSignalOutcomes
  • OpenSSL
  • OrderedSet
  • package_info
  • package_info_plus
  • path_provider
  • path_provider_ios
  • Promises
  • Protobuf
  • Reachability
  • RealmSwift
  • RxCocoa
  • RxRelay
  • RxSwift
  • SDWebImage
  • share_plus
  • shared_preferences_ios
  • SnapKit
  • sqflite
  • Starscream
  • SVProgressHUD
  • SwiftyGif
  • SwiftyJSON
  • Toast
  • UnityFramework
  • url_launcher
  • url_launcher_ios
  • video_player_avfoundation
  • wakelock
  • webview_flutter_wkwebview

Read more