83 lines
2.9 KiB
Markdown
83 lines
2.9 KiB
Markdown
# 25. Privacy Manifest & Nutrition Labels
|
|
|
|
meta:
|
|
id: ios-production-25
|
|
feature: ios-production
|
|
priority: P1
|
|
depends_on: []
|
|
tags: [compliance, app-store, privacy, production]
|
|
|
|
objective:
|
|
- Create and configure the required privacy manifest and App Privacy nutrition labels for App Store submission
|
|
|
|
deliverables:
|
|
- Privacy manifest file (PrivacyInfo.xcprivacy)
|
|
- App Privacy nutrition labels in App Store Connect
|
|
- Third-party SDK privacy manifests
|
|
- Data usage disclosure documentation
|
|
|
|
steps:
|
|
1. Create privacy manifest:
|
|
- Add PrivacyInfo.xcprivacy to project
|
|
- Declare all collected data types:
|
|
- Contact Info (name, email)
|
|
- User Content (voice recordings for VoicePrint)
|
|
- Identifiers (user ID, device ID)
|
|
- Usage Data (analytics)
|
|
- Diagnostics (crash logs)
|
|
- Declare required reason APIs:
|
|
- File timestamp APIs (if used)
|
|
- Disk space APIs (if used)
|
|
- System boot time APIs (if used)
|
|
- Active keyboard APIs (if used)
|
|
- User defaults APIs (used for preferences)
|
|
2. Configure App Privacy nutrition labels:
|
|
- Log into App Store Connect
|
|
- Navigate to App Privacy section
|
|
- Select all data types collected by app
|
|
- Mark each as linked to user identity or not
|
|
- Mark each as used for tracking or not
|
|
- Specify purposes (analytics, app functionality, etc.)
|
|
3. Audit third-party SDKs:
|
|
- Check Firebase SDK privacy manifest
|
|
- Check any analytics SDK privacy manifest
|
|
- Ensure all SDKs have updated manifests for iOS 17+
|
|
- Update SDKs if manifests missing
|
|
4. Document data usage:
|
|
- Create docs/IOS_PRIVACY.md
|
|
- List all data collection and purposes
|
|
- Explain user controls and opt-out options
|
|
- Document data retention periods
|
|
5. Test manifest validation:
|
|
- Build app in Xcode
|
|
- Check for privacy manifest warnings
|
|
- Validate with App Store Connect upload
|
|
|
|
tests:
|
|
- Build: No privacy manifest warnings in Xcode
|
|
- Upload: App Store Connect accepts privacy labels
|
|
- Review: Privacy labels match actual data collection
|
|
|
|
acceptance_criteria:
|
|
- PrivacyInfo.xcprivacy file in project
|
|
- All collected data types declared
|
|
- Required reason APIs documented
|
|
- App Privacy nutrition labels complete in App Store Connect
|
|
- All third-party SDKs have privacy manifests
|
|
- Privacy labels accurate and honest
|
|
- No Xcode warnings about missing privacy manifests
|
|
- Documentation of data usage available
|
|
- User-facing privacy policy linked
|
|
|
|
validation:
|
|
- Build app → no privacy manifest warnings
|
|
- Upload to App Store Connect → privacy section complete
|
|
- Review data types → all actual collection declared
|
|
- Check SDK versions → all include privacy manifests
|
|
|
|
notes:
|
|
- Apple requires privacy manifests for all apps starting 2024
|
|
- Nutrition labels must be accurate — false claims can lead to rejection
|
|
- Third-party SDKs without manifests may cause build warnings
|
|
- Update manifests when adding new data collection features
|