Mike/Kordant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
26d9f8b050969dfaa2c9dfb714a872160b7db382
Kordant/tasks/ios-production/25-privacy-manifest.md
Michael Freno 5214412fff get to prod tasks
2026-05-26 16:06:34 -04:00

2.9 KiB
Raw Blame History

25. Privacy Manifest & Nutrition Labels

meta: id: ios-production-25 feature: ios-production priority: P1 depends_on: [] tags: [compliance, app-store, privacy, production]

objective:

  • Create and configure the required privacy manifest and App Privacy nutrition labels for App Store submission

deliverables:

  • Privacy manifest file (PrivacyInfo.xcprivacy)
  • App Privacy nutrition labels in App Store Connect
  • Third-party SDK privacy manifests
  • Data usage disclosure documentation

steps:

  1. Create privacy manifest:
    • Add PrivacyInfo.xcprivacy to project
    • Declare all collected data types:
      • Contact Info (name, email)
      • User Content (voice recordings for VoicePrint)
      • Identifiers (user ID, device ID)
      • Usage Data (analytics)
      • Diagnostics (crash logs)
    • Declare required reason APIs:
      • File timestamp APIs (if used)
      • Disk space APIs (if used)
      • System boot time APIs (if used)
      • Active keyboard APIs (if used)
      • User defaults APIs (used for preferences)
  2. Configure App Privacy nutrition labels:
    • Log into App Store Connect
    • Navigate to App Privacy section
    • Select all data types collected by app
    • Mark each as linked to user identity or not
    • Mark each as used for tracking or not
    • Specify purposes (analytics, app functionality, etc.)
  3. Audit third-party SDKs:
    • Check Firebase SDK privacy manifest
    • Check any analytics SDK privacy manifest
    • Ensure all SDKs have updated manifests for iOS 17+
    • Update SDKs if manifests missing
  4. Document data usage:
    • Create docs/IOS_PRIVACY.md
    • List all data collection and purposes
    • Explain user controls and opt-out options
    • Document data retention periods
  5. Test manifest validation:
    • Build app in Xcode
    • Check for privacy manifest warnings
    • Validate with App Store Connect upload

tests:

  • Build: No privacy manifest warnings in Xcode
  • Upload: App Store Connect accepts privacy labels
  • Review: Privacy labels match actual data collection

acceptance_criteria:

  • PrivacyInfo.xcprivacy file in project
  • All collected data types declared
  • Required reason APIs documented
  • App Privacy nutrition labels complete in App Store Connect
  • All third-party SDKs have privacy manifests
  • Privacy labels accurate and honest
  • No Xcode warnings about missing privacy manifests
  • Documentation of data usage available
  • User-facing privacy policy linked

validation:

  • Build app → no privacy manifest warnings
  • Upload to App Store Connect → privacy section complete
  • Review data types → all actual collection declared
  • Check SDK versions → all include privacy manifests

notes:

  • Apple requires privacy manifests for all apps starting 2024
  • Nutrition labels must be accurate — false claims can lead to rejection
  • Third-party SDKs without manifests may cause build warnings
  • Update manifests when adding new data collection features
Reference in New Issue View Git Blame Copy Permalink