How to Add a Privacy Manifest to CocoaPods and Swift Package SDK

Apple requires:

Apps uploaded to App Store Connect must be built with Xcode 15 for iOS 17, iPadOS 17, tvOS 17, or watchOS 10, starting April 29, 2024.

And adopts new requirements for some commonly used SDKs:

Starting in spring 2024, you must include the privacy manifest for any SDK listed below when you submit new apps in App Store Connect that include those SDKs, or when you submit an app update that adds one of the listed SDKs as part of the update.

Signatures are also required in these cases where the listed SDKs are used as binary dependencies.

Any version of a listed SDK, as well as any SDKs that repackage those on the list, are included in the requirement.

And the latest timeline for privacy manifests.

Starting May 1: You’ll need to include approved reasons for the listed APIs used by your app’s code to upload a new or updated app to App Store Connect. If you’re not using an API for an allowed reason, please find an alternative. And if you add a new third-party SDK that’s on the list of commonly used third-party SDKs, these API, privacy manifest, and signature requirements will apply to that SDK. Make sure to use a version of the SDK that includes its privacy manifest and note that signatures are also required when the SDK is added as a binary dependency.

This is the third part of a series on Privacy Manifests.

1. What are Privacy Manifests
2. How to Create a Privacy Manifest in Your iOS App
3. How to Add a Privacy Manifest to SDK
4. All 86 Requiring SDKs and Status in Supporting Privacy Manifest
5. How to Generate Privacy Report and Update Privacy Nutrition Labels

Step1: Create a Privacy Manifest

You can follow the steps in How to Create a Privacy Manifest File in Your iOS App to create a empty privacy manifest file.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict/>
</plist>

Step2: Update the Privacy Manifest

You need update the privacy manifest file according to the data types your SDK collects and the usage of required reason API.

You can check What are Privacy Manifest Files for the detail information about privacy manifest file content.

Step3: Update .podspec File for CocoaPods SDK

If you release your SDK by CocoaPods, then you need to update the .podspec file to add an resource_bundles item setting the PodName and your privacy manifest file path.

spec.resource_bundles = {'PodName' => ['Source/*.xcprivacy']}

For Example

...
s.source       = { :git => "https://github.com/onevcat/Kingfisher.git", :tag => s.version }
s.source_files  = ["Sources/**/*.swift"]
s.resource_bundles = {"Kingfisher" => ["Sources/PrivacyInfo.xcprivacy"]}
...

Step4: Update Package.swift for Swift Package

If you release your SDK as a Swift Package , please add a resources item in the Package.swift file to set the privacy manifest file.

For Example

// swift-tools-version:5.9
import PackageDescription

let package = Package(
    name: "Kingfisher",
    platforms: [
        .iOS(.v12),
        .macOS(.v10_14),
        .tvOS(.v12),
        .watchOS(.v5),
        .visionOS(.v1)
    ],
    products: [
        .library(name: "Kingfisher", targets: ["Kingfisher"])
    ],
    targets: [
        .target(
            name: "Kingfisher",
            path: "Sources",
            resources: [.copy("PrivacyInfo.xcprivacy")]
        )
    ]
)

References

• Privacy manifest files
• Describing data use in privacy manifests
• Describing use of required reason API
• Upcoming third-party SDK requirements
• Get started with privacy manifests