iOS 17 & Privacy Manifests

While developers are ultimately responsible for creating Privacy Nutrition Labels, it can be difficult to know exactly what their third-party SDKs track. To make this easier, Apple introduced Privacy Manifests in iOS 17. All of your app's third-party SDKs should include a Privacy Manifest.

To limit fingerprinting, Apple requires developers to declare the reason for using specific APIs. The Analytics-Swift library only uses the userDefaults API to store user and context information. It is declared in the Privacy Manifest found in the Analytics-Swift library.

Apple also introduced the concept of NSPrivacyTrackingDomains to Privacy Manifests in iOS 17. This is an array of strings that lists the URLs the app connects to in order to aid in tracking. If the user hasn't granted tracking permission through the App Tracking Transparency framework, network requests to these domains fail and your app receives an error. The Analytics-Swift Privacy Manifest includes the endpoint Segment events are sent to.

The Segment Privacy Manifest for Analytics-Swift includes an array of Privacy Nutrition Label Types for the following automatically collected fields:

• Analytics-Swift Engage Plugin
• Analytics-iOS (Classic)

Follow the steps in Apple's data use in privacy manifests documentation to generate your privacy report. Privacy manifests make it easier to account for the data collected by third-party SDKs, but should not be considered as a comprehensive list for your privacy report. Your privacy report is also subject to your Segment tracking implementation. If you're not certain about all of the data you're collecting, Protocols and a Tracking Plan can help you account for everything being tracked in your app.