Edit in GitHubLog an issue

iOS 17 Privacy Manifest Requirements

Starting on May 1, 2024, Apple will require developers to implement new privacy features to receive approval for apps submitted to the App Store. Some features are already in use, like Privacy Nutrition Labels. These labels help end-users understand the data collected by apps as well as third-party SDKs like those provided by Adobe. To facilitate this, Apple is requiring that app developers provide details in the Privacy Manifest regarding the data their apps (and included third-party SDKs) track.

Required Reasons API

To address concerns regarding fingerprinting, Apple will require developers to declare the reasons for using specific APIs. One of these APIs is the UserDefaults API, which Adobe currently uses to store user identifiers and lifecycle data. The Adobe Experience Platform Mobile SDK needs to store this data on the device in order to function, however, that data does not need to be stored in UserDefaults. Adobe has started using device storage rather than UserDefaults. In December, we released version 4.2.1 of the iOS Core extension that includes logic to migrate data stored by the Mobile SDK away from UserDefaults to local storage for iOS and iPadOS. Starting with version 5 of the Mobile SDK for iOS/iPadOS, Adobe will include a Privacy Manifest. Adobe recommends that all customers upgrade to version 5.

Specific Values to be included in the app's Privacy Manifest

Mobile SDK customers are responsible for updating and maintaining their app’s Privacy Manifest. Which extensions customers use, and the specific actions performed using the Mobile SDK, may affect what customers should include in the Privacy Manifest Data Use section. The below chart is intended to help guide customers’ understanding of how Mobile SDK data can be used:

Mobile SDK ExtensionDataLinked to UserUsed For TrackingReason for Collection
  • Analytics
  • Core
  • Identity
  • Edge Identity
User ID
No – when the customer is not capturing authenticated identities

Yes when the customer is capturing authenticated identities
No – when the customer is not capturing authenticated identities

Yes when the customer is capturing authenticated identities
  • Developer’s Advertising or Marketing
  • Analytics
  • Edge
  • Edge Bridge
  • Edge Media
  • Media Analytics
Product interaction
No – when the customer is not capturing authenticated identities

Yes when the customer is capturing authenticated identities
No – when the customer is not capturing authenticated identities

Yes when the customer is capturing authenticated identities
  • Developer’s Advertising or Marketing
  • Analytics
  • Product Personalization
  • Lifecycle
Other Data Types
No – when the customer is not capturing authenticated identities

Yes when the customer is capturing authenticated identities
No – when the customer is not capturing authenticated identities

Yes when the customer is capturing authenticated identities
  • Developer’s Advertising or Marketing
  • Analytics
  • Product Personalization
  • Messaging
  • Optimize
Other Data Types
No – when the customer is not capturing authenticated identities

Yes when the customer is capturing authenticated identities
No – when the customer is not capturing authenticated identities

Yes when the customer is capturing authenticated identities
  • Developer’s Advertising or Marketing
  • Product Personalization

Signed XCFrameworks

Starting May 7th, 2024, our iOS releases will include signed XCFrameworks. Additionally, we've updated all our 5.0.0 releases with signed XCFrameworks.

Tracking Domains

These are the domains Adobe uses to send data which you choose to collect. If you use Adobe products in a way Apple defines as "tracking", you may need to add these domains to your Privacy Manifest's NSPrivacyTrackingDomains list.

  • omtrdc.net
  • adobedc.net
  • demdex.net
  • Privacy
  • Terms of Use
  • Do not sell or share my personal information
  • AdChoices
Copyright © 2024 Adobe. All rights reserved.