Last year, Apple released new rules for app developers in the spring of 2024: it will crack down on third-party SDK privacy lists, with the aim of protecting user privacy and making users more aware of how third-party SDKs are used and how they collect data.
SDK is the abbreviation of Software Development Kit, which is a collection of related documents, examples, and tools to assist in the development of a certain type of software. SDK can be understood as "software of software", that is, software A is merged into another software B. It is used to help software A to complete a job.
Why do application developers need to use SDKs?Because SDKs can better reduce the burden on developers and assist in the development of software functions, but it is difficult for both developers and users to discover the hidden privacy risks of SDKs, so in 2023, Apple announced a new SDK privacy list and signature at WWDC, and will focus on implementation in the spring of 2024!
In fact, it is easy to understand that this is to let the third-party developer spread out the instructions on authorizing the user to use the software, take full responsibility for the code contained in the SDK in the app, and clearly understand how the SDK collects user data, but from another point of view, it may also be that Apple transfers the risk and responsibility of violating user privacy and reviewing the SDK to the developer, so it is normal for Apple to provide such authorization.
Therefore, in 2024, if app developers want to provide software review in the Apple App Store, they need to better and clearly provide the privacy label of the app, and clarify the data collection and usage scenarios of their app in the background of the App Store, so that users can clearly guide what data the app collects and where it will be used on the details page.
In addition to this, Apple also requires SDK developers to provide SDK signatures. Specifically, with SDK signatures, when an application author adopts a new version of a third-party application in their application, Xcode will verify whether it is signed by the same developer, improving the integrity of the software supply chain. To put it simply, Apple wants to ensure that the SDK will not be tampered with during the development process through signature authentication.
When you submit an update that includes these SDKs, you must include a privacy list for any SDKs listed below.
Privacy manifest: The privacy manifest file outlines the privacy practices for third-party code in your app in a single, standard format. When a developer prepares to distribute an app, Xcode consolidates a privacy inventory of all third-party SDKs used by the app into one easy-to-use report.
The following is a screenshot of the SDK list:
Apple announced at WWDC23 last June that "this feature is a step forward for all apps, and we encourage all SKDs to adopt it to better support apps that rely on them." ”
Third-party privacy regulations have always been a problem that users have ignored, and Apple's actions also show that users' privacy is crucial, and at the same time, in 2024, we can clearly see the privacy list regulations of third-party developers and the developer's responsibility to users.