Must Read
Also Known As
Docs
Tutorials
Guides
How to add a .xcprivacy file
Who should provide a .xcprivacy file?
At 2:20: Third-party SDK developers can include a privacy manifest in their SDK. They can create a new privacy manifest right from the Xcode navigator, by creating a file named “PrivacyInfo.xcprivacy”.
This file is a property list that declares what data types the SDK collects, how each data type is used, whether they are linked to the user, and whether they’re used for tracking as defined by the App Tracking Transparency policy.
Anyone who uses a “Required reason API”
Perhaps the most common reason why you might be required to provide a privacy manifest is if you use any of the API’s listed here . Currently as of (March 2024), these include:
How to add .xcprivacy to a Swift Package
Copy the PrivacyInfo.xcprivacy into the resource folder by declaring it in your Package.swift like so:
.target(
...
resources: [
.copy("PrivacyInfo.xcprivacy")
],From: Adding Privacy Manifest to Swift P… | Apple Developer Forums Yes the resources is the correct place, however I did want Apple to confirm some additional things. I got a response to my questions, and have been able to confirm some things too which is good:
So the original question of `Where should I add this file within the package setup?
You should add it as a resource file as described in Bundling resources with a Swift package.Should there be a privacy info file per importable target? Or is it per library/package project?
It is per target. The target that builds the app or third-party SDK requiring a privacy manifest should only contain one privacy manifest. If your app links against a third-party SDK requiring a privacy manifest but doesn't collect data and use required reason API, then their target doesn't need to contain a privacy manifest file.Is it expected that the generated privacy report of an application will show info based on flags within the package’s manifest file? The generated privacy report will show all information inputted into the privacy manifest file.
However, it is worth noting that during my testing/validating - it only showed up in the report if there were tracking items.
For example, I purposely added a tracking item and included it in a sample project:
however, when the libraries privacy report had Privacy Tracking as NO and also no additional items or required reason api’s it did not include in the report:
am assuming this is due to the report only highlighting flagged trackings/collections (at least that is my understanding of the available documentation)