I'm really excited by the idea of the privacy manifests, and really all the work Apple is doing to keep users protected.
I work on the Mozilla VPN, and Mozilla shares Apple's commitment to privacy. We use Adjust to determine referrals for new subscriptions. But because of our commitment to privacy:
-
After a user subscribes, we never activate the Adjust SDK on future app runs.
-
We proxy the Adjust network call through our app, and strip out most of the fields it was going to send to the Adjust server. We keep a small handful of fields that are necessary for attribution (and even publish the list of those fields).
-
Further, we don't send the Adjust network request (which has been stripped down) directly to Adjust's servers, we proxy it through our own server first. This both keeps user IP addresses private, and allows us to further strip out payload values on the server (or stop sending data onto Adjust entirely) if ever needed.
Ultimately, this means Adjust's future privacy manifest likely won't be accurate for our app, as we're significantly modifying the Adjust SDK behavior and data collection.
Questions:
-
Will we be able to note in Xcode that the listed privacy manifest doesn't apply in our case?
-
If there are future plans to compare privacy manifests with app nutritional labels in the App Store Review process, is it possible to consider this use case in your planning?
Thanks!