I have some questions about Apple privacy manifest.
I have a visionOS app called Project Graveyard. I'm getting ready for the visionOS 2 release. Since my last update Apple has started requiring privacy manifest files, but the documentation is extremely vague and I can't tell if I actually need one or not.
My app stores data two types of data for the user.
- User Defaults - App settings: lights, rain, window placement etc.
- SwiftData + CloudKit - User generated data: a list of project names and some optional text. User customization options for each item.
The data is stored on device or in CloudKit. I do not "collect" this data, it is simply there for the app to function. Do I need a privacy manifest for this type of data? If so, what do I "declare".
UserDefaults - yes. CloudKit - not today.
Why is UserDefaults required to declare a required reason? Apple puts a lot of information in the app's UserDefaults on the systems behalf. The data they put there is not meant for you to be reading. Unfortunate but the current state of the matter.
As a result, UserDefaults is one of those very easy APIs that can be use to digitally fingerprint a user and / or their device. Read up on the history of Required Reason API from last years WWDC.
All of the required reason APIs are mitigations to prevent user tracking outside of the ATT framework.
