Merge pull request #502 from AdobeDocs/privacy-manifest-docs

Add Privacy manifest documentation

gatsby-config.js

@@ -789,6 +789,10 @@ module.exports = {
                     {
                         title: "Adobe Experience Cloud & Apple's IDFA, Privacy announcement",
                         path: "/resources/privacy-announcement"
+                    },
+                    {
+                        title: "iOS 17 Privacy Manifest Requirements",
+                        path: "/resources/privacy-manifest.md"
                     }
 
                 ]

src/pages/home/index.md

@@ -17,7 +17,7 @@ The latest versions of the Adobe Experience Platform SDK for Android and iOS (Sw
 
 <InlineAlert variant="info" slots="text"/>
 
-At WWDC23, Apple announced several new privacy features impacting applications and SDKs. The announcement included an upcoming requirement for developers to provide the reason for using certain APIs — including APIs currently used by the Adobe Experience Platform Mobile SDK — in the privacy manifest. Apple plans to start enforcing this requirement in the spring of 2024. Adobe is currently working with Apple to better understand the impact of this change. We anticipate that we will be able to provide further information regarding how this change will impact iOS applications that use the Experience Platform Mobile SDK in the coming months.
+To learn how Apple's privacy related announcements made in WWDC of 2023 affect the Mobile SDK, please read the guide on [iOS privacy manifest and related changes](../resources/privacy-manifest.md).
 
 <InlineAlert variant="info" slots="text"/>
 

src/pages/resources/index.md

@@ -18,6 +18,10 @@ To learn how to manage SPM dependencies of Mobile SDKs, please read the guide on
 
 To learn how to manage consent and privacy obligations with Mobile SDK, please read the guide on [privacy and GDPR](privacy-and-gdpr.md).
 
+## iOS Privacy Manifest and related changes
+
+To learn how Apple's privacy related announcements made in WWDC of 2023 affect the Mobile SDK, please read the guide on [iOS privacy manifest and related changes](privacy-manifest.md).
+
 ## Frequently asked questions
 
 To find answers to the most frequently asked questions about Mobile SDK, please read the document on [frequently asked questions](faq.md).

src/pages/resources/privacy-manifest.md

@@ -0,0 +1,50 @@
+---
+title: iOS 17 Privacy Manifest Requirements
+description: The requirements for Apple's new privacy manifests
+keywords:
+- Privacy manifest
+- iOS 17
+---
+
+# iOS 17 Privacy Manifest Requirements
+
+Starting in Spring 2024, Apple will require developers to implement new privacy features to receive approval for apps submitted to the App Store. Some features are already in use, like Privacy Nutrition Labels. These labels help end-users understand the data collected by apps as well as third-party SDKs like those provided by Adobe. To facilitate this, Apple is requiring that app developers provide details in the Privacy Manifest regarding the data their apps (and included third-party SDKs) track.
+
+## Required Reasons API
+
+To address concerns regarding fingerprinting, Apple will require developers to declare the reasons for using specific APIs. One of these APIs is the UserDefaults API, which Adobe currently uses to store user identifiers and lifecycle data. The Adobe Experience Platform Mobile SDK needs to store this data on the device in order to function, however, that data does not need to be stored in UserDefaults. Adobe has started using device storage rather than UserDefaults. In December, we released version 4.2.1 of the iOS Core extension that includes logic to migrate data stored by the Mobile SDK away from UserDefaults to local storage for iOS and iPadOS.
+
+<InlineAlert variant="info" slots="text"/>
+
+tvOS does not allow local storage for applications, so until further notice, the Mobile SDK will continue to store User Identifiers and Lifecycle Data in UserDefaults.
+
+## Specific Values to be included in the Privacy Manifest
+
+Mobile SDK customers are responsible for updating and maintaining their app’s Privacy Manifest. Which extensions customers use, and the specific actions performed using the Mobile SDK, may affect what customers should include in the Privacy Manifest Data Use section. The below chart is intended to help guide customers’ understanding of how Mobile SDK data can be used:
+
+| **Mobile SDK Extension** | **Data** | [**Linked to User**](https://developer.apple.com/app-store/app-privacy-details/#linked-data) | [**Used For Tracking**](https://developer.apple.com/app-store/app-privacy-details/#user-tracking) | **Reason for Collection** |
+| --- | --- | --- | --- | --- |
+| <ul><li>Analytics</li><li>Core</li><li>Identity</li><li>Edge Identity</li></ul> | User ID | **No –** when the customer is not capturing authenticated identities in the Identity Map<br/><br/>**Yes** **–** when the customer is capturing authenticated identities in the Identity Map | **No –** when the customer is not capturing authenticated identities in the Identity Map<br/><br/>**Yes** **–** when the customer is capturing authenticated identities in the Identity Map | <ul><li>Developer’s Advertising or Marketing</li></ul> |
+| <ul><li>Analytics</li><li>Edge</li><li>Edge Bridge</li><li>Edge Media</li><li>Media Analytics</li></ul> | Product interaction | **No –** when the customer is not capturing authenticated identities in the Identity Map<br/><br/>**Yes** **–** when the customer is capturing authenticated identities in the Identity Map | **No –** when the customer is not capturing authenticated identities in the Identity Map<br/><br/>**Yes** **–** when the customer is capturing authenticated identities in the Identity Map | <ul><li>Developer’s Advertising or Marketing</li><li>Analytics</li><li>Product Personalization</li></ul> |
+| <ul><li>Lifecycle</li></ul> | Other Data Types | **No –** when the customer is not capturing authenticated identities in the Identity Map<br/><br/>**Yes** **–** when the customer is capturing authenticated identities in the Identity Map | **No –** when the customer is not capturing authenticated identities in the Identity Map<br/><br/>**Yes** **–** when the customer is capturing authenticated identities in the Identity Map | <ul><li>Developer’s Advertising or Marketing</li><li>Analytics</li><li>Product Personalization</li></ul> |
+| <ul><li>Messaging</li><li>Optimize</li></ul> | Other Data Types | **No –** when the customer is not capturing authenticated identities in the Identity Map<br/><br/>**Yes** **–** when the customer is capturing authenticated identities in the Identity Map | **No –** when the customer is not capturing authenticated identities in the Identity Map<br/><br/>**Yes** **–** when the customer is capturing authenticated identities in the Identity Map | <ul><li>Developer’s Advertising or Marketing</li><li>Product Personalization</li></ul> |
+
+## Signed XCFrameworks
+
+Starting with version 5 of the Mobile SDKs for Apple, Adobe will provide signed XCFrameworks that customers can include in their applications. Use of signed XCFrameworks is recommended but not required.
+
+## Tracking Domains
+
+These are the domains Adobe uses to send data which you choose to collect. If you use Adobe products in a way Apple defines as "[tracking](https://developer.apple.com/app-store/user-privacy-and-data-use/)", you may need to add these domains to your Privacy Manifest's NSPrivacyTrackingDomains list.
+
+<InlineAlert variant="warningΩ" slots="text"/>
+
+Please note, that any domains that are added, will be blocked if the user does not grant permissions through the App Tracking Transparency framework which will significantly impact the functionality of the SDK.
+
+* omtrdc.net
+* adobedc.net
+* demdex.net
+
+<InlineAlert variant="info" slots="text"/>
+
+If you choose to use DNS CNAMEs for your data collection, you may choose to add those CNAMEs to the Tracking Domains instead of the domain names listed above.