Let me add a bit of thing. If your app uses an SDK not listed but that falls under the mentioned requirements, then this SDK must include a privacy manifest. How to tell a SDK which doesn't have a Privacy Manifest file because it doesn't fall under the requirements or because they're just lazy and not working yet to fulfill the requirement? If we had a simple tool to check if a library utilizes the APIs which fall under the requirement we can somehow tell that (although it'll be cumbersome), but no such method is provided nether.

My opinion: Once you forked the library it is separated from the original, and now YOU are responsible to declare the data collection. So you MUST add Privacy Manifest to the fork. Anyone correct me if I was wrong.