Do I need a privacy manifest when using UserDefaults and CloudKit in my app?

App Store Distribution & Marketing App Review
JosephSimpson OP
Created Sep ’24
Replies 3
Boosts 0
Views 812
Participants 3

I have some questions about Apple privacy manifest.

I have a visionOS app called Project Graveyard. I'm getting ready for the visionOS 2 release. Since my last update Apple has started requiring privacy manifest files, but the documentation is extremely vague and I can't tell if I actually need one or not.

My app stores data two types of data for the user.

  1. User Defaults - App settings: lights, rain, window placement etc.
  2. SwiftData + CloudKit - User generated data: a list of project names and some optional text. User customization options for each item.

The data is stored on device or in CloudKit. I do not "collect" this data, it is simply there for the app to function. Do I need a privacy manifest for this type of data? If so, what do I "declare".

Replies  3
Boosts  0
Views  812
Participants  3
endecotp OP
Sep ’24

User Defaults is, for some reason that I don't understand, a "required reason" API. So you have to mention that. See https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

0
edorphy OP
Sep ’24
Accepted Answer

UserDefaults - yes. CloudKit - not today.

Why is UserDefaults required to declare a required reason? Apple puts a lot of information in the app's UserDefaults on the systems behalf. The data they put there is not meant for you to be reading. Unfortunate but the current state of the matter.

As a result, UserDefaults is one of those very easy APIs that can be use to digitally fingerprint a user and / or their device. Read up on the history of Required Reason API from last years WWDC.

All of the required reason APIs are mitigations to prevent user tracking outside of the ATT framework.

2
endecotp OP
Sep ’24

I didn't realize that User Defaults contained anything other than the data I write to it.

Isn't it strange that Apple chose to add this peculiar "required reason" thing, rather than just fixing NSUserDefaults to do what you and I always thought it did?

Maybe it's time to reconsider using UserDefaults at all.

Yes, this. The only essential feature of NSUserDefaults is when you implement a Settings.bundle to make your settings appear in the Settings app. (Which, bizarrely, is not covered by any of the reason codes - so you have to lie in your privacy manifest if you use that.) Otherwise, just store your data in the filesystem and avoid all this agro.

0
Do I need a privacy manifest when using UserDefaults and CloudKit in my app?
First post date Last post date
 
 
Q