Feature
The Gist
- Privacy boost. Apple introduces privacy manifests and SDK signatures to enhance data security.
- SDKs simplified. New features aim to streamline and secure third-party SDK use in app development.
- Transparency. Updates will give users more insight and control over how their data is used.
The media spotlight was justifiably enamored with Apple’s new Vision Pro VR headset. Vision Pro represents the pinnacle of Apple’s foray into the AR and VR market.
But marketers interested in customer experience must pay closer attention to two new frameworks aimed at ensuring consistent data privacy in the apps sold in the Apple store. Apple announced these features in a public blogpost on its site.
Apple hopes that these announced features will improve app privacy and the integrity of the data used in the app software supply chain. The new measures also hold promise of enhanced transparency, avoiding mishandled data behind the scenes.
Apple’s Privacy Manifests
The first feature, privacy manifests, are files that detail the privacy practices of all third-party Software Development Kits (SDKs) utilized in an app. The information is presented in a standard format.
Xcode
In addition, Xcode, an Apple-brand integrated development environment software (IDE), will combine privacy manifests into a single report when an app is prepared for distribution. Developers have long used Xcode to create software for Apple products.
SDKs
SDKs are programming kits which simplify integration of programming functions and data services into an app during development. App developers rely on SDKs to stream development, but SDKs are often varied in structure, creating complexity in maintaining an overview of features and updates that impact app functionality. This can hinder data privacy compliance, in which developers must understand how data is accessed.
Privacy 'Nutrition Labels'
The privacy manifests will serve as a "nutrition label" for developers, allowing them to better understand how third-party SDKs are using the data and relaying that understanding to app users. This serves to reveal what specific data is called and what data usage is applied, such as a fingerprint identification. Apple devices use Touch ID, a fingerprint identification system for third-party app access as well as device access.
Including a manifest report will ensure that developers provide consistent access to information for an app regardless of device.
Related Article: The State of Consumer Data Privacy Legislation in 2023
SDK Signatures
The second feature is the introduction of SDK signatures. SDK signatures address the workflow security of an app development and involves Xcode. When a developer incorporates a new version of a third-party SDK into their app, Xcode will use an SDK signature to verify that the new version was signed by the same developer.
This measure effectively prevents the manipulation of SDK-supplied code, a common target of cyberfraud programming techniques intended to facilitate scam attempts.
Related Article: Balancing Customer Data Privacy and Usefulness
Why Marketers Should Understand the Significance of These Changes
These changes are important to marketers who are delivering a customer experience through one or multiple apps. Apps are meant for customers to complete a service task — requesting a food order before arriving in store, scheduling an appointment for a service, or making a reservation for a desired getaway. Many apps rely on third-party software development kits (SDKs) to provide functionality for these services.
Privacy & App User Data
This arrangement has significant privacy implications regarding how apps handle user data once the users have provided their information. Brands that host these apps, typically under the purview of brand marketing managers, must heighten their awareness of customer information processing. Systematic ignorance could literally open a backdoor to data breaches. The Cambridge Analytica-Facebook scandal provides a stark illustration of the potential severity of such data breaches.
Data Usage Consent
The issue of data usage consent has traditionally been a technical consideration in app development. However, the evolving platform nature of today's brands has expanded both access and understanding, necessitating both app users and brand managers to be more informed. Customers are increasingly demanding greater visibility and control over how their data is being used.
Effective Data Privacy Management
Brand managers and marketing teams need to be more proactively involved in initial discussions on how to balance this demand for visibility and control with effective data privacy management.
The implementation of privacy manifests can help guide ongoing discussions. For instance, when it comes to data deletion or personal data update requests, people tend to prefer receiving confirmation that their request has been executed or completed, rather than receiving a copy of their personal data. By adhering to these privacy manifests, developers can better determine how data privacy is maintained.
What the New Frameworks Mean to Apple
For Apple, these introductions further the mission of its App Tracking Transparency (ATT) protocol. This protocol, initially developed as a protection against ad influence within its apps and devices, created a conflict with Meta. Meta argued that Apple's actions posed a threat beyond just Facebook and Instagram, as they diminished the ability of app developers to measure ad traffic and earn from ad revenue. I covered this issue in an earlier post on Apple’s ATT introduction.
Further Data Protections for Users
Since the ATT introduction, Apple has been working to further protect the user experience of its app store. For example, it sought to reduce the risk of fraudulent transactions through the apps it hosts in the App Store. Apple recently reported that it blocked over $2 billion in fraudulent transactions.
Webinar
Oct
16
Agentic AI Playbook: Real-World Customer Service Use Cases You Can Deploy Now
Boost self-service by 30% and slash call volume by 63% with agentic AI.
Register
Webinar
Oct
22
Beyond Storage: Smarter Content, Bigger Impact with DAM + AI
Discover how the DAM + AI duo makes content smarter, stronger and more accessible.
Register
Webinar
Nov
6
Fix the Content Bottleneck: Build a Better WebOps Strategy
Content stalled? Dev overloaded? You’re not the only one. Learn how streamlined WebOps bridges the publishing gap.
Register
Webinar
On demand
Call Spoofing Trends Financial Institutions Can't Afford to Ignore
Don't let robocalls sabotage your customer relationships. Learn how to secure your voice channel.
Watch Now
Webinar
On demand
CMS Briefing: A Live Look at What’s Next in AI-Driven Platforms
Learn how leading organizations are using AI‑driven tools to publish faster, personalize smarter and stay secure.
Watch Now
Webinar
On demand
Ready or Not: How Data-First Organizations Are Unlocking Agentforce Potential
Learn how to cut through the noise, activate Agentforce and build a Salesforce AI strategy that actually delivers.
Watch Now
Fraud Protection
The introduction of privacy manifests and the SDK signatures are clearly aimed more at the development side of app maintenance. Their benefits, however, will further aid Apple’s protection against fraud from wide-scale threats that app users don’t see but certainly experience when fraud occurs.
More to Come
According to Apple’s site, additional information in support of its privacy initiatives will be published later this year, including a list of third-party SDKs that have particularly high impact on user privacy, a developer feedback form to suggest new reasons for calling covered APIs, and additional documentation explaining further details about signatures, privacy manifests and their required usage.
