Version: 2023.2
Language : English
App slicing
Linux

Apple’s privacy manifest policy requirements

Apple is introducing a privacy policy for including privacy manifest files in new and updated applications targeted for iOS, iPadOS, tvOS, and visionOS platforms on the App Store.

The privacy manifest file (PrivacyInfo.xcprivacy) lists the types of data your Unity applications, or any third-party SDKs, packages, and plug-insA set of code created outside of Unity that creates functionality in Unity. There are two kinds of plug-ins you can use in Unity: Managed plug-ins (managed .NET assemblies created with tools like Visual Studio) and Native plug-ins (platform-specific native code libraries). More info
See in Glossary
collect, and the reasons for using certain Required Reason API categories.

Important: If the use of the Required Reasons APIs by you or third-party SDKs isn’t declared in the privacy manifest, your application might be rejected by the App Store. For more information, visit Apple’s documentation on Required Reasons APIs.

Prepare your Unity applications for Apple’s privacy manifest policy

You must review your native code, C# code, and data collection and tracking practices to understand if Apple’s privacy manifest policy applies to you. Follow these guidelines to decide if you need to include a privacy manifest file in your product:

  • If your application includes multiple third-party SDKs, packages, and plug-ins, then these third-party components (if applicable) must provision their own privacy manifest files separately. Note: It’s your responsibility however, to make sure that the owners of these third-party components include privacy manifest files. Unity isn’t responsible for any third-party privacy manifest, and their data collection and tracking practices.

  • If your application includes Unity framework implementations of the C# .Net framework APIs that call certain APIs listed in the Apple’s Required Reasons API categories, then you must assess your product for the API usage. For assessing what constitutes as part of data collection and tracking practices, refer to Apple’s documentation on privacy manifest files. Note: It’s your responsibility to assess your use of each of these APIs and declare the applicable reasons for using them.

Depending on whether you’re using Unity to develop an application or providing your SDKs, packages, and plug-ins to use with Unity applications, the requirement for providing a privacy manifest file might differ.

Note: The above guidelines are provided for your convenience. It’s important that you review Apple’s documentation on privacy manifest files before creating a privacy manifest for your project.

Privacy manifest for Unity applications

If you’re developing an application using Unity, consider the following steps:

  1. Assess if your native application code uses any of the following APIs:
  2. If you meet one or both of the conditions from step 1, create a privacy manifest file in Xcode and save it in the Assets/Plugins folder of your project.

  3. In the privacy manifest file, declare the approved reasons for using the Required Reason APIs or C# .Net framework APIs, as applicable.

    Important: If you don’t declare the reasons for the use of APIs, your application might be rejected by the App Store.

  4. Verify if your native application code collects any type of data categorized by Apple and declare those data types in the privacy manifest file as applicable. Any third-party SDKs, packages, and plug-ins used in your application must include their own separate manifest files to declare data collection and the use of any Required Reasons APIs with approved reasons.

Notes:

  • It’s your responsibility to check the accuracy of the privacy manifest within the Unity framework and if any third-party components included in your Unity project require any declarations in you privacy manifest. It’s recommended that you search these third-party components for any references to a privacy manifest declaration.

  • If you’re developing an application using Unity as a library, check if your native application code collects any of the following information outside of the Unity project:

Privacy manifest for third-party SDKs, packages, and plug-ins

If you’re a plug-in, package, or SDK owner, and you provide a service or package to be included within a Unity project as a .framework, follow these steps:

  1. Assess if your native code or native library includes any of the following categories of information:
  2. Declare the types of data being collected and the approved reasons for using the Required Reasons APIs in the privacy manifest file of your framework (if applicable).

If your product isn’t used as a .framework within a Unity project, then consider delivering it as a .framework. If you’re unable to do so, then follow these steps:

  1. Assess if your native code or native library uses the following APIs:
  2. If one or both of the API categories are used, then create a privacy manifest file in Xcode and save it in your source code. Make sure to select the iOS platform in the plug-in InspectorA Unity window that displays information about the currently selected GameObject, asset or project settings, allowing you to inspect and edit the values. More info
    See in Glossary
    window.
  3. In the privacy manifest file, declare the use of Required Reason APIs or C# .Net framework APIs, as applicable with approved reasons.
  4. Verify if your native code or native library collects any type of data categorized by Apple and declare those data types in the privacy manifest file as applicable.

C# .Net framework APIs in Unity

The following table provides a list of C# .Net APIs that call the Required Reasons API category named File timestamp API. If your application, SDK, package, or plug-in code calls any of the APIs from this list, declare the reasons for their use in your privacy manifest file following the guidelines specified in Apple’s documentation on Required Reasons API.

Note: The following list is verified only for Unity versions 2021.3 LTS and later.

File APIs Directory APIs
fileInfo.CreationTime; directoryInfo.CreationTime;
fileInfo.LastAccessTime; directoryInfo.LastAccessTime;
fileInfo.LastWriteTime; directoryInfo.LastWriteTime;
fileInfo.CreationTimeUtc; directoryInfo.CreationTimeUtc;
fileInfo.LastAccessTimeUtc; directoryInfo.LastAccessTimeUtc;
fileInfo.LastWriteTimeUtc; directoryInfo.LastWriteTimeUtc;
File.GetCreationTime(filePath); Directory.GetCreationTime(filePath);
File.GetLastAccessTime(filePath); Directory.GetLastAccessTime(filePath);
File.GetLastWriteTime(filePath); Directory.GetLastWriteTime(filePath);
File.GetCreationTimeUtc(filePath); Directory.GetCreationTimeUtc(filePath);
File.GetLastAccessTimeUtc(filePath); Directory.GetLastAccessTimeUtc(filePath);
File.GetLastWriteTimeUtc(filePath); Directory.GetLastWriteTimeUtc(filePath);

Unity Engine privacy manifest

Unity Engine calls the Required Reasons APIs from the following categories and declares these categories with the listed reasons for their use.

Category Reason Description
File timestamp APIs 0A2A.1 Used by C# timestamp APIs
File timestamp APIs C617.1 Used to check files
User defaults APIs CA92.1 Used for PlayerPrefs API
System boot time APIs 35F9.1 Used to calculate time between various events
Disk space APIs E174.1 Used to check disk space for AssetBundles

Note: Starting with Unity Editor versions 2021.3.35f1, 2022.3.18f1, and 2023.2.7f1, Unity Engine automatically includes these reasons in the privacy manifest file. If you’re using an older Unity Editor version, you must always declare these reasons in the privacy manifest file of your project.

App slicing
Linux