Search Unity

  1. Unity 6 Preview is now available. To find out what's new, have a look at our Unity 6 Preview blog post.
    Dismiss Notice
  2. Unity is excited to announce that we will be collaborating with TheXPlace for a summer game jam from June 13 - June 19. Learn more.
    Dismiss Notice

Official Apple privacy manifest updates for Unity Engine

Discussion in 'iOS and tvOS' started by JuliusM, Dec 20, 2023.

  1. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    836
    Introduction

    At WWDC 2023 Apple announced a number of additions to its privacy program, including the introduction of Privacy Manifests.

    Since then, we have been collecting your questions, as well as seeking clarity from Apple about how this impacts development with the Unity Engine. This thread will be updated to provide information on how Unity will be helping Apple app developers with these new requirements.

    What is this about?

    The Privacy Manifest is a text file that outlines privacy practices of first or third-party code.
    A Privacy Manifest file can contain:
    • Data usage: This explains the data collection purposes of your Application or SDK. Think about this as a representation of “privacy nutrition labels” and app tracking.
    • Access to Required Reasons APIs: These are APIs with the potential for misuse, so Apple needs to know why your code calls them. Failing to declare these APIs may in the future result in your app update being rejected from the App Store.
    The current Apple guidelines (from December 2023) state that from Spring 2024 new apps and app updates must at least:
    1. Describe their use of Required Reason API, or they “won’t be accepted by AppStore Connect”
    2. Include the Privacy Manifest for any Commonly-used SDK. Commonly used 3rd-party SDKs (as defined by Apple here) will require a Privacy Manifest and in some cases, a digital signature. UnityFramework is in this initial list, and we can confirm we will be providing Privacy Manifest details covering the Unity Engine core APIs in 2021+ LTS versions.
    These apply to: iOS, iPadOS, tvOS, visionOS, and watchOS.

    The changes noted here apply to the Unity Engine core only. That is the platform support without any built-in or third party packages or plugins. Package and plugin owners will be addressing any required changes for their product themselves.

    Note: This post provides general information about the privacy manifests and Unity’s plan for supporting developers in its implementation. It is important that you review Apple’s documentation before you create a privacy manifest for your project.

    Unity Engine support plan

    From today and through Q1 2024 we will be publishing documentation and shipping Engine updates to help with Privacy Manifests. We will release more information as it becomes available.

    Unity 2021 LTS will be the minimum version with officially supported Unity Engine Required Reasons API compatibility. We recommend that you upgrade your project to the latest patch version to receive upcoming additions.

    Supported versions will cover:
    • [Available today] Unity Engine core Required Reason Privacy Manifest entries & related Documentation. See them here. This covers Unity Engine core’s internal usage of Required Reasons APIs.
    • [Available today] Documentation for C# methods that map to Required Reason APIs. If you use one of these, you will need to declare a Reason. See them here.
    • [Available today] Fixes to the Unity Engine core to comply with Required Reasons. We are updating the Engine to use fewer Required Reason APIs. This change is available in Unity 2021.3.34f1, 2022.3.16f1 and 2023.2.5f1 releases. This is an internal change, so it is not mentioned in the release notes. This change requires a Unity Editor update.
    • [Available today] Solution to incorporate Privacy Manifests coming from Unity plugins, packages and your project. This change is available in Unity 2021.3.35f1, 2022.3.18f1 and 2023.2.7f1 releases. The release notes state "Add Apple Privacy Manifest support". This change requires a Unity editor update.
    • [Available today] Addition of 35F9.1 reason for the Required Reason APIs used within Unity Engine core. This change is available in Unity 2021.3.36f1, 2022.3.21f1 and 2023.2.13f1 releases. The release notes state "Added missing privacy manifest entry for System Boot time API usage". This change requires a Unity editor update.
    • [Work in progress] We will sign Unity Engine libraries within UnityFramework. We expect this change to be available in Unity 2021/2022/2023 forthcoming patch releases This change will require a Unity editor update. This is not required. See new posts for details.

    Unity Engine & Privacy Manifests

    An Apple Unity application can contain multiple frameworks (eg Ads or Social SDKs). Each framework can contain a single Privacy Manifest file. Out of the box, Unity applications have a single framework for the Unity project, called UnityFramework. Multiple Privacy Manifest files coming from different plugins, packages integrated into your Unity project, or first-party (your Unity project) will have to be combined into a single Privacy Manifest file inside of Unity Framework. Future Unity versions will do this automatically, but Unity developers with projects stuck on older Unity versions will have to do this manually.

    Note: It is your responsibility to check the accuracy of the privacy manifest of the Unity Framework.

    Continue reading to learn about our support plans and how to manually collect Privacy Manifest information from different sources.



    You can do this now - Audit & Prepare

    Below are initial guidelines on how you can audit your code in a Unity project or a plugin / package. We will continue to update this post as new information is made available.

    The Required Reasons APIs in Unity application can be called in two ways
    1. Natively
    2. Through a C# method:
    Make sure to check both use cases when auditing your code.

    If you are a Unity Game/App Developer
    1. Consider updating your project to the latest patch version of your supported LTS. This way you will be ready to receive relevant updates.
    2. Identify any third party SDKs that you use. Please see the documentation or contact the owners of these SDKs to check if they need to have a Privacy Manifest. If they use a Required Reason API, they must have a Privacy Manifest. You will have to update these SDKs to newer versions that provide Privacy Manifest.
    3. Audit Required Reasons API usage - Any inclusion of a Required Reason API call in your app, even if dormant, will require a reason declaration in the manifest.
      • Examine any of your first-party native code or libraries for any calls for Required Reason APIs.
      • Examine your C# code - are you using any calls from this list.
      • You will need to add your reasons for calling any Required Reason API either within the native or the C# space.
    4. (if applicable) Audit your own privacy practices [Apple Docs] for data use and add this information to the privacy manifest file.
    5. Create a Privacy Manifest in Xcode and include the above information in the privacy manifest file.
    6. Save this file into your Unity project under the Plugins folder. In latest versions of Unity Editor 2021, 2022 and 2023 this file is merged into the Unity Framework Privacy Manifest during project build.
    Our documentation page includes these instructions as well.

    Special case - Unity as a Library

    If you have additional first-party data collection/Required Reasons practices that happen outside the Unity project you will need to create a top-level main app privacy manifest and add those there.

    If you are a Plugin/Package/SDK owner

    You may be providing a service or package to be included inside a Unity project. Examples: an ad network, social network, or Asset Store package that contains code. Below are our suggestions based on your product delivery type. Our documentation page includes these instructions as well.

    My product is delivered as a .framework

    Steps:
    1. Audit Required Reasons API usage
      • Examine any native code, or native library of yours for usage.
    2. (if applicable) Audit your SDKs privacy practices [Apple Docs] for data use and collect this information.
    3. Include the above information in your framework’s privacy manifest file as directed by Apple.
    4. Release a new version of your SDK Framework.

    My product is NOT delivered as a .framework

    Consider delivering your product as a .framework.
    If this is not possible:
    1. Audit Required Reasons API usage.
      • Examine any native code, or native library of yours for usage.
      • Examine your C# code - are you using any calls from this list.
      • You will need to add your reasons for calling any API either within the native or the C# space.
    2. (if applicable) Audit your privacy practices [Apple Docs] for data use.
    3. Create a Privacy Manifest in Xcode and include the above information in the privacy manifest file.
    4. Save it inside your plugin folder eg Plugins/<YOURPRODUCTNAME>.xcprivacy file. In latest versions of Unity Editor 2021, 2022 and 2023 this file is merged into the Unity Framework Privacy Manifest during export.
    5. Release a new version of your Plugin/Package.

    Here is a visual representation of our suggestions



    Troubleshooting

    1. Will XYZ sdk/plugin/package I use in my Unity project provide a Privacy Manifest?
      • Each sdk/plugin/package owner is responsible for providing this information for their code. Check the latest documentation of sdk/plugin/package or contact their owner.
    2. UnityFramework has been identified as a ‘commonly used SDK’ in need of Privacy Manifest.
      • We are aware of this and we will be providing documentation and Unity editor updates containing the Engine’s Privacy Manifest information for supported Unity Engine versions.
    3. UnityFramework has been identified as a ‘commonly used SDK’ in need of a signature.
      • Aside from Unity libraries, UnityFramework also contains your code and any 3rd party plugins that you include in your Unity project. This framework is automatically signed when you build your project on your machine. To fulfil Apple's requirements, Unity will sign only Unity libraries within UnityFramework. We will implement this in future patch releases for supported Unity Engine versions. Apple has confirmed we don't need to sign Unity libraries for now.
    4. I’m using an older Unity version than Unity 2021 LTS and I can’t upgrade.
      • We will be providing extensive documentation only for officially supported Unity versions. You can attempt to use it with older Unity versions, but we are unable to guarantee it would work or be accurate.
    5. (Third party) Apple/Cocoapods Frameworks’ PrivacyInfo.xcprivacy is not included in the build if it is linked statically to another framework. This issue is not specific to Unity projects.
      • You should place your framework in XCFramework if you plan to statically link it. This way Xcode will include the privacy manifest from your statically linked framework. However, this still does not work for Cocoapods.
     
    Last edited: Mar 8, 2024
  2. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    836
    Hello everyone. We have two updates to this thread.
    1. We are progressing with our support plan and currently we are implementing a solution to incorporate Privacy Manifests coming from Unity plugins, packages and your project into a single Privacy Manifest file within Unity Framework. Unity will also automatically include relevant reasons for Required Reason APIs used within the Unity Engine core. As we outlined in the support plan, this feature will be implemented in all currently supported Unity releases starting with Unity 2021. We will update this thread again once we know exact version numbers which will contain this feature.
    2. Apple's requirements page also lists a requirement for commonly used SDK providers to sign their SDKs. We are planning to sign Unity libraries within Unity Framework to be compliant with this requirement. Unity Framework itself can't be signed by us, because it contains your code, 3rd party plugins and it is compiled on your machine. This work is just planned for now, so it will be available in some future patch releases.
     
    Thaina, Petr777 and StuWebstMW like this.
  3. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    836
    Another small update.

    The solution to merge Privacy Manifests into a single file within Unity Framework (including relevant reasons from Unity Engine core) should be available in Unity 2021.3.35f1, 2022.3.18f1 and 2023.2.7f1 releases. The release notes will state "Add Apple Privacy Manifest support".
     
  4. Voxel-Busters

    Voxel-Busters

    Joined:
    Feb 25, 2015
    Posts:
    1,992
    We mainly distribute source code directly in our plugins and not as a framework. We have multiple features and these are selectable by developers if they want to use it or not.

    Given the above context, Can you please answer these questions?
    1. Can we have our own post processing to include the privacy manifest files in the final xcode build?
    2. Does Unity impose any rules to include in Plugins/<YOURPRODUCTNAME>.xcprivacy file?
    3. I assume these manifests are required "irrespective of how the developer uses" the feature but mandatorily required if any iOS API is used/accessed by the plugin provider. Right?

    Thanks,
    VB Team
     
    Noisecrime likes this.
  5. Noisecrime

    Noisecrime

    Joined:
    Apr 7, 2010
    Posts:
    2,057
    Out of interest with respect to only Unity native/framework aspects does this mean versions of Unity older than the proposed 2021 LTS update are no longer viable for release on Apple ( iOS ) or that it will just involve more complex, manual creation of the various privacy manifests by the developer?

    Edit:
    Just noticed the troubleshooting step 4. It doesn't really answer my question above, as it suggests it might be possible. However my concern is that if a privacy manifest needs to be embedded into any of Unity's compiled dll's or whatever is used on iOS then that is most likely impossible to do.

    It will be useful to know this as I have a project based on 2018.4 that is slated to get updated to a more modern Unity version, but due to the challenges involved other features take priority. Knowing that a 2018.4 Unity could build an xcode project and the developer could address all the privacy manifest requests would provide a nice safety net, otherwise development of the project will have to be adjusted.

    I would also echo 'Voxel-Busters' questions since I currently use one of their plugins (CPNP v1), which i will need to update to a modern version for use with a newer version of Unity, so they need to be able to add manifests based on feature usage of the plugin.
     
    Last edited: Jan 21, 2024
  6. AcidArrow

    AcidArrow

    Joined:
    May 20, 2010
    Posts:
    11,959
    You gave the answer yourself, when you use unsupported Unity versions, you either have to update or hack your way around new requirements.

    Sometimes it's possible to hack, sometimes it isn't. I guess you are asking whether it's possible in this case, and the answer is : maybe.

    The main problem here is what Unity's code is doing, since we don't have access to that we don't know what to fill in.

    It's going to be hard and annoying even with supported versions, because as they said, they will be providing manifests for "Unity Core only" and their packages will have to be updated. And with packages being a graveyard for abandoned features, if you are using any of them and they happen to make API calls you need to include in your manifest, you are probably screwed. My guess, based on how much Unity cares about privacy, is that even the "maintained" packages will probably take a year+ to include manifests, if they do at all.

    But you are probably even more screwed in 2020 and prior, since there you don't know what Unity may be doing behind the scenes and Unity doesn't provide you with anything at all. And in Apple's eyes we are the ones liable for these, not Unity, even though we don't actually know or trust what Unity is doing.
     
    Last edited: Jan 21, 2024
    Noisecrime likes this.
  7. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    836
    Hi, based on our understanding, you must always specify reasons for all Required Reasons APIs present within your code. This information is used to inform the developer who uses your code. Therefore Privacy Manifest provided alongside your code should be static. You should not care which part of your code the developer ends up using.

    Now to directly answer your questions:
    1. We don't support modifying Privacy Manifest files during build time. You could use post processing to do modifications, but that is not recommended. Note that you would have to modify the Privacy Manifest file in the Unity Framework.
    2. Unity expects the Plugins/<YOURPRODUCTNAME>.xcprivacy file to be a valid Privacy Manifest file. We recommend to create this file in Xcode.
    3. Correct. These manifests are used to inform the developer who uses your code. So if your code calls any of the Required Reasons APIs, you have to provide reasons for it, regardless whether the developer has logic which goes through that code path of not. We are in the same situation, where we will always specify reasons for Required Reasons APIs present in our source code (see the bottom of this page https://docs.unity3d.com/Manual/apple-privacy-manifest-policy.html) regardless whether that feature is used or not.
     
  8. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    836
    Apple's page https://developer.apple.com/support/third-party-SDK-requirements/ says
    We don't know how Apple will treat an app update built with the same or different Unity version. If Apple will consider that as an update which doesn't add a new SDK, then you could be fine even when using an old Unity version, but we don't know if that will be the case. The safer approach would be to publish updates for your old apps before the spring.

    Privacy manifest is just a file inside of the Xcode project. As long as you know what has to be written to it, you can always create it yourself. The actual problems are these: 1) knowing what to write to it 2) the code must be using Required Reasons APIs only for the allowed reasons 3) requirement to sign SDKs.
    As already mentioned in one of the previous comments, solving 1 and 2 on your own will be either very difficult or impossible. 3rd problem can be solved only by the SDK provider.
     
    Noisecrime likes this.
  9. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    836
    We list reasons for Required Reasons APIs used within Unity Engine core at the bottom of this page https://docs.unity3d.com/Manual/apple-privacy-manifest-policy.html
    We haven't checked if these reasons are valid and cover all Required Reasons APIs in unsupported Unity versions, but at least this can be a start for people who are determined to find workarounds for the requirement on unsupported Unity versions.
     
  10. GustavNinja

    GustavNinja

    Joined:
    Jun 13, 2016
    Posts:
    98
    I have question about the current added PrivacyInfo file.

    I looked at your documentation and the latest 2022.3.18f1 editor. And I noticed 2 parts that I want to check if this is correct.

    1. File timestamp APIs 0A2A.1 has no description added. Is it okay to just have it declared this way?
    2. System boot time APIs 35F9.1 is not added. But inside the InternalProfiler.cpp mach_absolute_time is still used. Is this okay or does it need to be declared?
    Screenshot 2024-01-23 at 13.22.43.png
     
    JuliusM likes this.
  11. Voxel-Busters

    Voxel-Busters

    Joined:
    Feb 25, 2015
    Posts:
    1,992
    Thanks for confirming this. As per our research, we are on the same page. As plugin developers, we mostly need to fulfil the requirements for Required Reasons APIs (as long as we don't store/pass the info externally).

    Our code don't be shipped into the UnityFramework as we ship the source code, it will be part of the final xcode build. I suppose thats the case for Unity's native files (obj-c) too - which are not part of any framework (for ex: Replay Kit). Considering that fact, I suppose this restriction isn't required. Can you please confirm @JuliusM ?

    To clarify, We can generate the privacy manifest (valid one) file in post process as per the feature selection and add it to final xcode project. Xcode merges all xcprivacy files when it makes a build. Would be great if you can confirm this or if anything I'm missing.
     
    Last edited: Jan 23, 2024
  12. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    836
    Hi, thanks for raising these questions.
    1. The descriptions you see in Xcode are added by the Xcode. We declare only the reason code. From our perspective everything is ok with this reason.
    2. That's a good notice. It is an oversight on our side. We need to add this reason to our privacy manifest. Our documentation is correct. We will fix this.
     
    GustavNinja likes this.
  13. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    836
    Please read the original post in this thread again, especially the "If you are a Plugin/Package/SDK owner" part.
    There are only two ways your plugin can be integrated in Unity application. Either you provide a .framework in which case your Privacy Manifest file would be placed in that framework, or your code ends up in Unity Framework in Xcode alongside our code, app developer's code and other Unity plugins' code. There can be only a single Privacy Manifest file per framework, so if your code ends up in Unity Framework, your Privacy Manifest entries have to be merged with entries from other sources. As described in our documentation and the original post in this thread, Unity Editor will automatically merge .xcprivacy files from Unity project into this single Privacy Manifest file in Unity Framework. So you should just add a .xcprivacy file to your plugins which need to declare privacy information.

    I want to repeat that the purpose of the Privacy Manifest is to inform the app developer of everything that the SDK / Plugin could do. The original Apple's announcement https://developer.apple.com/news/?id=av1nevon said
    It doesn't matter if the app developer doesn't use the functionality of the SDK / Plugin that requires an entry in the Privacy Manifest file. The Privacy Manifest file must always contain required entries for the code that is provided to the app developer. As an example, Unity will always add "CA92.1" reason to the Privacy Manifest for accessing user defaults API. In Unity Engine core this is used only by the PlayerPrefs API, but it doesn't matter if the app developer uses this API or not - the entry will always be present in the Privacy Manifest file. I hope this clears things up for you.
     
    Voxel-Busters likes this.
  14. Voxel-Busters

    Voxel-Busters

    Joined:
    Feb 25, 2015
    Posts:
    1,992
    Thanks for taking time in explaining it!
    I was wrong in my earlier post, thanks for clarifying it.
    We can control the .xcprivacy manifest generation at editor time as soon as developer enables/disables the feature!
     
  15. Oscar-Tsang

    Oscar-Tsang

    Joined:
    Nov 7, 2012
    Posts:
    84
    2022.3.18f1 added Apple privacy manifest, cause unable to build on iphone simulator, error on the .xcprivacy file.

    using xcode 14.3.1
     
  16. AcidArrow

    AcidArrow

    Joined:
    May 20, 2010
    Posts:
    11,959
    I don't think XCode 14 knows what to do with the privacy manifest.
     
  17. Core_Ventura

    Core_Ventura

    Joined:
    Jul 28, 2016
    Posts:
    2
    In my case I got an error in Xcode indicating that the file did not exist, but I checked the directory and saw that it was there, but with an xml extension, after removing the extension it let me build. Hope this helps!
     
    Noisecrime likes this.
  18. M-SugayaTakuma

    M-SugayaTakuma

    Joined:
    Apr 9, 2020
    Posts:
    12
    I have confirmed that the PrivacyInfo.xcprivacy file is automatically generated in Unity 2022.3.19f1. I am also aware that if using a tracking service such as Unity Analytics, PolicyInfo.xcprivacy needs to be edited to add the necessary policies for data collection.
    The edited file can be placed in the Assets/Plugins folder and will replace the existing PrivacyInfo.xcprivacy file when built.

    UnityFramework is a 'commonly used SDK' and requires signing, is this support already in the latest Unity version?
    If so, where can I check to see if it is signed?
     
    hNakagori, konoyuta and Petr777 like this.
  19. extstkim

    extstkim

    Joined:
    Jul 26, 2021
    Posts:
    3
    This bullet point in the first post seems to suggest it's not out yet:

    • [Work in progress] We will sign Unity Engine libraries within UnityFramework. We expect this change to be available in Unity 2021/2022/2023 forthcoming patch releases This change will require a Unity editor update.
     
  20. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    836
    Hello everyone,

    We want to give you an update on where we are regarding Apple's privacy requirements.

    Requirement to provide Privacy Manifest
    The latest Unity Editor versions can already handle Privacy Manifests and also automatically add most of Required Reasons for APIs used within Unity Engine core. We still need to add reason 35F9.1 to the Privacy Manifest, which we expect to be done in Unity 2023.2.13, 2022.3.21 and 2021.3.36. The release notes will state "Added missing privacy manifest entry for System Boot time API usage".

    Requirement to sign Unity libraries
    We are discussing with Apple if this requirement is really applicable to Unity libraries. It seems we won't need to move Unity Engine core libraries into a separate framework in order to sign them, because we don't distribute them separately as a dynamic dependency. We expect to get a final confirmation from Apple next week.

    We will keep you updated.
     
    Ham-Dongki, ayana, iiCaptain and 14 others like this.
  21. iiCaptain

    iiCaptain

    Joined:
    Jan 13, 2020
    Posts:
    1
    Looks like 2023.2.13, 2022.3.21 and 2021.3.36 were released March 5th
    https://unity.com/releases/editor/qa/lts-releases
     
    Last edited: Mar 8, 2024
    makaka-org likes this.
  22. GustavNinja

    GustavNinja

    Joined:
    Jun 13, 2016
    Posts:
    98
    I can confirm that 35F9.1 was added in the latest release. Also the function of merging several Privacyinfo files was added as well.
     
    makaka-org likes this.
  23. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    836
    Hello everyone,

    We have some updates after our discussions with Apple.
    • We have confirmation that UnityFramework does not need to be signed and Unity Engine core libraries can remain in UnityFramework without being signed. We will continue to investigate the feasibility of signing the Engine core libraries as a separate feature, no longer tied to the current privacy requirements from Apple.
    • UnityFramework will still be included in the "commonly used third-party SDK" list on Apple’s side as we need to comply with the privacy manifest requirements.
    Apple has published an update with deadlines for compliance. Starting March 13, Apple will start sending out email notifications for missing reasons in the app's privacy manifest and if not addressed, this will prevent app updates starting May 1.

    Apple states you are responsible for all code included in your apps. When uploading an app, Apple requires you to declare your first-party collected data, provide reasons for your own usage of the required reasons APIs and ensure newly added commonly used third-party SDKs and frameworks comply with Apple’s privacy requirements.

    If you get notified about missing reasons or signatures, you have to declare your own reasons and / or update third-party dependencies to versions which meet Apple’s requirements.

    What does this mean for updates of already published apps?

    All apps made with Unity Editor contain UnityFramework. Based on the current requirements, such apps published before Spring 2024 can be updated without including reasons for the required reason APIs used by the Unity Engine core. This means you could continue to use older Unity Editor versions for now. Please bear in mind Apple may change their third-party SDK requirements in the future, so we strongly recommend to upgrade to Unity version 2021.3.36f1, 2022.3.21f1, 2023.2.13f1 or newer, which
    • automatically handles privacy manifests from Unity packages and plugins included in your project
    • declares reasons for the required reason APIs used by the Unity Engine core
     
  24. kontaka3

    kontaka3

    Joined:
    Sep 13, 2016
    Posts:
    2
    I provide a package that includes a .xcframework to be incorporated into a Unity project. I understand that Unity currently doesn't support the xcframeworks that are compliant with Privacy Manifest (an xcframework that contains .xcprivacy and is signed with an Apple Distribution certificate). Is there any particular reason for this?
    Dose Unity have any plans to support it in the future?

    when I use a Privacy Manifest compliant xcframework and import it into my Unity project, meta files are generated inside the xcframework. This causes the signature verification to fail when building with Xcode, leading to a build failure.
     
  25. rytis_unity

    rytis_unity

    Unity Technologies

    Joined:
    Mar 14, 2020
    Posts:
    1
    @kontaka3 Hey,
    We plan to support .xcframework in the near future, but I don't have an ETA. The changes are rather simple, xcframeworks will function the same as frameworks.
     
    Petr777 and kontaka3 like this.
  26. kontaka3

    kontaka3

    Joined:
    Sep 13, 2016
    Posts:
    2
    @rytis_unity
    Thank you very much for your reply.
    I understand it.
     
  27. mii47

    mii47

    Joined:
    May 10, 2017
    Posts:
    2
    If we are unable to update UnityEditor for some reason, can we simply add PrivacyManifest manually?
     
    makaka-org likes this.
  28. makaka-org

    makaka-org

    Joined:
    Dec 1, 2013
    Posts:
    1,055
    You can use just this point after building from Unity and without adding the file to the Unity Project.

    To exclude doing this every new build, I believe that you can automate your routine using [PostProcessBuild(0)] attribute for operational method like in this my example for App Encryption Documentation, but for Privacy Manifest file in your case.
     
    Petr777 likes this.
  29. mii47

    mii47

    Joined:
    May 10, 2017
    Posts:
    2
    Thanks!
    I'll refer you to it.
     
  30. vn_man

    vn_man

    Joined:
    Jun 7, 2017
    Posts:
    24
    I use Unity 2023.1.3f1 and my app not use any API in list Required Reasons APIs
    so what exactly work I have to do for build and public ios?
    thank!
     
  31. Voxel-Busters

    Voxel-Busters

    Joined:
    Feb 25, 2015
    Posts:
    1,992
    If you don't have any usage of api methods which fall under required reasons api, just fill in nutrition labels (NSPrivacyCollectedDataTypes) entry list in the privacy manifest. If you have no data collected or used, just do nothing!
     
    vn_man likes this.
  32. Voxel-Busters

    Voxel-Busters

    Joined:
    Feb 25, 2015
    Posts:
    1,992
    You should post this on Photon's discord for help.
     
  33. unity_01C950CF7925D7707808

    unity_01C950CF7925D7707808

    Joined:
    Nov 29, 2023
    Posts:
    5
    Last edited: Apr 23, 2024
  34. pixelsprite_unity

    pixelsprite_unity

    Unity Technologies

    Joined:
    Sep 22, 2022
    Posts:
    21
    Thank you for flagging this; we have raised it internally.
     
  35. unity_65869D18C87D542F36E1

    unity_65869D18C87D542F36E1

    Joined:
    Mar 17, 2023
    Posts:
    2
    Hey guys, I'm currently using bunch of analytics SDKs in my game from which some are of older version for them I created a privacy file in Assets/Plugins and added their privacy API reasons and DataTypes from their release commits on git. The problem is that I'm still getting "NSPrivacyAccessedAPICategoryFileTimestamp" API missing warning. I've event tried to add all of the reasons in the file, I'm still getting the same warning. Kindly let me know what I'm doing wrong here. Thanks.
     
  36. Voxel-Busters

    Voxel-Busters

    Joined:
    Feb 25, 2015
    Posts:
    1,992
    Once you make the XCode project, open the exported folder and navigate to UnityFramework folder.
    Over there you can see both .xcprivacy file along with "ApplePrivacyManifestsMerge.txt" file. It contains the log on how the unity merged the different privacy manifest files provided in the unity project. That might help you.

    Let us know what you found out!
     
    Last edited: Apr 26, 2024
    pixelsprite_unity and Petr777 like this.
  37. pixelsprite_unity

    pixelsprite_unity

    Unity Technologies

    Joined:
    Sep 22, 2022
    Posts:
    21
  38. gelllard

    gelllard

    Joined:
    Jan 11, 2019
    Posts:
    4
    I've got the mail from Apple with list of API. I found ApplePrivacyManifestsMerge.txt file and there are all API from apple's mail. Does it mean that Privacy Manifest contains all required API? Why did I get the warning?

    I have not my own manifest at all, by the way.

    Code (Boo):
    1. Adding elements from Unity
    2.     NSPrivacyCollectedDataTypes:
    3.         <empty>
    4.  
    5.     NSPrivacyAccessedAPITypes:
    6.         0:
    7.             NSPrivacyAccessedAPIType:
    8.                 NSPrivacyAccessedAPICategorySystemBootTime
    9.             NSPrivacyAccessedAPITypeReasons:
    10.                 0:
    11.                     35F9.1
    12.         1:
    13.             NSPrivacyAccessedAPIType:
    14.                 NSPrivacyAccessedAPICategoryDiskSpace
    15.             NSPrivacyAccessedAPITypeReasons:
    16.                 0:
    17.                     E174.1
    18.         2:
    19.             NSPrivacyAccessedAPIType:
    20.                 NSPrivacyAccessedAPICategoryUserDefaults
    21.             NSPrivacyAccessedAPITypeReasons:
    22.                 0:
    23.                     CA92.1
    24.         3:
    25.             NSPrivacyAccessedAPIType:
    26.                 NSPrivacyAccessedAPICategoryFileTimestamp
    27.             NSPrivacyAccessedAPITypeReasons:
    28.                 0:
    29.                     0A2A.1
    30.                 1:
    31.                     C617.1
    32.  
    33.  
     
  39. Voxel-Busters

    Voxel-Busters

    Joined:
    Feb 25, 2015
    Posts:
    1,992
    For the required reason api (methods) listed in the email, do a text search in the exported xcode project to see if anything is missed.
     
  40. unity_65869D18C87D542F36E1

    unity_65869D18C87D542F36E1

    Joined:
    Mar 17, 2023
    Posts:
    2
    Thanks for responding. I've tried to resolved it but it's still sending the warning email, I've event tried adding the combination the reasons and even all of the reasons as well but same results. Is it possible that it's because of Unity Cloud Build as we are generating builds from it and uploading it to app store? Maybe that's the problem?
     
  41. VictorWozRodriguezEtermax

    VictorWozRodriguezEtermax

    Joined:
    Sep 12, 2017
    Posts:
    4
    The issue here is that the .xcprivacy you created in Assets/Plugins is moved to Unity Framework and must be in the root folder for Apple to notice it. The trick is to add your .xcprivacy to the XCode project before the IPA is created
     
  42. Voxel-Busters

    Voxel-Busters

    Joined:
    Feb 25, 2015
    Posts:
    1,992
    May be. I tried uploading from local machine to app store and don't see any warning email. May I know at what time you receive the warning email - Is it after pushing/uploading a build to appstore/testflight?

    Try locally once by archiving and uploading from xcode to confirm if it's UCB issue or not.
     
  43. Voxel-Busters

    Voxel-Busters

    Joined:
    Feb 25, 2015
    Posts:
    1,992
    I think this is not required as xcode merges and makes one by collecting the PrivacyInfo.xcprivacy files from all included frameworks. As unity merges and creates one in their framework, this should work as expected.

    However, the mentioned trick works if you have frameworks where you can't have control to accommodate/update a privacy manifest file.
     
    Last edited: May 1, 2024
  44. GustavNinja

    GustavNinja

    Joined:
    Jun 13, 2016
    Posts:
    98
    Hey It just turned May and Apple started the Privacy Manifest implementation.

    I uploaded yesterday with 2021.3.36f1 and got this warning.

    --------------------------------------
    Although submission for App Store review was successful, you may want to correct the following issues in your next submission for App Store review. Once you've corrected the issues, upload a new binary to App Store Connect.

    ITMS-91056: Invalid privacy manifest - The PrivacyInfo.xcprivacy file from the following path is invalid: “Frameworks/UnityFramework.framework/PrivacyInfo.xcprivacy”. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, keys and values in your app’s privacy manifest must be in a valid format. For more details about privacy manifest files, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files.

    Apple Developer Relations
    --------------------------------------

    Is this maybe already fixed in another later version or is this something new?
     
  45. Voxel-Busters

    Voxel-Busters

    Joined:
    Feb 25, 2015
    Posts:
    1,992
    Is this warning right after you upload the archive from xcode to appstore?
     
  46. GustavNinja

    GustavNinja

    Joined:
    Jun 13, 2016
    Posts:
    98
    No it appeared after I sent it in for review to Apple.
     
  47. JDvHulst

    JDvHulst

    Joined:
    Aug 22, 2023
    Posts:
    1
    When using the above mentioned Unity versions, when following Apple's instructions on how to check if the privacy manifest is complete (exporting a pdf), the Unity Framework is absent in de PDF.

    I noticed that while NSPrivacyAccessedAPITypes have been declared, there are no NSPrivacyCollectedDataTypes written down. I checked the exported XCode project from Unity and check the directory with the name UnityFramework where the PrivacyInfo.xcprivacy file is placed.

    As long no NSPrivacyCollectedDataTypes are defined, it won't appear in the PDF.

    Now I've got the question, do I need to? Because it's quite vague what needs to be written inside the privacy file and what not. Any other SDK I've implemented writes down the NSPrivacyAccessedAPITypes and NSPrivacyCollectedDataTypes.
    Offcourse I can trial and error test it by just ignore this fact and upload an archive to Appstore Connect and see what Apple says. However a good instruction regarding this, would help saving time going trough a trial and error process.
     
  48. Voxel-Busters

    Voxel-Busters

    Joined:
    Feb 25, 2015
    Posts:
    1,992
    PDF generated from archive (for testing) only includes if any Collected data types(Nutrition Labels) are listed in any of the .xcprivacy files. Else, it's just an empty file (if your final merged .xcprivacy file contains only required apis entries).

    As unity's base framework doesn't collect any data (as per their .xcprivacy declaration), the generated pdf from archive won't have any entries. It will have entries from Unity framework if they have listed any collection data types (a.k.a nutrition labels).

    If you notice, most of the plugin tools/utilities just declare only required api's entries in their .xcprivacy file and it's the duty of the developer to list the collected data types based on how they use the data provided by the plugins. However, if the plugin is a service like analytics they do need to list the collected data types too as they use/store the data externally.

    So as long as you don't collect any data, you don't need to do anything. It's not required to list again the required apis already covered by a plugin. Just delegate the responsiblity to the plugin publisher or the framework provider.

    If you still have queries on this, do let us know.
     
    JDvHulst and JuliusM like this.
  49. Destrouo

    Destrouo

    Joined:
    Dec 5, 2020
    Posts:
    1
    Hey guys i have a big problem! Unity 2021.3.38f1 when start build Xcode project i have that message :"Multiple commands produce '/Users/admin/Library/Developer/Xcode/DerivedData/Unity-iPhone-basxnjqjcqfplceenapwdrmaoskr/Build/Products/ReleaseForRunning-iphoneos/UnityFramework.framework/PrivacyInfo.xcprivacy'"

    But when i change in PrivacyInfo.xcprivacy' file mark from "UnityFramework" to "Unity-iPhone" everything fine, i can build and play... But Apple don't see that PrivacyInfo so i need your help pls
    // image
    https://ibb.co/fYH1JcM
     
    Last edited: May 9, 2024
  50. pavan1997

    pavan1997

    Joined:
    May 27, 2022
    Posts:
    2
    I am using unity as a library to integrate in the native platform. We have added manifest file in native platform. Is it necessary to add privacy manifest file in unity as well? if yes can anyone help me out on adding privacy manifest file in unity 2019.4.36f1 version. TIA
     
    garibong likes this.