Official Apple privacy manifest updates for Unity Engine

Introduction

At WWDC 2023 Apple announced a number of additions to its privacy program, including the introduction of Privacy Manifests.

Since then, we have been collecting your questions, as well as seeking clarity from Apple about how this impacts development with the Unity Engine. This thread will be updated to provide information on how Unity will be helping Apple app developers with these new requirements.

What is this about?

The Privacy Manifest is a text file that outlines privacy practices of first or third-party code.
A Privacy Manifest file can contain:

• Data usage: This explains the data collection purposes of your Application or SDK. Think about this as a representation of “privacy nutrition labels” and app tracking.
• Access to Required Reasons APIs: These are APIs with the potential for misuse, so Apple needs to know why your code calls them. Failing to declare these APIs may in the future result in your app update being rejected from the App Store.

The current Apple guidelines (from December 2023) state that from Spring 2024 new apps and app updates must at least:

1. Describe their use of Required Reason API, or they “won’t be accepted by AppStore Connect”
2. Include the Privacy Manifest for any Commonly-used SDK. Commonly used 3rd-party SDKs (as defined by Apple here) will require a Privacy Manifest and in some cases, a digital signature. UnityFramework is in this initial list, and we can confirm we will be providing Privacy Manifest details covering the Unity Engine core APIs in 2021+ LTS versions.

These apply to: iOS, iPadOS, tvOS, visionOS, and watchOS.

The changes noted here apply to the Unity Engine core only. That is the platform support without any built-in or third party packages or plugins. Package and plugin owners will be addressing any required changes for their product themselves.

Note: This post provides general information about the privacy manifests and Unity’s plan for supporting developers in its implementation. It is important that you review Apple’s documentation before you create a privacy manifest for your project.

Unity Engine support plan

From today and through Q1 2024 we will be publishing documentation and shipping Engine updates to help with Privacy Manifests. We will release more information as it becomes available.

Unity 2021 LTS will be the minimum version with officially supported Unity Engine Required Reasons API compatibility. We recommend that you upgrade your project to the latest patch version to receive upcoming additions.

Supported versions will cover:

• [Available today] Unity Engine core Required Reason Privacy Manifest entries & related Documentation. See them here. This covers Unity Engine core’s internal usage of Required Reasons APIs.
• [Available today] Documentation for C# methods that map to Required Reason APIs. If you use one of these, you will need to declare a Reason. See them here.
• [Available today] Fixes to the Unity Engine core to comply with Required Reasons. We are updating the Engine to use fewer Required Reason APIs. This change is available in Unity 2021.3.34f1, 2022.3.16f1 and 2023.2.5f1 releases. This is an internal change, so it is not mentioned in the release notes. This change requires a Unity Editor update.
• [Available today] Solution to incorporate Privacy Manifests coming from Unity plugins, packages and your project. This change is available in Unity 2021.3.35f1, 2022.3.18f1 and 2023.2.7f1 releases. The release notes state "Add Apple Privacy Manifest support". This change requires a Unity editor update.
• [Available today] Addition of 35F9.1 reason for the Required Reason APIs used within Unity Engine core. This change is available in Unity 2021.3.36f1, 2022.3.21f1 and 2023.2.13f1 releases. The release notes state "Added missing privacy manifest entry for System Boot time API usage". This change requires a Unity editor update.
• [Work in progress] We will sign Unity Engine libraries within UnityFramework. We expect this change to be available in Unity 2021/2022/2023 forthcoming patch releases This change will require a Unity editor update. This is not required. See new posts for details.

Unity Engine & Privacy Manifests

An Apple Unity application can contain multiple frameworks (eg Ads or Social SDKs). Each framework can contain a single Privacy Manifest file. Out of the box, Unity applications have a single framework for the Unity project, called UnityFramework. Multiple Privacy Manifest files coming from different plugins, packages integrated into your Unity project, or first-party (your Unity project) will have to be combined into a single Privacy Manifest file inside of Unity Framework. Future Unity versions will do this automatically, but Unity developers with projects stuck on older Unity versions will have to do this manually.

Note: It is your responsibility to check the accuracy of the privacy manifest of the Unity Framework.

Continue reading to learn about our support plans and how to manually collect Privacy Manifest information from different sources.



You can do this now - Audit & Prepare

Below are initial guidelines on how you can audit your code in a Unity project or a plugin / package. We will continue to update this post as new information is made available.

The Required Reasons APIs in Unity application can be called in two ways

1. Natively
2. Through a C# method:

Make sure to check both use cases when auditing your code.

If you are a Unity Game/App Developer

1. Consider updating your project to the latest patch version of your supported LTS. This way you will be ready to receive relevant updates.
2. Identify any third party SDKs that you use. Please see the documentation or contact the owners of these SDKs to check if they need to have a Privacy Manifest. If they use a Required Reason API, they must have a Privacy Manifest. You will have to update these SDKs to newer versions that provide Privacy Manifest.
3. Audit Required Reasons API usage - Any inclusion of a Required Reason API call in your app, even if dormant, will require a reason declaration in the manifest.
   • Examine any of your first-party native code or libraries for any calls for Required Reason APIs.
   • Examine your C# code - are you using any calls from this list.
   • You will need to add your reasons for calling any Required Reason API either within the native or the C# space.
4. (if applicable) Audit your own privacy practices [Apple Docs] for data use and add this information to the privacy manifest file.
5. Create a Privacy Manifest in Xcode and include the above information in the privacy manifest file.
6. Save this file into your Unity project under the Plugins folder. In latest versions of Unity Editor 2021, 2022 and 2023 this file is merged into the Unity Framework Privacy Manifest during project build.

Our documentation page includes these instructions as well.

Special case - Unity as a Library

If you have additional first-party data collection/Required Reasons practices that happen outside the Unity project you will need to create a top-level main app privacy manifest and add those there.

If you are a Plugin/Package/SDK owner

You may be providing a service or package to be included inside a Unity project. Examples: an ad network, social network, or Asset Store package that contains code. Below are our suggestions based on your product delivery type. Our documentation page includes these instructions as well.

My product is delivered as a .framework

Steps:

1. Audit Required Reasons API usage
   • Examine any native code, or native library of yours for usage.
2. (if applicable) Audit your SDKs privacy practices [Apple Docs] for data use and collect this information.
3. Include the above information in your framework’s privacy manifest file as directed by Apple.
4. Release a new version of your SDK Framework.

My product is NOT delivered as a .framework

Consider delivering your product as a .framework.
If this is not possible:

1. Audit Required Reasons API usage.
   • Examine any native code, or native library of yours for usage.
   • Examine your C# code - are you using any calls from this list.
   • You will need to add your reasons for calling any API either within the native or the C# space.
2. (if applicable) Audit your privacy practices [Apple Docs] for data use.
3. Create a Privacy Manifest in Xcode and include the above information in the privacy manifest file.
4. Save it inside your plugin folder eg Plugins/<YOURPRODUCTNAME>.xcprivacy file. In latest versions of Unity Editor 2021, 2022 and 2023 this file is merged into the Unity Framework Privacy Manifest during export.
5. Release a new version of your Plugin/Package.

Here is a visual representation of our suggestions



Troubleshooting

1. Will XYZ sdk/plugin/package I use in my Unity project provide a Privacy Manifest?
   • Each sdk/plugin/package owner is responsible for providing this information for their code. Check the latest documentation of sdk/plugin/package or contact their owner.
2. UnityFramework has been identified as a ‘commonly used SDK’ in need of Privacy Manifest.
   • We are aware of this and we will be providing documentation and Unity editor updates containing the Engine’s Privacy Manifest information for supported Unity Engine versions.
3. UnityFramework has been identified as a ‘commonly used SDK’ in need of a signature.
   • Aside from Unity libraries, UnityFramework also contains your code and any 3rd party plugins that you include in your Unity project. This framework is automatically signed when you build your project on your machine. To fulfil Apple's requirements, Unity will sign only Unity libraries within UnityFramework. We will implement this in future patch releases for supported Unity Engine versions. Apple has confirmed we don't need to sign Unity libraries for now.
4. I’m using an older Unity version than Unity 2021 LTS and I can’t upgrade.
   • We will be providing extensive documentation only for officially supported Unity versions. You can attempt to use it with older Unity versions, but we are unable to guarantee it would work or be accurate.
5. (Third party) Apple/Cocoapods Frameworks’ PrivacyInfo.xcprivacy is not included in the build if it is linked statically to another framework. This issue is not specific to Unity projects.
   • You should place your framework in XCFramework if you plan to statically link it. This way Xcode will include the privacy manifest from your statically linked framework. However, this still does not work for Cocoapods.

 

Hello everyone. We have two updates to this thread.

1. We are progressing with our support plan and currently we are implementing a solution to incorporate Privacy Manifests coming from Unity plugins, packages and your project into a single Privacy Manifest file within Unity Framework. Unity will also automatically include relevant reasons for Required Reason APIs used within the Unity Engine core. As we outlined in the support plan, this feature will be implemented in all currently supported Unity releases starting with Unity 2021. We will update this thread again once we know exact version numbers which will contain this feature.
2. Apple's requirements page also lists a requirement for commonly used SDK providers to sign their SDKs. We are planning to sign Unity libraries within Unity Framework to be compliant with this requirement. Unity Framework itself can't be signed by us, because it contains your code, 3rd party plugins and it is compiled on your machine. This work is just planned for now, so it will be available in some future patch releases.

 

Another small update.

The solution to merge Privacy Manifests into a single file within Unity Framework (including relevant reasons from Unity Engine core) should be available in Unity 2021.3.35f1, 2022.3.18f1 and 2023.2.7f1 releases. The release notes will state "Add Apple Privacy Manifest support".

 

Hi, based on our understanding, you must always specify reasons for all Required Reasons APIs present within your code. This information is used to inform the developer who uses your code. Therefore Privacy Manifest provided alongside your code should be static. You should not care which part of your code the developer ends up using.

Now to directly answer your questions:

1. We don't support modifying Privacy Manifest files during build time. You could use post processing to do modifications, but that is not recommended. Note that you would have to modify the Privacy Manifest file in the Unity Framework.
2. Unity expects the Plugins/<YOURPRODUCTNAME>.xcprivacy file to be a valid Privacy Manifest file. We recommend to create this file in Xcode.
3. Correct. These manifests are used to inform the developer who uses your code. So if your code calls any of the Required Reasons APIs, you have to provide reasons for it, regardless whether the developer has logic which goes through that code path of not. We are in the same situation, where we will always specify reasons for Required Reasons APIs present in our source code (see the bottom of this page https://docs.unity3d.com/Manual/apple-privacy-manifest-policy.html) regardless whether that feature is used or not.

 

Apple's page https://developer.apple.com/support/third-party-SDK-requirements/ says

We don't know how Apple will treat an app update built with the same or different Unity version. If Apple will consider that as an update which doesn't add a new SDK, then you could be fine even when using an old Unity version, but we don't know if that will be the case. The safer approach would be to publish updates for your old apps before the spring.

Privacy manifest is just a file inside of the Xcode project. As long as you know what has to be written to it, you can always create it yourself. The actual problems are these: 1) knowing what to write to it 2) the code must be using Required Reasons APIs only for the allowed reasons 3) requirement to sign SDKs.
As already mentioned in one of the previous comments, solving 1 and 2 on your own will be either very difficult or impossible. 3rd problem can be solved only by the SDK provider.

 

We list reasons for Required Reasons APIs used within Unity Engine core at the bottom of this page https://docs.unity3d.com/Manual/apple-privacy-manifest-policy.html
We haven't checked if these reasons are valid and cover all Required Reasons APIs in unsupported Unity versions, but at least this can be a start for people who are determined to find workarounds for the requirement on unsupported Unity versions.

 

Hi, thanks for raising these questions.
1. The descriptions you see in Xcode are added by the Xcode. We declare only the reason code. From our perspective everything is ok with this reason.
2. That's a good notice. It is an oversight on our side. We need to add this reason to our privacy manifest. Our documentation is correct. We will fix this.

 

Please read the original post in this thread again, especially the "If you are a Plugin/Package/SDK owner" part.
There are only two ways your plugin can be integrated in Unity application. Either you provide a .framework in which case your Privacy Manifest file would be placed in that framework, or your code ends up in Unity Framework in Xcode alongside our code, app developer's code and other Unity plugins' code. There can be only a single Privacy Manifest file per framework, so if your code ends up in Unity Framework, your Privacy Manifest entries have to be merged with entries from other sources. As described in our documentation and the original post in this thread, Unity Editor will automatically merge .xcprivacy files from Unity project into this single Privacy Manifest file in Unity Framework. So you should just add a .xcprivacy file to your plugins which need to declare privacy information.

I want to repeat that the purpose of the Privacy Manifest is to inform the app developer of everything that the SDK / Plugin could do. The original Apple's announcement https://developer.apple.com/news/?id=av1nevon said

It doesn't matter if the app developer doesn't use the functionality of the SDK / Plugin that requires an entry in the Privacy Manifest file. The Privacy Manifest file must always contain required entries for the code that is provided to the app developer. As an example, Unity will always add "CA92.1" reason to the Privacy Manifest for accessing user defaults API. In Unity Engine core this is used only by the PlayerPrefs API, but it doesn't matter if the app developer uses this API or not - the entry will always be present in the Privacy Manifest file. I hope this clears things up for you.

 

Hello everyone,

We want to give you an update on where we are regarding Apple's privacy requirements.

Requirement to provide Privacy Manifest
The latest Unity Editor versions can already handle Privacy Manifests and also automatically add most of Required Reasons for APIs used within Unity Engine core. We still need to add reason 35F9.1 to the Privacy Manifest, which we expect to be done in Unity 2023.2.13, 2022.3.21 and 2021.3.36. The release notes will state "Added missing privacy manifest entry for System Boot time API usage".

Requirement to sign Unity libraries
We are discussing with Apple if this requirement is really applicable to Unity libraries. It seems we won't need to move Unity Engine core libraries into a separate framework in order to sign them, because we don't distribute them separately as a dynamic dependency. We expect to get a final confirmation from Apple next week.

We will keep you updated.

 

Hello everyone,

We have some updates after our discussions with Apple.

• We have confirmation that UnityFramework does not need to be signed and Unity Engine core libraries can remain in UnityFramework without being signed. We will continue to investigate the feasibility of signing the Engine core libraries as a separate feature, no longer tied to the current privacy requirements from Apple.
• UnityFramework will still be included in the "commonly used third-party SDK" list on Apple’s side as we need to comply with the privacy manifest requirements.

Apple has published an update with deadlines for compliance. Starting March 13, Apple will start sending out email notifications for missing reasons in the app's privacy manifest and if not addressed, this will prevent app updates starting May 1.

Apple states you are responsible for all code included in your apps. When uploading an app, Apple requires you to declare your first-party collected data, provide reasons for your own usage of the required reasons APIs and ensure newly added commonly used third-party SDKs and frameworks comply with Apple’s privacy requirements.

If you get notified about missing reasons or signatures, you have to declare your own reasons and / or update third-party dependencies to versions which meet Apple’s requirements.

What does this mean for updates of already published apps?

All apps made with Unity Editor contain UnityFramework. Based on the current requirements, such apps published before Spring 2024 can be updated without including reasons for the required reason APIs used by the Unity Engine core. This means you could continue to use older Unity Editor versions for now. Please bear in mind Apple may change their third-party SDK requirements in the future, so we strongly recommend to upgrade to Unity version 2021.3.36f1, 2022.3.21f1, 2023.2.13f1 or newer, which

• automatically handles privacy manifests from Unity packages and plugins included in your project
• declares reasons for the required reason APIs used by the Unity Engine core

 

@kontaka3 Hey,
We plan to support .xcframework in the near future, but I don't have an ETA. The changes are rather simple, xcframeworks will function the same as frameworks.

 

Thank you for flagging this; we have raised it internally.

 

Quick comment to say this should have an update pretty soon.