Data privacy has often taken a back seat in the mobile game domain, where apps and games historically gathered user data, sometimes sidestepping consent protocols even in regulated areas.

The introduction of the Digital Markets Act (DMA) marks a significant change, especially within European digital markets, mandating that major tech entities like Alphabet, Amazon, Apple, and Meta — collectively servicing billions of mobile users — adopt stringent data privacy measures and enforce compliance among all third-party users. 

This means advertisers using platforms like Google or Facebook must secure valid user consent and demonstrate this compliance directly to these companies. In response, Google has recently updated its consent policies, mandating the use of a certified consent management platform (CMP) in both websites and apps.

Amidst these shifts, Apple has rolled out a new framework known as Privacy Manifests. This initiative is part of a broader strategy to increase transparency around data usage within apps on its platforms. For game developers, the introduction of Privacy Manifests represents a significant pivot in how player data must be handled, documented, and disclosed. 

This article dives into the intricacies of Privacy Manifests, aiming to unpack their implications, requirements, and the steps developers need to take to align with these new standards.

‍

What Are Apple Privacy Manifests?

The Apple Privacy Manifest is a structured file developers must include in their apps that records all the data collection and usage practices associated with them. The primary aim is to provide both Apple and the app's users with a clear, unambiguous view of the privacy practices being employed, and outline how and why user data is collected and used.

The contents of a Privacy Manifest include several key elements:

• Types of Data Collected: The manifest must detail every type of data the app collects. This includes both data directly input by users, such as names and email addresses, and data collected in the background, such as location or usage statistics.
• Purposes of Data Collection: Beyond merely listing the data types, the manifest requires developers to specify the reasons for collecting each data type. Regardless if it is used for improving user experience, personalizing content, advertising, or other purposes, the rationale must be explicitly stated.
• Data Sharing Practices: If the app shares data with third parties, the Privacy Manifest must disclose this. It should outline which third parties receive data and for what purposes they use it.
• API Usage: Any APIs used for accessing data must be declared. This includes detailing any APIs that might allow for data to be shared or collected across platforms or services.
• Tracking Information: The manifest must also clarify whether the collected data is used for tracking purposes, as defined under Apple's guidelines. This is particularly relevant for user acquisition and analytics, where user activity may be monitored across different apps and websites.

The introduction of Privacy Manifests is part of Apple's broader initiative to ensure that users have a better understanding and control over their personal information. By requiring developers to be transparent about their data handling practices, Apple aims to foster a safer, more privacy-conscious app environment.

‍

What Is the Purpose of Apple Privacy Manifests?

The spring 2024 introduction of Privacy Manifests marks a significant step in its longstanding commitment to enhance user privacy and security. At the heart of this initiative is the effort to curb a pervasive but often overlooked practice known as fingerprinting. 

What is Fingerprinting?

Fingerprinting involves collecting unique information from users' devices—such as operating system details, browser fingerprints, and other hardware identifiers—to create a detailed profile of an individual without their explicit consent. This profile can then be used to track the user across different websites and apps, typically for targeted advertising or behavioral analysis.

Fingerprinting can occur without the user's knowledge, using seemingly innocuous device data to create a tracking mechanism that is difficult to escape. This tracking method is more covert than traditional cookies and has been used by advertisers and analytics companies to gather deep insights into user behavior. However, the depth of data collected poses significant privacy risks, making users vulnerable to surveillance and data misuse.

Apple's stance against fingerprinting aligns with its broader privacy-first philosophy. The company has repeatedly emphasized the importance of user privacy as a fundamental right, not just a feature. With the iOS Privacy Manifests, Apple seeks to enforce clearer and more transparent data practices.

‍

What Effect Will Privacy Manifests Have on User Acquisition?

The implications of Apple's Privacy Manifests are profound, particularly for user acquisition managers. The traditional strategies that relied on extensive data collection and user profiling without clear consent are no longer viable under the new regulations.

These changes confront the industry's reliance on real-time probabilistic attribution, compelling advertisers, ad networks, and Mobile Measurement Partners (MMPs) to adopt Apple's SKAdNetwork (SKAN) for attribution (more on that in one of our next articles). 

This shift is expected to halt the widespread practices of collecting device information, app activity, compiling user profiles, and targeting users based on their behavior. Consequently, advertisers will need to collaborate with partners that specialize in optimizing campaigns within the framework of privacy compliance.

‍

Who Needs to Implement the Privacy Manifest?

Starting May 1, 2024, every app will be required to have a privacy manifest, and the responsibility extends beyond the app developers to the SDKs they incorporate. These SDKs must also produce their own privacy manifests, which are then integrated into the privacy manifest of the app using them.

Failure to adhere to Apple’s privacy guidelines can lead to significant delays in app approval or outright rejection during the App Store review process.

Apple continues to refine its guidance on privacy manifests with updates emerging every week. As these updates provide more specifics, there is increasing evidence that tracking domains are being blocked starting May 1, signaling a shift away from practices like fingerprinting.

‍

Next Steps: Preparing Your App for Apple Privacy Manifest Compliance

Starting May 1, Apple mandates that all apps must have a completed privacy manifest. This change marks a significant step in Apple's ongoing efforts to eliminate fingerprinting practices. According to the latest guidelines from Apple, fingerprinting is prohibited, regardless of whether users have granted tracking permissions to your app.

As we adapt to these regulations, here are the essential steps app developers should follow:

• Develop a Comprehensive Privacy Manifest: Ensure that your app has a detailed privacy manifest that lists all the required reason APIs and any tracking domains. This document must comprehensively outline how each type of data is used and the implications for user privacy. You can learn more about compiling the privacy manifest here.
• Ensure Third-Party SDK Compliance: If your app integrates third-party SDKs, each must also have its own privacy manifest. This manifest should be an integral part of the SDK and must detail the functional and privacy impacts of the SDK. App developers should actively verify that these third-party privacy manifests are included and understand their contents, as Apple holds app developers responsible for the privacy practices of their third-party SDKs.
• Implement SKAN Conversion Values: Start integrating both fine-grained and coarse-grained SKAN conversion values. SKAN, or SKAdNetwork, is set to become the standard for iOS user acquisition by 2024.  Familiarize yourself with its functionality, which includes multi-touch attribution, publisher transparency, re-download measurement capabilities, and support for both view-through and click-through tracking models.
• Adopt SKAN for User Acquisition: Embrace SKAN early, recognizing its advantages such as enhanced transparency, unbiased measurement free from the self-reporting network (SRN) or self-attributing network (SAN) bias, and reduced fraud risk.

These steps are not just about compliance; they also represent an opportunity to refine your app’s approach to user privacy and data security. By preparing thoroughly for these changes, developers can ensure their apps are not only compliant with Apple’s regulations but also positioned to offer a transparent, secure user experience that can enhance trust and user retention.

‍

Elevate Your User Acquisition Strategy in the Privacy-First Era

Navigating the evolving landscape of data privacy, especially with the recent introduction of Apple's Privacy Manifests, presents a complex challenge for game developers. Ensuring compliance while maintaining effective user acquisition (UA) campaigns requires a comprehensive understanding of technical requirements and strategic marketing implications.

GameBiz Consulting is here to help you navigate these changes. Our expertise in mobile game marketing and deep understanding of Apple's privacy requirements positions us uniquely to assist your team. Whether you're looking to integrate Privacy Manifests, adapt your UA strategies to leverage SKAdNetwork effectively or ensure that your game complies with the latest privacy laws, our consultants are equipped to guide you.

Let us help you comply with these new regulations and thrive under them. We can help ensure that your UA campaigns are robust, your game development is smooth, and your player base grows—all within the framework of the latest privacy standards. Reach out today to learn how we can support your journey through Apple’s privacy changes and help you achieve a competitive edge in the gaming industry.