Skip to main content
In WWDC 2023, Apple announced that starting Spring 2024, it will require its developers to declare the reasons for using certain APIs (aka Required Reason APIs) that could be misused to collect data about users’ devices within privacy manifest files. Privacy manifest files allow developers to describe their privacy practices:
  • Data that their app or SDK collects and its purpose.
  • Required Reason APIs that their app or SDK uses and the reason for using them.
Important note: the privacy manifest file and the privacy nutrition labels are two separate things - the privacy manifest is a ‘plist’ file bundled with the app/SDK, while the Nutrition Labels are what developers fill out in App Store Connect before submission. The privacy manifest report generated by Xcode can help populate the labels more accurately, but developers still need to manually apply the correct labels in the submission interface.
In this article, we will walk you through the privacy manifest file for Fingerprint iOS SDK and share guidance on App Store Nutrition Labels to help you complete them in App Store Connect before submission.

Privacy Manifest File for Fingerprint Identification SDK

Starting with v2.3.2, the Fingerprint Identification SDK for iOS includes a privacy manifest file. Apple requires that every privacy manifest file contains the following keys.

NSPrivacyTracking

Fingerprint Identification SDK does not use the collected data for tracking, and hence, the NSPrivacyTracking key is set to false.
XML
{/*  Privacy manifest file for Fingerprint Identification SDK for iOS  */}
<key>NSPrivacyTracking</key>
<false/>

NSPrivacyTrackingDomains

Fingerprint Identification SDK for iOS does not connect with any Internet domains that engage in tracking users. The NSPrivacyTrackingDomains key is set to an empty array of domains.
XML
{/*  Privacy manifest file for Fingerprint Identification SDK for iOS  */}
<key>NSPrivacyTrackingDomains</key>
<array/>

NSPrivacyCollectedDataTypes

Apple has identified a list of data types that, when collected, may help to identify/track the device. These are the data types our iOS SDK collects from the device:
  • NSPrivacyCollectedDataTypeDeviceID - device ID; such as the device’s advertising identifier, or other device-level ID.
  • NSPrivacyCollectedDataTypePreciseLocation - precise location; information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places (started collecting since iOS SDK 2.10.0).
  • NSPrivacyCollectedDataTypeCoarseLocation - coarse location; information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services (started collecting since iOS SDK v2.10.0).
Apple also requires describing data use in privacy manifests as part of this dictionary item. This data is represented in the NSPrivacyCollectedDataTypes key in our privacy manifest file:
XML
{/*  Privacy manifest file for Fingerprint Identification SDK for iOS  */}
<key>NSPrivacyCollectedDataTypes</key>
<array>
  <dict>
    {/*  The value provided by Apple for 'Device ID' data type  */}
    <key>NSPrivacyCollectedDataType</key>
    <string>NSPrivacyCollectedDataTypeDeviceID</string>

    {/*  Fingerprint Identification SDK does not link the 'Device ID' with user's identity  */}
    <key>NSPrivacyCollectedDataTypeLinked</key>
    <false/>

    {/*  Fingerprint Identification SDK does not use 'Device ID' for tracking  */}
    <key>NSPrivacyCollectedDataTypeTracking</key>
    <false/>

    {/*  Fingerprint Identification SDK uses 'Device ID' for App Functionality
         (prevent fraud and implement security measures)  */}
    <key>NSPrivacyCollectedDataTypePurposes</key>
    <array>
      <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
    </array>

  <dict>
    {/*  The value provided by Apple for 'Precise Location' data type  */}
    <key>NSPrivacyCollectedDataType</key>
    <string>NSPrivacyCollectedDataTypePreciseLocation</string>

    {/*  Fingerprint Identification SDK does not link the 'Precise Location' with user's identity  */}
    <key>NSPrivacyCollectedDataTypeLinked</key>
    <false/>

    {/*  Fingerprint Identification SDK does not use 'Precise Location' for tracking  */}
    <key>NSPrivacyCollectedDataTypeTracking</key>
    <false/>

    {/*  Fingerprint Identification SDK uses 'Precise Location' for App Functionality
         (prevent fraud and implement security measures)  */}
    <key>NSPrivacyCollectedDataTypePurposes</key>
    <array>
      <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
    </array>
  </dict>

  <dict>
    {/*  The value provided by Apple for 'Coarse Location' data type  */}
    <key>NSPrivacyCollectedDataType</key>
    <string>NSPrivacyCollectedDataTypeCoarseLocation</string>

    {/*  Fingerprint Identification SDK does not link the 'Coarse Location' with user's identity  */}
    <key>NSPrivacyCollectedDataTypeLinked</key>
    <false/>

    {/*  Fingerprint Identification SDK does not use 'Coarse Location' for tracking  */}
    <key>NSPrivacyCollectedDataTypeTracking</key>
    <false/>

    {/*  Fingerprint Identification SDK uses 'Coarse Location' for App Functionality
         (prevent fraud and implement security measures)  */}
    <key>NSPrivacyCollectedDataTypePurposes</key>
    <array>
      <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
    </array>
  </dict>
</array>

NSPrivacyAccessedAPITypes

Fingerprint Identification SDK for iOS uses the following Required Reason APIs which have to be included in the privacy manifest file:
  1. File timestamp APIs
  2. System boot time APIs
XML
{/*  Privacy manifest file for Fingerprint Identification SDK for iOS  */}
<key>NSPrivacyAccessedAPITypes</key>
<array>
  <dict>
    {/*  The value provided by Apple for 'System boot time APIs'  */}
    <key>NSPrivacyAccessedAPIType</key>
    <string>NSPrivacyAccessedAPICategorySystemBootTime</string>

    {/*  Fingerprint Identification SDK uses 'System boot time APIs' to measure the amount of
          time that has elapsed between events that occurred within the SDK  */}
    <key>NSPrivacyAccessedAPITypeReasons</key>
    <array>
      <string>35F9.1</string>
    </array>
  </dict>
  <dict>
    {/*  The value provided by Apple for 'File timestamp APIs'  */}
    <key>NSPrivacyAccessedAPIType</key>
    <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>

    {/*  Fingerprint Identification SDK uses 'File timestamp APIs' to manage persistent cache
         data  */}
    <key>NSPrivacyAccessedAPITypeReasons</key>
    <array>
      <string>C617.1</string>
    </array>
  </dict>
</array>

Privacy Manifest File for your App

Below, you will find answers to some of the most frequently asked questions with respect to creating privacy manifest files for your iOS apps: My app uses Fingerprint Identification SDK, but the app itself does not collect any sensitive data. It also does not use any of the Required Reason APIs. Should I still provide a privacy manifest file for my app?
  • No. According to Apple documentation, your app’s privacy manifest file doesn’t need to cover data collected by third-party SDKs that your app links to.
My app uses Fingerprint Identification SDK. The app also collects the same data as the SDK for the same purpose specified in the SDK’s privacy manifest file. Should I still provide a privacy manifest file for my app?
  • Yes. Apple will aggregate the privacy manifest files provided for your app and all the third-party SDKs your app links to. See Create your app’s privacy report for more information.
My app uses Fingerprint Identification SDK. What kind of assistance can Fingerprint provide towards submitting my app for review?
  • This page is a good starting point for creating the privacy manifest file for your app. For a complete privacy manifest example, you can also refer to the privacy manifest file of our demo app.
  • We can review the privacy manifest file for your app to ensure that the use of Fingerprint Identification SDK is represented correctly.
  • During the app submission process, we will help you answer any questions Apple raises about the data collected/processed by Fingerprint Identification SDK.

App Store Nutrition Labels Guidance for Your App

If your app includes Fingerprint iOS SDK, then you can use the following as a reference to fill out the Nutrition Labels in App Store Connect:

Data Collection and Security

QuestionAnswer
Does your app collect or share any of the required data types?Yes
Is all collected data encrypted in transit?Yes

Data types

Apple Data CategoryFingerprint iOS SDK Relevance
Device IDYes - the SDK collects device-level identifiers
Precise LocationYes - collected since iOS SDK v2.10.0 (requires user consent for permissions)
Coarse LocationYes - collected since iOS SDK v2.10.0 (requires user consent for permissions)

Data Usage and Handling

QuestionDevice IDPrecise LocationCoarse Location
Collected, shared, or both?CollectedCollectedCollected
Linked to the user’s identity?NoNoNo
Used for tracking?NoNoNo
Primary purpose?App Functionality (Fraud Prevention, Security)App Functionality (Fraud Prevention, Security)App Functionality (Fraud Prevention, Security)
Note: Apple clarifies that even if data is collected solely for your app functionality, it still must be declared - the purpose just needs to be accurately indicated as “App Functionality” rather than advertising or analytics, see for reference App privacy details on the App Store.

What’s Different from the Privacy Manifest

Privacy ManifestApp Privacy Nutrition Labels
Where?Bundled inside the SDK/app binaryFilled out in App Store Connect
Who fills it out?SDK vendor (Fingerprint provides it in starting iOS SDK v2.3.2+)App developer (you)
When required?At build/distribution timeAt app submission time
Covers SDK data?Yes, automatically aggregated by XcodeYes, but must be manually applied
Below, you will find answers to some of the most frequently asked questions with respect to filling out Nutrition Labels for your iOS apps: Do I need to declare Fingerprint’s data in my app’s Privacy Nutrition Label even if the SDK has its own privacy manifest?
  • Yes. While the Fingerprint SDK’s privacy manifest will be combined with your app’s manifest by Xcode into a single report, you are still responsible for applying the correct Nutrition Labels in App Store Connect. The manifest report helps you fill this out accurately, but it does not automatically populate the labels.
Is using Fingerprint considered ‘tracking’ under Apple’s definition?
  • No. Apple’s guidelines specify that sharing data with a data broker that uses it solely for fraud detection or prevention or security purposes is not considered tracking. Since Fingerprint is used for fraud prevention and security, neither NSPrivacyTracking nor the App Tracking Transparency (ATT) prompt are required.
Who is responsible for keeping the labels accurate?
  • Developers are responsible for all code included in their apps, including third-party SDKs. If you are unsure about the data collection practices of the Fingerprint SDK, this page and Fingerprint’s support team are the right resources.