Apple privacy manifest updates for Unity Engine

Looks like 2023.2.13, 2022.3.21 and 2021.3.36 were released March 5th

1 Like

I can confirm that 35F9.1 was added in the latest release. Also the function of merging several Privacyinfo files was added as well.

1 Like

Hello everyone,

We have some updates after our discussions with Apple.

  • We have confirmation that UnityFramework does not need to be signed and Unity Engine core libraries can remain in UnityFramework without being signed. We will continue to investigate the feasibility of signing the Engine core libraries as a separate feature, no longer tied to the current privacy requirements from Apple.
  • UnityFramework will still be included in the ā€œcommonly used third-party SDKā€ list on Appleā€™s side as we need to comply with the privacy manifest requirements.

Apple has published an update with deadlines for compliance. Starting March 13, Apple will start sending out email notifications for missing reasons in the appā€™s privacy manifest and if not addressed, this will prevent app updates starting May 1.

Apple states you are responsible for all code included in your apps. When uploading an app, Apple requires you to declare your first-party collected data, provide reasons for your own usage of the required reasons APIs and ensure newly added commonly used third-party SDKs and frameworks comply with Appleā€™s privacy requirements.

If you get notified about missing reasons or signatures, you have to declare your own reasons and / or update third-party dependencies to versions which meet Appleā€™s requirements.

What does this mean for updates of already published apps?

All apps made with Unity Editor contain UnityFramework. Based on the current requirements, such apps published before Spring 2024 can be updated without including reasons for the required reason APIs used by the Unity Engine core. This means you could continue to use older Unity Editor versions for now. Please bear in mind Apple may change their third-party SDK requirements in the future, so we strongly recommend to upgrade to Unity version 2021.3.36f1, 2022.3.21f1, 2023.2.13f1 or newer, which

  • automatically handles privacy manifests from Unity packages and plugins included in your project
  • declares reasons for the required reason APIs used by the Unity Engine core
12 Likes

I provide a package that includes a .xcframework to be incorporated into a Unity project. I understand that Unity currently doesnā€™t support the xcframeworks that are compliant with Privacy Manifest (an xcframework that contains .xcprivacy and is signed with an Apple Distribution certificate). Is there any particular reason for this?
Dose Unity have any plans to support it in the future?

when I use a Privacy Manifest compliant xcframework and import it into my Unity project, meta files are generated inside the xcframework. This causes the signature verification to fail when building with Xcode, leading to a build failure.

@kontaka3 Hey,
We plan to support .xcframework in the near future, but I donā€™t have an ETA. The changes are rather simple, xcframeworks will function the same as frameworks.

2 Likes

@rytis_unity
Thank you very much for your reply.
I understand it.

If we are unable to update UnityEditor for some reason, can we simply add PrivacyManifest manually?

1 Like

You can use just this point after building from Unity and without adding the file to the Unity Project.

To exclude doing this every new build, I believe that you can automate your routine using [PostProcessBuild(0)] attribute for operational method like in this my example for App Encryption Documentation, but for Privacy Manifest file in your case.

1 Like

Thanks!
Iā€™ll refer you to it.

I use Unity 2023.1.3f1 and my app not use any API in list Required Reasons APIs
so what exactly work I have to do for build and public ios?
thank!

If you donā€™t have any usage of api methods which fall under required reasons api, just fill in nutrition labels (NSPrivacyCollectedDataTypes) entry list in the privacy manifest. If you have no data collected or used, just do nothing!

1 Like

You should post this on Photonā€™s discord for help.

We use SharpZipLib package provided by Unity: Changelog | SharpZipLib | 1.3.8

Which is a wrapper on top of the original SharpZipLib Lib: GitHub - icsharpcode/SharpZipLib: #ziplib is a Zip, GZip, Tar and BZip2 library written entirely in C# for the .NET platform.

This contains C# File and Directory API that come under Required Reasons API.

Any plans to update this?

( @rytis_unity @JuliusM )

Thank you for flagging this; we have raised it internally.

1 Like

Hey guys, Iā€™m currently using bunch of analytics SDKs in my game from which some are of older version for them I created a privacy file in Assets/Plugins and added their privacy API reasons and DataTypes from their release commits on git. The problem is that Iā€™m still getting ā€œNSPrivacyAccessedAPICategoryFileTimestampā€ API missing warning. Iā€™ve event tried to add all of the reasons in the file, Iā€™m still getting the same warning. Kindly let me know what Iā€™m doing wrong here. Thanks.

1 Like

Once you make the XCode project, open the exported folder and navigate to UnityFramework folder.
Over there you can see both .xcprivacy file along with ā€œApplePrivacyManifestsMerge.txtā€ file. It contains the log on how the unity merged the different privacy manifest files provided in the unity project. That might help you.

Let us know what you found out!

2 Likes

Quick comment to say this should have an update pretty soon.

Iā€™ve got the mail from Apple with list of API. I found ApplePrivacyManifestsMerge.txt file and there are all API from appleā€™s mail. Does it mean that Privacy Manifest contains all required API? Why did I get the warning?

I have not my own manifest at all, by the way.

Adding elements from Unity
    NSPrivacyCollectedDataTypes:
        <empty>

    NSPrivacyAccessedAPITypes:
        0:
            NSPrivacyAccessedAPIType:
                NSPrivacyAccessedAPICategorySystemBootTime
            NSPrivacyAccessedAPITypeReasons:
                0:
                    35F9.1
        1:
            NSPrivacyAccessedAPIType:
                NSPrivacyAccessedAPICategoryDiskSpace
            NSPrivacyAccessedAPITypeReasons:
                0:
                    E174.1
        2:
            NSPrivacyAccessedAPIType:
                NSPrivacyAccessedAPICategoryUserDefaults
            NSPrivacyAccessedAPITypeReasons:
                0:
                    CA92.1
        3:
            NSPrivacyAccessedAPIType:
                NSPrivacyAccessedAPICategoryFileTimestamp
            NSPrivacyAccessedAPITypeReasons:
                0:
                    0A2A.1
                1:
                    C617.1

For the required reason api (methods) listed in the email, do a text search in the exported xcode project to see if anything is missed.

Thanks for responding. Iā€™ve tried to resolved it but itā€™s still sending the warning email, Iā€™ve event tried adding the combination the reasons and even all of the reasons as well but same results. Is it possible that itā€™s because of Unity Cloud Build as we are generating builds from it and uploading it to app store? Maybe thatā€™s the problem?