Apple App Store Publication
Prepare iOS Publication
Prerequisites
- Apple Developer account
- Bundle identifier for the application
- Provisioning profile for the AppStore bound to the bundle identifier mentioned above
- Xcode
Process
- Set the following Capabilities for the Bundle identifier in the Apple Developer Portal:
- Associated Domains is used for deep linking / mobile-only feature.
- Data Protection: Complete Protection indicates the level of protection the iOS should utilize for files stored by the Access App.
- Push Notifications indicates a push notification feature.
- Download the provisioning profile from the Apple Developer Account. Name it
embedded.mobileprovision
. - Copy the provisioning profile into the provided
.xcarchive
file: - Create the
.entitlements
file for the code signing. - Sign the
.xcarchive
by executing the following command. For the Team name and Team ID, see the membership details in the Developer portal:
codesign --entitlements AccessApp.entitlements -f -s "Apple Distribution: <Team name> (<Team ID>)" <Your app>.xcarchive/Products/Applications/<your app>.app
- Open
.xcarchive
in Xcode. - In the appearing window, select Distribute App on the right side.
- Select App Store Connect as the method of distribution.
- Select destination as Upload.
- Choose the App Store Connect distribution options.
- Choose the signing options, select the certificate and App Store profile.
- Verify that the
aps-environment
capability is listed before uploading to App Store Connect in case you're using push notifications. - Click the Upload button to upload your configuration.
Privacy information
During the WWDC 2023 event, Apple revealed a significant update that from Spring 2024 onwards, developers will be mandated to disclose the rationale behind their utilization of specific APIs, termed Required Reason APIs, within privacy manifest files. These APIs have the potential to be exploited for gathering data concerning users' devices.
Privacy manifest files serve as a platform for developers to outline their privacy methodologies, detailing:
- The data collected by their application or SDK and the intended purpose.
- The Required Reason API integrated into their application or SDK and the justification for their incorporation.
In this article, we will provide a description about the privacy manifest file tailored for our Access App, detailing its structure and content.
Privacy manifest file in the Nevis Mobile Authentication SDK
The iOS SDK contains a privacy manifest file from the 3.6.5 version onwards.
Every privacy manifest file must include the following keys as mandated by Apple.
NSPrivacyTracking
The SDK does not utilize the gathered data for tracking purposes, thus the NSPrivacyTracking
key is configured to false
.
<!-- Privacy manifest file for iOS Nevis Access App -->
<key>NSPrivacyTracking</key>
<false/>
NSPrivacyTrackingDomains
The NSPrivacyTrackingDomains
key is not utilized by our iOS SDK. This key is typically employed to declare the domains associated with tracking for the purpose of user consent in tracking scenarios. However, since our app does not engage in tracking activities, this key is unused.
<!-- Privacy manifest file for iOS Nevis Access App -->
<key>NSPrivacyTrackingDomains</key>
<array/>
NSPrivacyCollectedDataTypes
Apple has provided a list of data types which could potentially identify or track a user or device when gathered. The Nevis Access App utilizes several items from this list: DeviceID
, and UserID
. Additionally, it is required to specify the purpose behind collecting this data. In the case of the Access App, the collected data serves the purpose of supporting app functionality and analytics. This information is documented in our privacy manifest file.
<key>NSPrivacyCollectedDataTypes</key>
<array>
<dict>
<key>NSPrivacyCollectedDataType</key>
<string>NSPrivacyCollectedDataTypeDeviceID</string>
<key>NSPrivacyCollectedDataTypeLinked</key>
<true/>
<key>NSPrivacyCollectedDataTypeTracking</key>
<false/>
<key>NSPrivacyCollectedDataTypePurposes</key>
<array>
<string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
</array>
</dict>
<dict>
<key>NSPrivacyCollectedDataType</key>
<string>NSPrivacyCollectedDataTypeUserID</string>
<key>NSPrivacyCollectedDataTypeLinked</key>
<true/>
<key>NSPrivacyCollectedDataTypeTracking</key>
<false/>
<key>NSPrivacyCollectedDataTypePurposes</key>
<array>
<string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
</array>
</dict>
</array>
NSPrivacyAccessedAPITypes
The only Required Reason API that the SDK uses is the File Timestamp.
<!-- Privacy manifest file for iOS Nevis Access App -->
<key>NSPrivacyAccessedAPITypes</key>
<array>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>C617.1</string>
</array>
</dict>
</array>