A Privacy Label for TikTok
Apple is creating new tools around third-party SDK use to simplify developer software pipelines, like Privacy Label generation.
When developers build their apps, they often use third-party SDKs to implement different features. These can add up quickly and cause some difficulties when tracking down privacy implications for each one or for when it's time to update a specific SDK.
In one part of Apple's WWDC State of the Union address, details were shared targeting third-party SDKs and developer tools around them. Apple introduced two new tools that help both users and developers.
The first tool lets developers create a privacy manifest that details all of the privacy practices of their used third-party SDKs. It is produced in a single standard format that makes it easier for developers to determine what should be displayed on a Privacy Label for the App Store.
Also, developers that wish to use third-party APIs that are known for fingerprinting users will have to provide a reason. Apps must accurately describe their intended use and can only use the API for that reason within the app.
The second tool is signatures for SDKs. This enables developers to confirm that an SDK update or file they are downloading belongs to the same developer as the original SDK.
The goal of these tools is to ensure both developers and users understand the privacy implications of apps and prevent malicious SDKs from being used. Apple sees this as a win-win for developers and users.