iOS App Store Compliance
About 460 wordsAbout 2 min
2026-04-15
This page describes the compliance impact of integrating PPCashDeskSDK on iOS App Store review, and the actions merchants need to take.
Privacy Manifest Requirements
Privacy Manifest Included in the SDK
SDK includes Privacy Manifest
PPCashDeskSDK ships with a PrivacyInfo.xcprivacy file covering all built-in modules, including the Risk Device Fingerprint Module. Xcode automatically merges the SDK's Privacy Manifest with the app's Privacy Manifest at build time — no manual copying is required.
Apple states:
Any version of a listed SDK, as well as any SDKs that repackage those on the list, are included in the requirement.
This means that as long as the SDK itself has correctly declared its API usage, the app does not need to re-declare the APIs used internally by the SDK.
What Merchants Need to Do
- Verify the integration method: Integrate PPCashDeskSDK via CocoaPods or Swift Package Manager and confirm that the SDK's
PrivacyInfo.xcprivacyfile is included in the App Bundle. - Check the Xcode merge result: After building, review the Privacy Manifest merge log in Xcode's Report Navigator and confirm there are no errors.
- Declare app-level data separately: If the app itself (outside the SDK) collects additional data, declare it in the app's own
PrivacyInfo.xcprivacy.
Required Reason API Declarations
PPCashDeskSDK declares the following Required Reason APIs in its Privacy Manifest:
| API Category | Reason Code | Purpose |
|---|---|---|
| UserDefaults | CA92.1 | Stores SDK runtime configuration and session state |
| File Timestamp | C617.1 | Risk Device Fingerprint Module reads file timestamps for device characteristic collection |
| Disk Space | E174.1 | Risk Device Fingerprint Module reads disk space information for device characteristic collection |
Note
These APIs are used internally by the SDK. Merchants do not need to re-declare these entries in their own Privacy Manifest unless the app code independently uses the same APIs.
App Store Connect Compliance Configuration
The following configurations are required in App Store Connect due to SDK integration:
| Item | Guideline | Merchant Action |
|---|---|---|
| App Privacy Labels include SDK data collection items | 5.1.1 | Refer to the Compliance Overview data collection tables and accurately fill in SDK data types in Privacy Labels |
| Privacy Policy discloses use of PPCashDeskSDK | 5.1.2 | Describe the SDK's data types and purposes in the privacy policy, including the Risk Device Fingerprint Module |
| Review Notes explain that the SDK includes a Risk Device Fingerprint Module | 2.3.1 | Proactively disclose this to prevent reviewers from flagging it |
Changelog
| Date | Change |
|---|---|
| 2026-04-15 | Initial version |