So as we know it's nearty 1/5 and the deadline of Privacy Manifest is near, I had take care allmost of case in my project but the things is I keep getting warning emails saying that I need to state for some "required api" that I'm using in my code. Which I'm current not. So after thinking abit, I decided to look into the IPA and extract the binary version of my IPA's package content using nm command. And supprisingly I can easily saw all the "reuqired API" that stated in the email Apple send me for my release So my question is: Do we really need to handle those case too? because always the "behind the scence" things using those API and honest I can't confirm where did they run or what did they do (due to limit of time until 1/5)

how could I remove the key NSMotionUsageDescription? cause it leads some crash problem.But after I remove the key NSMotionUsageDescription, I submit to Apple Store connect,I will receive issue .TMS-90683: Missing purpose string in Info.plist - Your app’s code references one or more APIs that access sensitive user data, or the app has one or more entitlements that permit such access. The Info.plist file for the “ydbus.app” bundle should contain a NSMotionUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. If you’re using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. For details, visit: https://developer.apple.com/documentation/uikit/protecting_the_user_s_privacy/requesting_access_to_protected_resources. How could I solve the problem? I reviewed my project,I don't use the key NSMotionUsageDescription api.

Hello Apple Developer Community, I'm reaching out to seek clarification on a specific post in the forum, referenced here: https://developer.apple.com/forums/thread/743295 Lets say our current live App in App Store uses below mentioned third-party SDKs SDKs listed in commonly used SDKs: Firebase GoogleUtilities AppAuth RxSwift RxCocoa SDKs not listed in commonly used SDKs: SDK1 (uses required reason API) SDK2 (uses required reason API) SDK3 (uses required reason API) Note: All the above mentioned SDKs are already integrated in the current live app, not adding for the first time We are going to update our app soon (lets say after May 1, 2024) I have some questions: If I’m updating SDKs listed in commonly used SDKs and updating an old app that already includes these SDKs. Do I need to declare a privacy manifest file for these SDKs? If I’m not updating SDKs listed in commonly used SDKs and updating an old app that already includes these SDKs. Do i need to declare a privacy manifest file for these SDKs? If I’m updating SDKs not listed in commonly used SDKs and updating an old app that already includes these SDKs. Do I need to declare a privacy manifest file for these SDKs? If I’m not updating SDKs not listed in commonly used SDKs and updating an old app that already includes these SDKs. Do I need to declare a privacy manifest file for these SDKs?

Hello, I have a question. Recently, Apple's announcement asks for "Describing use of required reason API". https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api?language=objc SDKs that require a privacy file are specified in the "SDKs that require a privacy manifest and signature." https://developer.apple.com/jp/support/third-party-SDK-requirements/ question 1. Should SDKs included in the list of "SDKs that require a privacy manifest and signature" provided by Apple always include a privacy file? Or you can put the privacy file only in your XCode project. Question 2. If I don't use any personal information within the SDK, I don't need to insert a privacy file? thank you.

Hi community: Is there any way to create a Privacy report from the command line? Thanks

After adding PrivacyInfo.xcprivacy following this Steps: https://vikramios.medium.com/itms-91053-missing-api-declaration-3c2bef935bd3 I am getting this error ❌ error: Multiple commands produce 'app_dir/PrivacyInfo.xcprivacy';

Hey, I uploaded an app to Testflight and received these two Missing API declaration warnings. Is there something I am missing/wrong on the PrivacyInfo.xcprivacy file? Thanks so much! ITMS-91053: Missing API declaration - Your app’s code in the “Ыйык Китеп” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. ITMS-91053: Missing API declaration - Your app’s code in the “Ыйык Китеп” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. The content of my connected PrivacyInfo.xcprivacy file is: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NSPrivacyTracking</key> <false/> <key>NSPrivacyTrackingDomains</key> <array/> <key>NSPrivacyCollectedDataTypes</key> <array/> <key>NSPrivacyAccessedAPITypes</key> <array> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryDiskSpace</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>E174.1</string> </array> </dict> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryFileTimestamp</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>C617.1</string> </array> </dict> </array> </dict> </plist> For more context: Generate Privacy Report option from xcode 15 is returning a blank pdf file on my archive. I assume it is the same issue as this thread. I ran ios_17_required_reason_api_scanner that picked this info up. I think all of these should fall within NSPrivacyAccessedAPICategoryDiskSpace and NSPrivacyAccessedAPICategoryFileTimestamp. Searching for use of required reason API See https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api Found potentially required reason API usage 'NSFileCreationDate' in '../global-bible-app-builder-v2/app/platforms/ios/Ыйык Китеп/Plugins/@moodlehq/cordova-plugin-zip/Plugins/minizip/SSZipArchive.m' Line numbers: 224 Found potentially required reason API usage 'NSFileModificationDate' in '../global-bible-app-builder-v2/app/platforms/ios/Ыйык Китеп/Plugins/@moodlehq/cordova-plugin-zip/Plugins/minizip/SSZipArchive.m' Line numbers: 224 270 358 529 591 Found potentially required reason API usage '.creationDate' in '../global-bible-app-builder-v2/app/platforms/ios/Ыйык Китеп/Plugins/cordova-plugin-file/CDVAssetLibraryFilesystem.m' Line numbers: 234 235 Found potentially required reason API usage 'NSFileSystemFreeSize' in '../global-bible-app-builder-v2/app/platforms/ios/Ыйык Китеп/Plugins/cordova-plugin-file/CDVFile.m' Line numbers: 419 Found potentially required reason API usage '.fileModificationDate' in '../global-bible-app-builder-v2/app/platforms/ios/Ыйык Китеп/Plugins/cordova-plugin-file/CDVLocalFilesystem.m' Line numbers: 713

I thought I read somewhere in the privacy manifest documentation that they were not required for app extensions because extensions will inherit the privacy info from their parent apps and SDKs, but now I can't find a reference for that. If that is the case, I don't think it is working correctly, because we are getting warnings about missing API declarations for things that should be covered by an app or SDK manifest from what I can tell.

Once I have the PDF generated by xcode: what exactly should I be doing with it?. Is there a place in Apple Connect where I should be uploading it?. If there's a place to upload it, will this mean that privacy manifest for our app will be updated by using this PDF? Do you have some documentation I can reference to where I can see the process of uploading this PDF? (not the process of how to create the xcprivacy file or how to add it to xcode nor all the properties that go in the plist file.)

Hi, I just received a new email from AppStore Review while submitting our app for review. This time I got informed, that I need to declare two NSPrivacyAccessedAPITypes: NSPrivacyAccessedAPICategorySystemBootTime and NSPrivacyAccessedAPICategoryFileTimestamp. I tried to find where we make use of APIs falling under these categories, but I couldn't find any in our app code. I searched within our SwiftPM checkout folder too, seeing if there is an SDK missing the PrivacyInfo.xcprivacy file itself or the required declaration, again no luck. In another thread is described how a link map could help to find the source of my problem, but this file doesn't help me at all. I can find occurrences of the API names as string, but not all of them are API calls (e.g. creationDate which is a custom property). So my question is now, how can I find the source of these warnings? I dislike the idea of blindly adding both declarations with all options on. Best, Thomas

in this weeks i received this error: ITMS-91055: Invalid API reason declaration - The PrivacyInfo.xcprivacy for the “VanigliaPro” file contains “App Functionality” as the value for a NSPrivacyAccessedAPITypeReasons key instead of a valid reason code for using an API in the NSPrivacyAccessedAPICategoryFileTimestamp category. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, values for NSPrivacyAccessedAPITypeReasons keys in your app’s privacy manifest must be valid reason codes for the corresponding API category. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. ITMS-91053: Missing API declaration - Your app’s code in the “xxxx” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. ITMS-91053: Missing API declaration - Your app’s code in the “xxxx” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. any help for make correct privacy file?

Hello, I have a problem. Our app is based on a set of javascript cross-platform development framework, which includes bridging and packaging of the Foundation Framework. This bridging and packaging itself does not make any API calls, but it contains almost all security APIs. This In this case, does this Framework, which is only used as a bridge, need to add a privacy manifest statement? But since it does not make any API calls, how should I fill in the content?

It is stated that From Fall 2023 you’ll receive an email from Apple if you upload an app to App Store Connect that uses required reason API without describing the reason in its privacy manifest file. From Spring 2024, apps that don’t describe their use of required reason API in their privacy manifest file won’t be accepted by App Store Connect. There are some answers here : https://developer.apple.com/videos/play/wwdc2023/10060/ but far from answering all questions. I have questions on how to implement: Where exactly is the privacy manifest ? How to create it, from which file template in Xcode ? WWDC speaks of a PrivacyInfo.xcprivacy (does it require a more recent version of Xcode than 14.2). WWDC describes a framework case. Is it the same for a "final" app ? is there a specific format for describing the reason ? Or just plain text. Is this text visible to the user or only to reviewer ? does it apply retroactively to apps already in AppStore (do they need to be resubmitted ?). It seems not. So I tried, in an iOS App, to declare the PrivacyInfo.xcprivacy as explained, with Xcode 14.2, using plist template, to no avail. Really not clear on how to proceed or even start… We would need a clear step by step tutorial with all prerequisites (Xcode or MacOS versions needed for instance).

Hi Everybody, I would like to see the feature, that allows us to limit the access for selected apps to get access to our Contacts. Especially apps like WhatsApp cannot be trusted, in my opinion, so I would love to see the possibility to prevent, that they just analyse our full Contact book and sell the data. With a limited access feature, we can at least decide, which information we wanna share with suspicious companys. What do you think and how could we reach the developers attention to get this with the next major update. Greetings from Europe

I recently received a notification after my app submission, highlighting missing API declarations in accordance with the new privacy requirements. Following the guidelines, I already updated my pods, which now include their own privacy manifest files. However, I'm still facing issues as detailed in the attached communication from App Store Connect. Anyone know how to done this?

Our website supports Apple login, but after logging in, the server obtains the private mailbox of Apple users, but we found that sending emails to this private mailbox failed. The following is the response result I sent to the privacy mailbox using Google mailbox

We are using mach_absolute_time to determine the number of CPU cycles in our app, and from that, we are using it to seed a random number generator. From this random number generator, we are getting a series of random numbers and combining it with other random numbers from another generator not seeded via mach_abolute_time. This combined random number is being sent off device as a unique ID for authentication purposes. I've read through the required reasons for using this API, and I am not sure if it falls under the acceptable use cases. My gut-feeling is that it does not. The following reasons are what Apple lists as acceptable reasons for this API: 35F9.1 Declare this reason to access the system boot time in order to measure the amount of time that has elapsed between events that occurred within the app or to perform calculations to enable timers. Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception for information about the amount of time that has elapsed between events that occurred within the app, which may be sent off-device. 8FFB.1 Declare this reason to access the system boot time to calculate absolute timestamps for events that occurred within your app, such as events related to the UIKit or AVFAudio frameworks. Absolute timestamps for events that occurred within your app may be sent off-device. System boot time accessed for this reason, or any other information derived from system boot time, may not be sent off-device. 3D61.1 Declare this reason to include system boot time information in an optional bug report that the person using the device chooses to submit. The system boot time information must be prominently displayed to the person as part of the report. Information accessed for this reason, or any derived information, may be sent off-device only after the user affirmatively chooses to submit the specific bug report including system boot time information, and only for the purpose of investigating or responding to the bug report. Would anybody be able to confirm that this usage is allowed or if we will need to change it to be in accordance with Apple's new policies regarding the usage of this API? Thanks

**We noticed that your app collects information from various public sources to build individual profiles, which is not appropriate for the App Store. Next Steps To resolve this issue, please remove any feature that attempts to build individual profiles based on collected public data. ** I do not understand what information that I collect from various public sources to build individual profiles My app takes the image from user and process it to extract facial features and compare other faces in the app database also the user can create an account if he wants to post a missing report and I ask to input the name and gender and date of birth and other information of missing person and all of this I explain in app review But I still face this replay what to do ?

How to handle libraries that are not explicitly added by me, but pulled by other SPMs that I use in my project? For example Firebase SPM pulls other packages like Abseil, nanopb etc. Do I need to handle those, and make sure they contain privacy manifests, or is Firebase package "responsible" for those?

When transferring an app from one team to another, Sign in with Apple users have to me carefuly migrated since their unique identifiers are team-scoped. To migrate users from Team A to Team B, a transient transfer identifier, aka transfer_sub, has to be generated by Team A before the transfer to prepare the app data, using specific migration endpoints provided by Apple. "Preparing the app data" means, for example, associate database entries to the transfer id instead of the team-specific id. One the app has been transferred, and during 60 days, Team B will find the transfer_sub in ID tokens issued by Apple Sign In, and thanks to this shared identifier they can retrieve the user data and associate it to their new unique identifier. So far so good ! Now, the question : if an app is transferred from Team A to Team B, and then, shortly thereafter (a few days later), from team B to team C, will the transfer_sub related to the B-C transfer be different ? Or will they remain the same as the ones issued for the A-B transfer ? (I'm asking this question in order to avoid the possible catastrophe of an ill-prepared double app transfer) Thank you !