How to declare Privacy manifest

It is stated that

From Fall 2023 you’ll receive an email from Apple if you upload an app to App Store Connect that uses required reason API without describing the reason in its privacy manifest file. From Spring 2024, apps that don’t describe their use of required reason API in their privacy manifest file won’t be accepted by App Store Connect.

There are some answers here : https://developer.apple.com/videos/play/wwdc2023/10060/ but far from answering all questions.

I have questions on how to implement:

  • Where exactly is the privacy manifest ? How to create it, from which file template in Xcode ? WWDC speaks of a PrivacyInfo.xcprivacy (does it require a more recent version of Xcode than 14.2).
  • WWDC describes a framework case. Is it the same for a "final" app ?
  • is there a specific format for describing the reason ? Or just plain text.
  • Is this text visible to the user or only to reviewer ?
  • does it apply retroactively to apps already in AppStore (do they need to be resubmitted ?). It seems not.

So I tried, in an iOS App, to declare the PrivacyInfo.xcprivacy as explained, with Xcode 14.2, using plist template, to no avail.

Really not clear on how to proceed or even start… We would need a clear step by step tutorial with all prerequisites (Xcode or MacOS versions needed for instance).

Post not yet marked as solved Up vote post of Claude31 Down vote post of Claude31
10k views
Posted by
Claude31
Reply
Add a Comment

Replies

It's a file you add from Xcode. New / File / iOS / Resource / App Privacy. After that, you add to it like the below image. I'm using Xcode 15 beta 5 to do this. It's not available with current, non-beta version of Xcode.

Posted by
SpaceMan
Post not yet marked as solved Up vote reply of SpaceMan Down vote reply of SpaceMan
Add a Comment

Thanks for the info.

That means that it will be soon mandatory to use Xcode 15, probably MacOS 14, to submit app ?

Posted by
Claude31
Up vote reply of Claude31 Down vote reply of Claude31
Add a Comment

Thanks SpaceMan. It would be really nice if Apple would document their sh*t. It took a really long time for me to find your message. I'm glad I wasn't searching before you posted your answer.

I think the message here is that one should wait until the last moment before conforming to Apple's new policies. Presumably, xcode 15 (where privacy is supported) will be in production release before they start cracking down on app privacy configurations.

Posted by
openingapps
Post not yet marked as solved Up vote reply of openingapps Down vote reply of openingapps
Add a Comment

Briefly XCode 15 will be mandatory by April 2024

There's a privacy manifest timeline at this video and also a lot of informationin this article

Posted by
victor-rodriguez-etermax
Up vote reply of victor-rodriguez-etermax Down vote reply of victor-rodriguez-etermax
Add a Comment

You can find the Apple documentation here - https://developer.apple.com/documentation/bundleresources/privacy_manifest_files?language=objc

Posted by
achuthan
Up vote reply of achuthan Down vote reply of achuthan
Add a Comment

@SpaceMan

Is PrivacyInfo finished if it's included in the library??

Is it not necessary to have a specific directory structure??

Posted by
kimjitae
Up vote reply of kimjitae Down vote reply of kimjitae
Add a Comment

Aha, hope the rules does not destroy a developer, I just think when a new app uploaded, let the reviewer think if it is ok for publishing, while not give such boring things to developer.

Posted by
FlyingSwallowStudio
Up vote reply of FlyingSwallowStudio Down vote reply of FlyingSwallowStudio
Add a Comment

My main issue is what code is actually using the apis that Apple is complaining about. Eg, these are the ones in the email I received:

NSPrivacyAccessedAPICategoryDiskSpace
NSPrivacyAccessedAPICategoryFileTimestamp
NSPrivacyAccessedAPICategoryUserDefaults

Ok, the last one I understand. I am using UserDefaults. But I don't know who's using the first 2, although I might guess that it's also UserDefaults under the hood?

Posted by
jacko3232
Post not yet marked as solved Up vote reply of jacko3232 Down vote reply of jacko3232

  • that might be swiftdata/coredata if you're using those. It can be anything basically...

    kironet

  • If CoreData is using DiskSpace or FileTimestamp, do we need to add it?

    mehulFunnmedia
Add a Comment

I created the file "PrivacyInfo.xcprivacy" and included it in my project with the keys that I was notified were required.

However, I get the same email complaining that these four entries are missing:

NSPrivacyAccessedAPICategoryDiskSpace
NSPrivacyAccessedAPICategoryFileTimestamp
NSPrivacyAccessedAPICategoryUserDefaults
NSPrivacyAccessedAPICategorySystemBootTime

Is there something else that's required for the newly added privacy manifest to be recognized during review? The file is currently located at the root directory of my project; next to the .xcodeproj file

I'm using XCode 15.2.0

Posted by
DannyByersII
Up vote reply of DannyByersII Down vote reply of DannyByersII

  • You might want to check to be sure the build product or the archive for the app contains the PrivacyInfo.xcprivacy file. If it is not appearing in the app, then it might not have membership in the target. Try creating the Privacy Report from your archive as well. If it show an error, then something in the original might need work. Is the warning email complaining about your app, your app's extensions, or some other SDK?

    SlippedCognitive

  • I second @SlippedCognitive, I added the file and the configurations, but received the same email from Apple on next submission. Upon further investigation it seems like the PrivacyInfo.xcprivacy file was not added to the Workspace in Xcode. Simply right click on the Workspace and Click on add files to .... and select the PrivacyInfo.xcprivacy file

    anastariq
Add a Comment

I'm having trouble with NSPrivacyAccessedAPICategoryDiskSpace. NSPrivacyAccessedAPICategoryDiskSpace appears when I list the symbols in the compiled binary. My code uses NSFileManager to find and load resources, but it never checks the free space in the system or volume.

0000000000000000         *UND* _NSFileSize
0000000000000000         *UND* _NSFileSystemFreeSize
0000000000000000         *UND* _NSFileSystemSize

Even if I comment the NSFileMager code, just including the Foundation library leaves these symbols. Any ideas?

Posted by
cigumo
Up vote reply of cigumo Down vote reply of cigumo

  • It was one of the AdMob libraries. :facepalm:

    cigumo
Add a Comment

Any ideas?

See this thread:

https://developer.apple.com/forums/thread/748621

But to be honest you might as well save yourself the bother and just add one of the innocuous permitted reason codes.

Posted by
endecotp
Up vote reply of endecotp Down vote reply of endecotp
Add a Comment

I find the interface in Xcode to edit these .plist files really clunky (and the 'reasons' for using an API aren't up to date and also don't filter according to the API you've selected). I own an app development company and have to create like 50 of these in the next few weeks. So I built a form to generate them really quickly and have published it so anyone can use it:

https://wemakeapps.net/manifest-maker

Enjoy.

(PS Sorry it's not a real link, Apple won't let me)

Posted by
wemakeapps
Post not yet marked as solved Up vote reply of wemakeapps Down vote reply of wemakeapps

  • @wemakeapps Thank you for creating this tool! I'll share it around the react native space where folks are facing this issue. Thanks so much

    markjustworks

  • This is great. Why hasn't Apple built this in Xcode? Thanks a ton.

    adamtwo
Add a Comment

That is a very nice tool and thank you for that! I beat my head against this issue for a couple of days... trying everything I could think of in the PrivacyInfo ... and lo and behold I was creating the plist correctly... but for some reason if you add the PrivacyINfo into your xCode project, unlike adding any other Swift file, it doesn't mark the PrivacyInfo file for Target Membership in your build. So as you continue to submit trying to figure out why you keep getting those emails from Apple ... this may be the reason. Check that the Target Membership was selected for this file in xCode...

Posted by
doodahdayz2
Up vote reply of doodahdayz2 Down vote reply of doodahdayz2
Add a Comment

I am new to coding so pardon my naivety. I made a simple app for my company where customers can place orders and leave their names and phones numbers. Upon placing an order the app creates a collection in Google Firebase then generates an email with some HTML code. My app does not use any API's directly, and I believe I received the warning email solely because of the Firebase SDK like many others. I updated my app with what I believe to be proper "declaration of the data collected by my app or by third-party SDKs" according to https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests - but I am wondering if I actually did it correctly. To the OP, thank you for addressing this issue and thank you SpaceMan for getting me started.

See Attached

Posted by
erichardson262673
Up vote reply of erichardson262673 Down vote reply of erichardson262673
Add a Comment