Hello, I have an iOS app that is recording audio that is working fine on iPads/iPhones. It asks for microphone permission and after that recording works. I installed the same app on my M3 MacBook via TestFlight since iPad apps are supposed to work without a change that way. The app starts fine and everything, but it never asks for Microphone permission, so I can't record. Do I need to do something to make this happen (this is not macCatalyst, its running the arm64 iPhone binary on macOS) thanks

I added Privacy manifest for my app and submit it to review and apple reject my app with what comment ITMS-91054: Invalid API category declaration - The PrivacyInfo.xcprivacy for the “Frameworks/SmartlookAnalytics.framework/SmartlookAnalytics” file contains “Disk Space” as the value for a NSPrivacyAccessedAPIType key, which is invalid. Values for NSPrivacyAccessedAPIType keys in any privacy manifest must be valid API categories. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. i look at the package manifest and all looks fine (attached image). Maybe somebody saw that issue - and may tell me how can i fix it.

Hi everyone, I wanted to ask if anybody knows what the current status is about the declaration of required reasons APIs. Before May 1, when I uploaded a new build to the App Store Connect and added it to a group with external testers, I got a notification by email like the following: ITMS-91053: Missing API declaration - Your app’s code in the [...] file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. In an article published by Apple (https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api) it is even statet that that after May 1, apps that do not comply are not accepted by the App Store Connect. According to my interpretation, even the upload should be rejected. I am currently in the process to add a privacy manifest and add the declarations. For testing purposes, I wanted to add the declarations step by step and see where I still need to fix anything. My problem is, that the warnings by apple are not beeing sent anymore. I have uploaded a new build after May 1 with no privacy manifest and therefore no API declarations, it was accepted by App Store Connect and even passed the review for an external testers group. Does anybody have information about the following questions? Did Apple shift the deadline? How can I trigger the warning emails again so that I know what to fix and see, when my app is compliant? Thanks in advance!

Our keyboard extension can be accessed independently in China region with native app like Notes or Safari, however the keyboard can only be opened in the app under same project in Taiwan region. I've checked some articles about how MDM managing extensions, also make sure our RequestOpenAccess option of keyboard extension info.plist also set to Yes. I'm not sure is there anything I missed, or I just need to inform client that they need to reach out their MDM manager and modify some restrictions? If keyboard supports mobile device management (MDM), it can work with managed apps. App extensions give third-party developers a way to provide functionality to other apps or even to key systems built into the operating systems Allow full access to custom keyboard in iOS

We have a closed-source SDK distributed as a static framework. We are experiencing some difficulty in incorporating Privacy Manifests. We added the Privacy Manifest as a resource in the xcframework using the Copy Bundle Resources phase. Our expectation was that the developer could then add the xcframework to their application and select the Embed Without Signing embed option. Even though it's a static framework, Xcode removes the static archive from the framework when it is embedded in the target bundle as described here: Embedding a static framework using a Copy Files build phase now removes the static archive from the framework when it is embedded in the target bundle. The REMOVE_STATIC_EXECUTABLES_FROM_EMBEDDED_BUNDLES build setting can be set to NO to opt out of this behavior. The COPY_RESOURCES_FROM_STATIC_FRAMEWORKS build setting, previously used in the legacy build system to extract and copy the resources from a static framework to the target bundle, no longer has any effect with the new build system as the entire framework is copied instead (minus the static archive as described above) The problem is that by doing this, the Info.plists present in the platform folder (.framework) is also embedded into the host app. The Info.plist now references the binary that was removed, causing a validation error when uploading to iTunes Connect. Similarly, if we remove the Info.plist from the xcframework platforms folders, it is not possible to run the host application on the simulator. Firebase is facing the same problem as they prepare to incorporate Privacy Manifests into their frameworks. When distributing via CocoaPods and SPM, we do not have this problem since it is possible to reference an external .xcprivacy to the xcframework in the package itself. So, in summary, how do we incorporate Privacy Manifests into a static framework?

Hi, Can someone confirm if the "NSPrivacyTrackingDomains" key for the Privacy Manifest supports wildcard domains such as "*.example.com" or do domain string have to be explicitly defined like "test.example.com"? Thanks.

Hello, We recently encountered an issue with our app's submission to the App Store regarding missing permissions. Specifically, our app requires access to two categories called: NSPrivacyAccessedAPICategoryFileTimestamp and NSPrivacyAccessedAPICategoryUserDefaults for proper functionality. Although we've managed to resolve the immediate concern, it's important that we address this as soon as possible (to avoid any further complications with future app submissions). As I'm not entirely familiar with app development/coding, I'm reaching out to seek help with this. We also want to know if the issue we're experiencing is related to using pre-release software or our code? Any insights or help with this would be greatly appreciated. Thanks!

App: "Nappkin" Apple ID: 639242085 Hi, We are getting several "Missing API declaration" warnings (see below) when submitting our iOS app to the AppStore. Our app doesn't not use the mentioned api's but apparently one or more of the libraries we use do. We have included a privacy manifest that states this fact (included below). Why are we still getting these warnings/errors when we have included a privacy manifest? If each framework used must have a manifest can you tell me which frameworks are in error? We have no influence on the contents of the frameworks used in our apps. How can we comply if a framework we use does not have a required manifest and is unable or unwilling to include it? Our app is a point-of-sale app used by 100's of professionals. We have been in the AppStore for more than 10 years. Our app is fully dependend on several frameworks and not being able to update our app will mean we have to close our business. Thanks! Willem Bison = Privacy manifest ==== <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NSPrivacyAccessedAPITypes</key> <array> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryDiskSpace</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>Our app does not use this api directly but (apparently) an included framework does</string> </array> </dict> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategorySystemBootTime</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>Our app does not use this api directly but (apparently) an included framework does</string> </array> </dict> <dict> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>NSUserDefault is used to store and retrieve several user preferences</string> </array> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryUserDefaults</string> </dict> <dict> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>Our app does not use this api directly but (apparently) an included framework does</string> </array> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryFileTimestamp</string> </dict> </array> </dict> </plist> = Warnings ==== Hello, We noticed one or more issues with a recent submission for App Store review for the following app: Nappkin Version 179.0 Build 33854 Although submission for App Store review was successful, you may want to correct the following issues in your next submission for App Store review. Once you've corrected the issues, upload a new binary to App Store Connect. ITMS-91053: Missing API declaration - Your app’s code in the “Nappkin” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. ITMS-91053: Missing API declaration - Your app’s code in the “Nappkin” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. ITMS-91053: Missing API declaration - Your app’s code in the “Nappkin” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. ITMS-91053: Missing API declaration - Your app’s code in the “Nappkin” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. Apple Developer Relations ============

We are using and iOS version 17.4.1 and 17.5(beta) , and when are we facing the issue for local network permission in our app. Success scenario steps: Don't allow the local network permission in our App Allow it manually in app setting for local network permission(works only in first install of the App) We are able to call the API successfully Error scenario steps: Allow the local network permission popup to app when asked for permission Call the API successfully Uninstall the app and install the same app again and don't allow the local network permission API call fail's Manually change the local network permission to allow in app settings Still the API call fails even if we allow the local network permission Conclusion : We are getting API error when re-install the app and if it is not allowed local network permission as well as when we allow the local network permission. Looks like caching issue. Note: Even if uninstall and install multiple time and allow the local network permission from 2nd time onward API keeps on failing , but these scenario work perfectly fine on iOS 16 version and below. Even the existing app stopped working after updating iOS version to 17 and above. Also we found alternatively when we uninstall the app and restart the device and install it back again it works fine for the first time as a fresh install. Additionally : We are not calling local network permission explicitly, when the API call is happening this is native popup coming on iOS

We develop an iOS SDK that allows developers to add VoIP capability to their iOS applications. For post-call quality analysis and debugging purposes we do collect SDK API usage and call quality data and send them back through internal HTTP API endpoint, therefore we need to disclose the domain in the privacy manifest. However we do not collect any Personally Identifiable Information and definitely have no intent to use these data for tracking the users like the examples described in https://developer.apple.com/app-store/user-privacy-and-data-use/. Our question is, do we need to set the “NSPrivacyTracking” key to “true” in the privacy, or our SDK actually is not tracking from the Privacy Manifest’s perspective and simply disclosing the data collection type/purpose as well as the domain is sufficient?

AppTrackingTransparency popup not show on iOS17.4.1 Some devices can, while others cannot

We have a food delivery app. Now we want to add a prize competition. After every three successful orders, an entry will be created for the users. User can have unlimited entries. Now I am not sure if these requirements comply with AppStore especially No purchase necessary .

Greetings everyone, first of all I apologize to everyone for the long question I am going to ask, but I thought it would be better to tell you my question and what I am working on to solve it. You may have heard about Apple's new Privacy Manifest requirement for new apps to be released to the app store. After I heard about it, I made a list of all dependencies used in my project and then updated them to the versions that include the Privacy Manifest file. Since I only use UserDefaults in my project, which is one of the required reason APIs specified by Apple, I added it and my reason for using it in the Privacy Manifest file. When I released a package with this development, I received a new notification email from Apple saying that while they used to be upset with me about UserDefaults, they are no longer, so it seems that Apple has accepted my reason for using UserDefaults in the application. However, Apple was also upset about Required Reason APIs in this list that I don't actually use (e.g. SystemBootTime API, DiskSpace API, FileTimestamp API). I thought about what could be causing this. First of all, it could be that one of the dependencies I use didn't specify the Required Reason API in the Privacy Manifest file or specified it incorrectly. However, I didn't think this was likely because I'm using common dependencies (e.g. Firebase, Alamofire, Lottie, etc.) and I didn't find any issues in the repos for them. Then it occurred to me that we have a binary dependency embedded statically in the project. I looked at the repo of this dependency and in the latest versions they added the Privacy Manifest file, but they added an empty privacy manifest file. This SDK is actually a service that we bought as a company. Therefore, I don't think there will be a problem. If they don't use Required Reason API, I think it can't be the cause of the mail. Nevertheless, our Business Analysts will contact the SDK owners. Then I realized that although it is on the list of SDKs that Apple requires to include a privacy manifest, I could not update it. This is nanopb. Actually, this is not a direct dependency of mine, but it is a dependency of Firebase. Like nanopb, there are other packages that are dependent on Firebase and are listed by apple (e.g. abseil, Promises, GTMSessionFetcher etc.) These are included as SPMs in the Package.swift file of Firebase that I have added to my project, with specific version ranges. If I update it, I get the latest version of the appropriate SPM version. For example promises were added for Firebase 10.16.0 as follows. The previous version did not have the Privacy Manifest. So I updated it to 2.4.0 by doing Project Navigator > Package Dependencies > Update To Latest Package Versions on Xcode. .package( url: “https://github.com/google/promises.git”, “2.1.0” ..< “3.0.0” ), This version included the Privacy Manifest, which solved my problem. But for nanopb the situation is as follows and no version of nanopb provides Privacy Manifest. I'm not even sure if there is a version of nanopb like the one below. .package( url: “https://github.com/firebase/nanopb.git”, “2.30909.0” ..< “2.30910.0” ) When I did some research on the issue, I came across something like this. The Google developer wrote “This bug can be closed because this repo does not release a binary distro of nanopb for Apple platforms.” in response to the issue. But as a non-native English speaker, I don't understand this explanation. As a result, Apple stated in the mail that I was using these Required Reason APIs (I will give an example of the mail below). I tried to find it even though it was not the case. Three possibilities came to my mind and I thought about these possibilities. Finally, I decided to consult you What do you think is causing this (is it widely used sdk's that do not specify or incorrectly specify the reason for using required reason api's? is it static library? is it nanopb?) Is there any way to see Apple's evaluation in this notification email without releasing the package? Will I test whether I have fixed this or not by constantly releasing packages? Any comments will be very appreciated. Thank you very much in advance for all your comments and answers! Email (Consider that the equivalent exists in the SystemBootTime API and DiskSpace API below.): ITMS-91053: Missing API declaration - Your app’s code in the “MyAppName” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

Suppose I received a Privacy Manifest from Apple in the process of reviewing the app. I used "UserDefaults" and "File timestamp APIs" among the APIs, and I didn't add Privacymanifest. And there is nothing in the mail other than "UserDefaults" and "File timestamp APIs". And so is the code. If I remove all the code related to "UserDefaults" and "File timestamp APIs" from the library in this situation, is it okay not to add "Privacy Manifest" from the library as well?? The library can be FrameWork or Static Library.

Hello! In our applications we consume several 3rd party libraries that use one or more API from this list - https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api?language=objc. These XCFrameworks contain static frameworks (a framework with a statically linked binary inside), so after linking, the machine code inside these frameworks becomes either a part of the app's executable or a part of a dynamic library. We integrate these libraries using Swift Package Manager's ".binaryTarget" feature and have been having trouble understanding where should the privacy manifest be located in the final app, so that we can pass the App Store review process. It seems that with SPM the privacy manifest (PrivacyInfo.xcprivacy file) is lost - https://github.com/apple/swift-package-manager/issues/7317 If the static framework is linked as a part of the app's executable, does that mean we have to manually merge the app's privacy manifest with that of a 3rd party static library? If the static framework is linked as a part of a dynamic library within the app, where should the privacy manifest be located? And what should happen if there are multiple static frameworks each with a privacy manifest being linked into this dynamic library? Thank you very much!

Our team uses a static library (.a) consisting of C and C++. Our team is developing static libraries internally and not sharing them to the outside. Should we still provide 'Privacy Manifest' in this case?? I added the contents of our team's static library (.a) to the app's 'Privacy Manifest' and there was no problem. Nevertheless, if I have to add it separately to the static library (.a), should I create a new framework project itself and not use the .a? Or can I just create a new framework and wrap the .a file??

Hello, What are the guidelines for mergeable libraires regarding privacy data ? In particular where do we put the PrivacyInfo.xcprivacy file in this situation, so as Apple process can scan it when we upload the package of the app. Thank you.