An ITMS-91061: Missing privacy manifest rejection email looks as follows: ITMS-91061: Missing privacy manifest- Your app includes "<path/to/SDK>", which includes , an SDK that was identified in the documentation as a privacy-impacting third-party SDK. Starting February 12, 2025, if a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: https://developer.apple.com/support/third-party-SDK-requirements. Glossary ITMS-91061: Missing privacy manifest: An email that includes the name and path of privacy-impacting SDK(s) with no privacy manifest files in your app bundle. For more information, see https://developer.apple.com/support/third-party-SDK-requirements. : The specified privacy-impacting SDK that doesn't include a privacy manifest file. If you are the developer of the rejected app, gather the name of the SDK from the email you received from Apple, then contact the SDK's provider for an updated version that includes a valid privacy manifest. After receiving an updated version of the SDK, verify the SDK includes a valid privacy manifest file at the expected location. For more information, see Adding a privacy manifest to your app or third-party SDK. If your app includes a privacy manifest file, make sure the file only describes the privacy practices of your app. Do not add the privacy practices of the SDK to your app's privacy manifest. If the email lists multiple SDKs, repeat the above process for all of them. If you are the developer of an SDK listed in the email, publish an updated version of your SDK that includes a privacy manifest file with valid keys and values. Every privacy-impacting SDK must contain a privacy manifest file that only describes its privacy practices. To learn how to add a valid privacy manifest to your SDK, see the Additional resources section below. Additional resources Privacy manifest files Describing data use in privacy manifests Describing use of required reason API Adding a privacy manifest to your app or third-party SDK TN3182: Adding privacy tracking keys to your privacy manifest TN3183: Adding required reason API entries to your privacy manifest TN3184: Adding data collection details to your privacy manifest TN3181: Debugging an invalid privacy manifest

Hello, In my IOS app, I have been working on implementing a third-party library's xcframework into my app. (They don't provide spm or cocoapods). However, whenever I import the XCFramework into my app, the build is successful, but when uploading to App Store Connect, I receive an email with an error stating the Swift Support folder is missing. This app was made using SwiftUI. I have a sample project linked below. Other apps also use this framework, so I'm not sure where I'm going wrong. Project

I need to change the order of my App Store display screenshots. The developer said they need to launch a new build which will take 5-8 hours of work. The app is complete, I just need to change the order of the display photos on the App Store. Is there a cost effective way to do this? Thx, Sam

I'm receiving the following error when attempting to validate an in‑app purchase receipt: Certificate verification failed at depth 0 : forge.pki.UnknownCertificateAuthority Certificate chain validation failed: Certificate is not trusted. This error occurs during the certificate chain validation process of the receipt's PKCS#7 container. My implementation uses node‑forge to decode the receipt, extract the embedded certificate chain, and verify that the chain properly links from the leaf certificate (which directly signed the receipt) through the intermediate certificate to the trusted Apple Inc. Root certificate. What the Error Indicates: "UnknownCertificateAuthority" at depth 0: This suggests that the leaf certificate in the receipt is not being recognized as part of a valid chain because it cannot be linked back to a trusted root in my CA store. "Certificate chain validation failed: Certificate is not trusted": This means that the entire certificate chain does not chain up to a trusted certificate authority (in this case, the Apple Inc. Root certificate) as expected. Steps Taken: I verified that the receipt is a valid PKCS#7 container. I extracted the certificate chain from the receipt. However, the receipt only provided the leaf certificate. I manually added the intermediate certificate (AppleWWDRCAG5.pem) to complete the chain. I loaded the official Apple Inc. Root certificate (AppleIncRootCertificate.pem) into my CA store. Despite these steps, the validation still fails at depth 0, indicating that the leaf certificate is not recognized as being issued by a trusted authority. Request for Assistance: Could you please help clarify the following points: Is the certificate chain for receipts (leaf → intermediate → Apple Inc. Root) as expected, or has there been any change in the chain that I should account for? Is there a recommended or updated intermediate certificate I should be using for receipt validation? Are there known issues or recent changes on Apple's side that might cause the leaf certificate to not be recognized as part of a valid chain? Any guidance to resolve this certificate chain validation error would be greatly appreciated.

I config of an alternate icon on the App Store Connect product page optimization. After the app launches, can I retrieve the name of this configured icon through UIApplication.shared.alternateIconName?

Hi there I've recently had my upload rejected in Xcode Organizer as a result of one of the frameworks we use containing bitcode. Error: [ContentDelivery.Uploader.XXXXXXXXXX] Validation failed (409) Invalid Executable. The executable 'Sam.app/Frameworks/Foo.framework/Foo' contains bitcode. Is there an accurate way to determine whether an .xcframework contains bitcode ahead of time without using Xcode Organiser? My current methodology is below, please can I get some confirmation that this is accurate, or suggest a more efficient approach? I have concerns about my approach and whether it throws false positives for empty bitcode markers. 1. get original framework size 2. run xcrun bitcode_strip -r framework_path -o temp 3. get new framework size 4. if new size is smaller than original, then it contains bitcode Thanks for the help, Sam

I’m building an iOS app that collects user PII (emails, names) and stores it in my backend database. I already use HTTPS for data transfer, but I’m unsure if Apple requires server-side encryption for stored data. For example: If a user’s email is stored in plain text on my server (but transmitted securely via HTTPS), will this violate App Store guidelines? Does Apple explicitly mandate encryption-at-rest for PII, or is it just a recommendation? Are there exceptions for non-sensitive data like usernames? I checked App Store Review Guidelines §5.1.1, which says "data must be stored securely," but it’s unclear if this requires encryption. Context: The app targets U.S. users (no GDPR/CCPA concerns). No financial/health data is involved. Is plain-text server storage of emails/names acceptable, or will this risk rejection? Thanks for any clarity!

I'm having trouble with this version as it's being rejected because they say it's missing a Terms of Use (EULA) link. This link was added since we integrated Apple Pay in version 1.6. We currently have version 2.6 available. I sent screenshots showing where this information is and it's still being rejected. They also comment that I can solve this in my next update, so I requested that they approve my version to solve other details that I have in other modules that have nothing to do with subscriptions but until now I have not had any type of response.

The macOS app with AppGroup suddenly cannot upload; it was working fine before.

Hi, I have accepted the Paid App Agreements on App Store Connect, but my apps are still unable to process subscriptions. As a result, my users cannot subscribe, and I am losing revenue. Could you please assist me in resolving this issue? I appreciate your help. Thank you.

Hello, I recently received feedback from two users that they charged twice after entering their password when trying to initiate payment on the app. I checked my front-end and back-end codes, both of which only initiate one order, but I don't know why the user deducts two payments after entering the password. I hope everyone can help me analyze this problem and how it came about? Additionally, I wonder if there is a possibility that the system may prompt the user to enter their password again due to network issues, resulting in the deduction of two payments. But the user told us that they only entered the password once (I don't know if the user lied). I am unable to find how the problem arose. I hope you can help me analyze how to solve this problem? If you also encounter such a problem, can you teach me how to solve it?

Hi, Since last week, I’ve been trying to publish the new version of my Voxel game, which aims to fix many bugs and significantly optimize the game. This update is very important for improving the overall quality of the game. Unfortunately, this version is not being accepted on the App Store due to a Design - Copycats issue related to guideline 4.1. I’ve tried everything to resolve the problem by changing the screenshots, app preview, description, game name, icons, and even all metadata that could cause issues in the build. But nothing seems to work. I keep receiving the same rejection just a few minutes after submitting my build for review. Here is the full warning message: —————— “Guideline 4.1 - Design - Copycats This app or its metadata appears to be misrepresenting itself as another popular app or game already available on the App Store, from a developer's website or distribution source, or from a third-party platform. Apps should be unique and should not attempt to deceive users into thinking they are downloading something they are not.” Next Steps Learn more about requirements to prevent apps from impersonating other apps or services in guideline 4.1. Revise the app to comply with these requirements. Once the app is fully compliant, resubmit the app for review. —————— Also I've already tried contaction the Apple Developer team but I got no answer. I don't know what to do. Thanks

I read the documentation and it told I had to prepare the product on App Store connect and once it is at the state "Ready to submit" I could access it on a phone where I am connected with an Icloud account in the developper list of the apple development account. This is what I've done but when I try to fetch in my flutter code the product with the id I set in App Store connect it says "No product found" Here is where I fetch the product: Future purchaseProduct(String productId) async { try { Set<String> _pIds = {productId}; final ProductDetailsResponse response = await _iap.queryProductDetails(_pIds); if (response.productDetails.isEmpty) { throw 'Product not found'; } final ProductDetails productDetails = response.productDetails.first; final PurchaseParam purchaseParam = PurchaseParam(productDetails: productDetails); _iap.buyConsumable(purchaseParam: purchaseParam); } catch (e) { Services.debugLog('Error purchasing product: $e'); throw e; } } I checked the product ID and it does not seems to be the problem. Is there some other steps I need to do ?

The application is developed with Xamarin Framework and it is live now. The customer installed the app and purchased the annual subscription. And for some reason, they uninstall and reinstall the application on the same device. Now user wants to restore the subscription. In the application, there is an option to Restore the subscription. But restore API not return purchase details. But when clicking the subscription button instead of restoring the subscription, it says you subscribed to this plan". is there any possibility of not getting VerifyRecipt even after a successful purchase?

Our company needs to track the performance of app downloads promoted by many different groups, which may require a large number of different Campaign links. How many different Campaign links can I track in the App Store Connect backend? What is the maximum number? Thanks you!

I was importing the app's information based on the document below. https://developer.apple.com/documentation/devicemanagement/getting-app-and-book-information-legacy However, I have failed to get the information of the custom app from a few days ago. The result is empty. This is a request with an empty result. https://uclient-api.itunes.apple.com/WebObjects/MZStorePlatform.woa/wa/lookup?version=2&p=mdm-lockup&caller=MDM&platform=volumestore&cc=jp&id=1556411142 This is the request with results. https://uclient-api.itunes.apple.com/WebObjects/MZStorePlatform.woa/wa/lookup?version=2&p=mdm-lockup&caller=MDM&platform=volumestore&cc=jp&id=1202716089 In ABM/ASM, you can see my assets and both the quantity in use and the quantity available will be searched normally. Is there anything else I can check? Please reply. Thank you.

I am attempting to upload an application to the app store. The selected method was using Transporter through terminal commands. In this sense, I keep receiving a metadata error which is as follows : Command (Assume values are filled in) /usr/local/itms/bin/iTMSTransporter -m upload \ -u "MY_EMAIL" \ -p "YOUR_APP_SPECIFIC_PASSWORD" \ -f "/Users/isseyyohannes/Desktop/ALGORA_Performance.itmsp" \ --asc-provider "GL5BCCW69X" -v detailed I receive the following error Package Summary: 1 package(s) were not uploaded because they had problems: /Users/isseyyohannes/Desktop/ALGORA_Performance.itmsp - Error Messages: ERROR ITMS-3000: "Line 9 column 25: element "data_file" incomplete; missing required elements "checksum" and "size" at XPath /package/software_assets/asset/data_file" ERROR ITMS-3000: "Line 12 column 24: element "software_metadata" not allowed here; expected the element end-tag or element "metadata_token" at XPath /package/software_metadata" ERROR ITMS-3000: "Line 13 column 19: element "software" not allowed here; expected the element end-tag or element "game_center", "in_app_purchases", "products", "read_only_info" or "versions" at XPath /package/software_metadata/software" ERROR ITMS-3000: "Line 16 column 28: element "bundle_id" not allowed anywhere; expected element "read_only_value" at XPath /package/software_metadata/software/read_only_info/bundle_id" ERROR ITMS-3000: "Line 17 column 30: element "app_version" not allowed anywhere; expected element "read_only_value" at XPath /package/software_metadata/software/read_only_info/app_version" ERROR ITMS-3000: "Line 18 column 33: element "product_family" not allowed anywhere; expected element "read_only_value" at XPath /package/software_metadata/software/read_only_info/product_family" ERROR ITMS-3000: "Line 19 column 30: element "read_only_info" incomplete; missing required element "read_only_value"" ERROR ITMS-3000: "Line 20 column 20: element "software" incomplete; expected element "software_assets" or "software_metadata"" ERROR ITMS-3000: "Package "null" failed schema validation." [2025-02-19 15:45:07 EST] <main> DBG-X: Returning 1 Essentially just a bunch of warnings about my metadata file which I edited manually to read the following <?xml version="1.0" encoding="UTF-8"?> <package version="software5.10" xmlns="http://apple.com/itunes/importer"> <provider>GL5BCCW69X</provider> <team_id>GL5BCCW69X</team_id> <software_assets> <asset type="bundle"> <data_file> <file_name>ALGORA_Performance.pkg</file_name> <checksum type="sha1">7acb9fcb19eb203bdc6038f88d06a67386900b28</checksum> <size>75619323</size> </data_file> </asset> <software_metadata> <software> <vendor_id>93274081</vendor_id> <read_only_info> <read_only_value key="bundle_id">com.algora.ALGORA-Performance</read_only_value> <read_only_value key="app_version">0.0.0</read_only_value> <read_only_value key="product_family">macOS</read_only_value> </read_only_info> </software> </software_metadata> </software_assets> </package> Last note is that I manually created the metadata.xml file and moved it via local terminal for fear of having to use XCode which I am not familiar with. ANY HELP IS APPRECIATED

Hello, I have tried to add Sign in with Apple to my application, and I get to the point where the app asks which AppleID to use and does succesfull facial recognition, but does not return failed or successful validation - the loading animation does not end and just keeps going. I have tried to create the sertificates and provision profiles again. I have also set the entitlements file Apple access level to Default. I don't understand what is going wrong here. Can the certificates be in wrong place? Is something wrong with the code?

Hi, I need to temporarily add a developer to my Apple Developer account so they can manage Certificates, Identifiers & Profiles and make necessary changes. However, when I add them as a team member through Users and Access, Apple requires them to verify their Apple ID using two-factor authentication (2FA). The problem is that due to regional restrictions, they are unable to receive the verification code, which prevents them from accessing the account. What I’ve Tried: I added the developer as a team member under Users and Access in the Apple Developer portal. They received the invitation email and accepted it. When they try to log in, Apple prompts them for 2FA verification, but they cannot complete it due to the restrictions. My Questions: Is there a way to allow my developer to access Certificates, Identifiers & Profiles without requiring them to verify their Apple ID via 2FA? Would creating a new Apple ID and adding it as a team member work as a workaround? Are there any alternative solutions to grant access without sharing my personal Apple ID credentials? I’d appreciate any advice or best practices on how to handle this. Thanks in advance.

I am setting up a new app and am having problems with Xcode Cloud. From Xcode if I click on the "Cloud" button under the Report Navigator I get a spinner for a long time then get the message "Could not load Xcode Cloud data". I also visited the "Xcode Cloud" tab under my app in App Store Connect and I get a spinner and nothing loads. This is a recent account and I'm setting up Xcode Cloud for the first time. Below is what I've tried and I'm out of ideas on how to get this working. In Xcode, I signed out and back in as the Account Holder Closed Xcode and reopened This occurred yesterday and today and have not seen a problem under the Apple System Status page On the latest Xcode 16.2 Checked the Signing & Capabilities tab in Xcode and my team a bundle Id is correct and it's happy with signing. At this time on my machine I am using the distribution profile.