We have a legacy app written in a mix of C, ObjC, C++ and ObjC++ with .xib files. It is not sandboxed. It sends an Apple Event to TV (the app of that name from Apple, not a physical TV) using /usr/bin/osascript, calling a compiled Apple Script which is in our app bundle's Resources directory with parameters which we generate in our app at runtime. The first time it does this on a fresh system, the OS puts up a dialog asking for permission to control TV, and after the user clicks Allow, our app appears under Security and Privacy in the Automation section. That's all fine, but what is unexpected is that the app has no Apple Events entitlement (com.apple.security.automation.apple-events), and it doesn't have a NSAppleEventsUsageDescription string either. The documentation at https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_automation_apple-events says Your app doesn’t need the Apple Events Entitlement if it only sends Apple events to itself or to other processes signed with the same team ID. but we're not on the Apple team. When I filter the log for messages from tccd pertaining to our app, it does indeed complain : Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing={TCCDProcess: identifier=<our bundle id>” But despite those complaints, everything works - I can send the event, and TV acts upon it. Is this working only by accident, and might fail in some minor future OS update? tccd also complains about the microphone Prompting policy for hardened runtime; service: kTCCServiceMicrophone requires entitlement com.apple.security.device.audio-input but it is missing for requesting={TCCDProcess: identifier=<our bundle ID> but we don't use the microphone tccd complains about this too <path-to-our-app> attempted to call TCCAccessRequest for kTCCServiceAccessibility without the recommended com.apple.private.tcc.manager.check-by-audit-token entitlement What does that mean, and should we be concerned?

Greetings everyone, first of all I apologize to everyone for the long question I am going to ask, but I thought it would be better to tell you my question and what I am working on to solve it. You may have heard about Apple's new Privacy Manifest requirement for new apps to be released to the app store. After I heard about it, I made a list of all dependencies used in my project and then updated them to the versions that include the Privacy Manifest file. Since I only use UserDefaults in my project, which is one of the required reason APIs specified by Apple, I added it and my reason for using it in the Privacy Manifest file. When I released a package with this development, I received a new notification email from Apple saying that while they used to be upset with me about UserDefaults, they are no longer, so it seems that Apple has accepted my reason for using UserDefaults in the application. However, Apple was also upset about Required Reason APIs in this list that I don't actually use (e.g. SystemBootTime API, DiskSpace API, FileTimestamp API). I thought about what could be causing this. First of all, it could be that one of the dependencies I use didn't specify the Required Reason API in the Privacy Manifest file or specified it incorrectly. However, I didn't think this was likely because I'm using common dependencies (e.g. Firebase, Alamofire, Lottie, etc.) and I didn't find any issues in the repos for them. Then it occurred to me that we have a binary dependency embedded statically in the project. I looked at the repo of this dependency and in the latest versions they added the Privacy Manifest file, but they added an empty privacy manifest file. This SDK is actually a service that we bought as a company. Therefore, I don't think there will be a problem. If they don't use Required Reason API, I think it can't be the cause of the mail. Nevertheless, our Business Analysts will contact the SDK owners. Then I realized that although it is on the list of SDKs that Apple requires to include a privacy manifest, I could not update it. This is nanopb. Actually, this is not a direct dependency of mine, but it is a dependency of Firebase. Like nanopb, there are other packages that are dependent on Firebase and are listed by apple (e.g. abseil, Promises, GTMSessionFetcher etc.) These are included as SPMs in the Package.swift file of Firebase that I have added to my project, with specific version ranges. If I update it, I get the latest version of the appropriate SPM version. For example promises were added for Firebase 10.16.0 as follows. The previous version did not have the Privacy Manifest. So I updated it to 2.4.0 by doing Project Navigator > Package Dependencies > Update To Latest Package Versions on Xcode. .package( url: “https://github.com/google/promises.git”, “2.1.0” ..< “3.0.0” ), This version included the Privacy Manifest, which solved my problem. But for nanopb the situation is as follows and no version of nanopb provides Privacy Manifest. I'm not even sure if there is a version of nanopb like the one below. .package( url: “https://github.com/firebase/nanopb.git”, “2.30909.0” ..< “2.30910.0” ) When I did some research on the issue, I came across something like this. The Google developer wrote “This bug can be closed because this repo does not release a binary distro of nanopb for Apple platforms.” in response to the issue. But as a non-native English speaker, I don't understand this explanation. As a result, Apple stated in the mail that I was using these Required Reason APIs (I will give an example of the mail below). I tried to find it even though it was not the case. Three possibilities came to my mind and I thought about these possibilities. Finally, I decided to consult you What do you think is causing this (is it widely used sdk's that do not specify or incorrectly specify the reason for using required reason api's? is it static library? is it nanopb?) Is there any way to see Apple's evaluation in this notification email without releasing the package? Will I test whether I have fixed this or not by constantly releasing packages? Any comments will be very appreciated. Thank you very much in advance for all your comments and answers! Email (Consider that the equivalent exists in the SystemBootTime API and DiskSpace API below.): ITMS-91053: Missing API declaration - Your app’s code in the “MyAppName” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

Suppose I received a Privacy Manifest from Apple in the process of reviewing the app. I used "UserDefaults" and "File timestamp APIs" among the APIs, and I didn't add Privacymanifest. And there is nothing in the mail other than "UserDefaults" and "File timestamp APIs". And so is the code. If I remove all the code related to "UserDefaults" and "File timestamp APIs" from the library in this situation, is it okay not to add "Privacy Manifest" from the library as well?? The library can be FrameWork or Static Library.

Hello! In our applications we consume several 3rd party libraries that use one or more API from this list - https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api?language=objc. These XCFrameworks contain static frameworks (a framework with a statically linked binary inside), so after linking, the machine code inside these frameworks becomes either a part of the app's executable or a part of a dynamic library. We integrate these libraries using Swift Package Manager's ".binaryTarget" feature and have been having trouble understanding where should the privacy manifest be located in the final app, so that we can pass the App Store review process. It seems that with SPM the privacy manifest (PrivacyInfo.xcprivacy file) is lost - https://github.com/apple/swift-package-manager/issues/7317 If the static framework is linked as a part of the app's executable, does that mean we have to manually merge the app's privacy manifest with that of a 3rd party static library? If the static framework is linked as a part of a dynamic library within the app, where should the privacy manifest be located? And what should happen if there are multiple static frameworks each with a privacy manifest being linked into this dynamic library? Thank you very much!

Our team uses a static library (.a) consisting of C and C++. Our team is developing static libraries internally and not sharing them to the outside. Should we still provide 'Privacy Manifest' in this case?? I added the contents of our team's static library (.a) to the app's 'Privacy Manifest' and there was no problem. Nevertheless, if I have to add it separately to the static library (.a), should I create a new framework project itself and not use the .a? Or can I just create a new framework and wrap the .a file??

Hello, What are the guidelines for mergeable libraires regarding privacy data ? In particular where do we put the PrivacyInfo.xcprivacy file in this situation, so as Apple process can scan it when we upload the package of the app. Thank you.

・Xcode 15.1 ・The app is also compatible with Watch. In the privacy manifest, we defined NSPrivacyTracking to YES and NSPrivacyTrackingDomains to specific domains. Furthermore, to avoid warnings when uploading to Testflight, we have implemented a privacy manifest file in the app with the following configuration. ・Place the .xcprivacy files for the app itself and WatchExtension under their respective Target directories. ・Settings related to tracking domains are listed in .xcprivacy of the app itself. ・In .xcprivacy of WatchExtension, only describe the reason for UserDefault of NSPrivacyAccessedAPIType However, these implementations do not block network connections, "Fault" still occurs on "Point of Intereset instruments". Is there something wrong with my implementation?

I have a question about the privacy manifest including the process, that is Do I need to declare a privacy manifest file for the SDKs that Apple is not listed in their list? Let's take an example, I have two SDK's like SDK1, SDK2 used in my app and both the SDK's used the "NSUserDefaults" privacy part and both the SDK's are not listed in the Apple list and also both SDK's did not have their own privacy manifest file. Now, the questions are, Do I need to include Privacy Manifest file to both the SDK's? OR Can I add one Privacy Manifest file in the app-specific then Xcode will combine OR use thisPprivacy Manifest file for the SDK's too? Thanks!

Using the DeviceActivity framework we are able to display data based on a user's screentime and device usage. With the DeviceActivityFilter property, you can specify the date interval to collect data between. In testing, it seems that data only becomes accessible once the extension has been installed (so the extension isn't reading the screentime data already collected on device). However, once installed, I'm curious how far back you can query data from in the data interval? Opal which uses the Screentime API appears to have a lifetime Screentime metric, so hypothetically it should possible to query data as far back as collection starts. Unless they are getting around the sandbox environment and storing the data somehow. Side note on Opal -- They seem to have a community average of Screentime among people in the same age group. Does anyone know how they are collecting the data for this average? Is it actually using live Screentime data or just aggregating data from other studies?

I received an email from Apple saying my app is using the following privacy-restricted APIs without an API declaration. NSPrivacyAccessedAPICategoryUserDefaults NSPrivacyAccessedAPICategoryFileTimestamp NSPrivacyAccessedAPICategorySystemBootTime It's true, my app is using those features, in multiple pods that I depend on. For example, my app depends on the FBAudienceNetwork cocoapod, and I've upgraded it to version 6.15.0, which added a privacy manifest specifically to ensure that Apple wouldn't flag my app with an error. https://developers.facebook.com/docs/audience-network/setting-up/platform-setup/ios/changelog/ I can see its privacy manifest explicitly covers these APIs, below: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NSPrivacyTrackingDomains</key> <array> <string>ep1.facebook.com</string> <string>ep6.facebook.com</string> </array> <key>NSPrivacyCollectedDataTypes</key> <array> <dict> <key>NSPrivacyCollectedDataType</key> <string>NSPrivacyCollectedDataTypeAdvertisingData</string> <key>NSPrivacyCollectedDataTypeLinked</key> <true/> <key>NSPrivacyCollectedDataTypeTracking</key> <true/> <key>NSPrivacyCollectedDataTypePurposes</key> <array> <string>NSPrivacyCollectedDataTypePurposeThirdPartyAdvertising</string> <string>NSPrivacyCollectedDataTypePurposeAnalytics</string> </array> </dict> <dict> <key>NSPrivacyCollectedDataType</key> <string>NSPrivacyCollectedDataTypeDeviceID</string> <key>NSPrivacyCollectedDataTypeLinked</key> <true/> <key>NSPrivacyCollectedDataTypeTracking</key> <true/> <key>NSPrivacyCollectedDataTypePurposes</key> <array> <string>NSPrivacyCollectedDataTypePurposeThirdPartyAdvertising</string> </array> </dict> </array> <key>NSPrivacyAccessedAPITypes</key> <array> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryUserDefaults</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>CA92.1</string> </array> </dict> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategorySystemBootTime</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>35F9.1</string> </array> </dict> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryFileTimestamp</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>C617.1</string> </array> </dict> </array> <key>NSPrivacyTracking</key> <true/> </dict> </plist> So, why is Apple flagging my app with "Missing API Declaration" errors? The API declaration is right there. What am I still missing?

I have a question regarding the way iOS handles app permissions. Why doesn't Apple provide a feature to review the reasons an app gave for requesting certain permissions after the initial authorization? There are instances where permissions were granted a long time ago or perhaps inadvertently, and now I can't recall why the app needed those permissions in the first place. This feature could be helpful for users trying to understand and manage their privacy settings more effectively. Thank you for any insights or information

We have a question about tracking domains: If we found a tracking domain in our app（eg."example.tracking.com"）, but not put it into the PrivacyInfo.xcprivacy -> tracking domain list (refer to https://developer.apple.com/documentation/bundleresources/privacy_manifest_files), will iOS auto block the connection of this domain even when the tracking permission is granted? At the current time, the answer seems to be NO, but we are not sure about the situation in the future. Add this is the test result: tracking domains added + tracking permission granted -> not blocked tracking domains added + tracking permission not granted -> blocked tracking domains not added + tracking permission granted -> not blocked tracking domains not added + tracking permission not granted -> not blocked So it there any suggestion about the question? Thanks!

Hello, we have noticed a change in the last few weeks in how Mail Privacy Protection (MPP) is operating. Specifically, MPP pre-caches images within email newsletters that are protected via Private Relay. The end result of the pre-cacheing is that every image in the newsletter is retrieved from our servers even if the user does not open the newsletter. This has been in place since '21. What we've noticed in the last month or so, is that the amount of pre-cacheing has dropped significantly, on the order of 20-25%. We can compare this with newsletters opened in non-MPP environments to know that email sends are consistent, it is only that pre-cached events seem to have changed. Does anyone know of any changes to the logic of Private Relay / MPP that would impact how it is pre-caching data from email newsletters? Thank you.

Hello everyone,I am a student who is working on my final project of my college.I do not get an official development account since I do not need to put my app on AppStore. In my project,I need to use the camera of iOS device, and I know I need to add NSCameraUsageDesciption in Info.plist.However, as I add the description in my Info and build my project, it failed and says"Provisioning profile "iOS Team Provisioning Profile: " doesn't include the NSCameraUsageDescription and NSPhotoLibraryUsageDescription entitlements." I also notice that in the Info.plist file, when I change the property type to entitlements,I just cannot find NSCameraUsageDescription when I add row. What's the problem?Is this because I am not an official developer?

We develop an iOS SDK that allows developers to add VoIP capability to their iOS applications. For post-call quality analysis and debugging purposes we do collect SDK API usage and call quality data and send them back through internal HTTP API endpoint, therefore we need to disclose the domain in the privacy manifest. However we do not collect any Personally Identifiable Information and definitely have no intent to use these data for tracking the users like the examples described in https://developer.apple.com/app-store/user-privacy-and-data-use/. Our question is, do we need to set the “NSPrivacyTracking” key to “true” in the privacy, or our SDK actually is not tracking from the Privacy Manifest’s perspective and simply disclosing the data collection type/purpose as well as the domain is sufficient?

I am new to coding so pardon my naivety. I made a simple app for my company where customers can place orders and leave their names and phones numbers. Upon placing an order the app creates a collection in Google Firebase then generates an email with some HTML code. My app does not use any API's directly, and I believe I received the warning email solely because of the Firebase SDK like many others. I updated my app with what I believe to be proper "declaration of the data collected by my app or by third-party SDKs" according to https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests - but I am wondering if I actually did it correctly! See Attached

Let's say I have an iOS app on the app store. Anyone can download and use it, but I would like to restrict the app from granting access to certain features to a select set of people I can personally vouch for. So, for example, to get access, the app send email to me, you have to convince me I know you, and if you do, I send you back some kind of token string which you can enter into the app. However, I'd like for that token to not be shareable, and to be locked to that device. Is there any kind of persistent ID associated with a device that I can use to tie the token I grant to that persistent ID? Or can someone suggest a way that once I trust a user, I can give them a token which will cannot be shared to anyone else? Also, does anyone know if restricting access to app features in this way is any kind of issue with regards to the app review process? The app itself is free, and there are no in-app purchases. I simply don't want certain features of the app (which end up sending push notifications) to get abused.

Hello, I was referring to the post - https://developer.apple.com/forums/thread/663769 to determine if my app has been granted access to Local Network or not. I am starting an NWConnection for a local network address and checking if the currentPath?.unsatisfiedReason == .localNetworkDenied. This is not working as expected. Even when I accept the local network permission prompt, I still get the unsatisfied reason as .localNetworkDenied. I have also tried turning off/on the permission toggle from the settings app. I have also checked this with the 2nd method in the above post about using pathUpdateHandler and getting the same results. I am using an iOS 17.4.1 device. Is this method reliable? Is there some other method/api that I can use to check for local network access in my app?

Hello, I need help understanding how to manage the privacyInfo.xcprivacy file for apps. Do I need to include privacy details from SDKs in the app’s own file? For instance, if an SDK’s file mentions "Privacy Tracking Enabled: YES," does the app need the same setting? Also, if the SDK lists "Device ID" as a Collected Data Type, should the app list it too? I thought it was best to keep the app’s privacy file just about the app itself and not add SDK information to avoid making things too complex. But I can’t find clear rules on this. Can someone clarify this for me? Thanks!