How can I open the user's Health Privacy Settings directly from my app when I'd like them to review them? I believe similar questions have been asked before like this one: https://forums.developer.apple.com/forums/thread/730434 However, I'm wondering if the situation is changed for iOS 17 or if there's a way that works for Health permissions. This is directly possible in the Garmin Connect app for example which is a major app on the store.

Hello, I have a question. Recently, Apple's announcement asks for "Describing use of required reason API". https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api?language=objc SDKs that require a privacy file are specified in the "SDKs that require a privacy manifest and signature." https://developer.apple.com/jp/support/third-party-SDK-requirements/ question 1. Should SDKs included in the list of "SDKs that require a privacy manifest and signature" provided by Apple always include a privacy file? Or you can put the privacy file only in your XCode project. Question 2. If I don't use any personal information within the SDK, I don't need to insert a privacy file? thank you.

Hey, I uploaded an app to Testflight and received these two Missing API declaration warnings. Is there something I am missing/wrong on the PrivacyInfo.xcprivacy file? Thanks so much! ITMS-91053: Missing API declaration - Your app’s code in the “Ыйык Китеп” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. ITMS-91053: Missing API declaration - Your app’s code in the “Ыйык Китеп” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. The content of my connected PrivacyInfo.xcprivacy file is: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NSPrivacyTracking</key> <false/> <key>NSPrivacyTrackingDomains</key> <array/> <key>NSPrivacyCollectedDataTypes</key> <array/> <key>NSPrivacyAccessedAPITypes</key> <array> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryDiskSpace</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>E174.1</string> </array> </dict> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryFileTimestamp</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>C617.1</string> </array> </dict> </array> </dict> </plist> For more context: Generate Privacy Report option from xcode 15 is returning a blank pdf file on my archive. I assume it is the same issue as this thread. I ran ios_17_required_reason_api_scanner that picked this info up. I think all of these should fall within NSPrivacyAccessedAPICategoryDiskSpace and NSPrivacyAccessedAPICategoryFileTimestamp. Searching for use of required reason API See https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api Found potentially required reason API usage 'NSFileCreationDate' in '../global-bible-app-builder-v2/app/platforms/ios/Ыйык Китеп/Plugins/@moodlehq/cordova-plugin-zip/Plugins/minizip/SSZipArchive.m' Line numbers: 224 Found potentially required reason API usage 'NSFileModificationDate' in '../global-bible-app-builder-v2/app/platforms/ios/Ыйык Китеп/Plugins/@moodlehq/cordova-plugin-zip/Plugins/minizip/SSZipArchive.m' Line numbers: 224 270 358 529 591 Found potentially required reason API usage '.creationDate' in '../global-bible-app-builder-v2/app/platforms/ios/Ыйык Китеп/Plugins/cordova-plugin-file/CDVAssetLibraryFilesystem.m' Line numbers: 234 235 Found potentially required reason API usage 'NSFileSystemFreeSize' in '../global-bible-app-builder-v2/app/platforms/ios/Ыйык Китеп/Plugins/cordova-plugin-file/CDVFile.m' Line numbers: 419 Found potentially required reason API usage '.fileModificationDate' in '../global-bible-app-builder-v2/app/platforms/ios/Ыйык Китеп/Plugins/cordova-plugin-file/CDVLocalFilesystem.m' Line numbers: 713

After adding PrivacyInfo.xcprivacy following this Steps: https://vikramios.medium.com/itms-91053-missing-api-declaration-3c2bef935bd3 I am getting this error ❌ error: Multiple commands produce 'app_dir/PrivacyInfo.xcprivacy';

how could I remove the key NSMotionUsageDescription? cause it leads some crash problem.But after I remove the key NSMotionUsageDescription, I submit to Apple Store connect,I will receive issue .TMS-90683: Missing purpose string in Info.plist - Your app’s code references one or more APIs that access sensitive user data, or the app has one or more entitlements that permit such access. The Info.plist file for the “ydbus.app” bundle should contain a NSMotionUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. If you’re using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. For details, visit: https://developer.apple.com/documentation/uikit/protecting_the_user_s_privacy/requesting_access_to_protected_resources. How could I solve the problem? I reviewed my project,I don't use the key NSMotionUsageDescription api.

Hello Apple Developer Community, I'm reaching out to seek clarification on a specific post in the forum, referenced here: https://developer.apple.com/forums/thread/743295 Lets say our current live App in App Store uses below mentioned third-party SDKs SDKs listed in commonly used SDKs: Firebase GoogleUtilities AppAuth RxSwift RxCocoa SDKs not listed in commonly used SDKs: SDK1 (uses required reason API) SDK2 (uses required reason API) SDK3 (uses required reason API) Note: All the above mentioned SDKs are already integrated in the current live app, not adding for the first time We are going to update our app soon (lets say after May 1, 2024) I have some questions: If I’m updating SDKs listed in commonly used SDKs and updating an old app that already includes these SDKs. Do I need to declare a privacy manifest file for these SDKs? If I’m not updating SDKs listed in commonly used SDKs and updating an old app that already includes these SDKs. Do i need to declare a privacy manifest file for these SDKs? If I’m updating SDKs not listed in commonly used SDKs and updating an old app that already includes these SDKs. Do I need to declare a privacy manifest file for these SDKs? If I’m not updating SDKs not listed in commonly used SDKs and updating an old app that already includes these SDKs. Do I need to declare a privacy manifest file for these SDKs?

Hi community: Is there any way to create a Privacy report from the command line? Thanks

Once I have the PDF generated by xcode: what exactly should I be doing with it?. Is there a place in Apple Connect where I should be uploading it?. If there's a place to upload it, will this mean that privacy manifest for our app will be updated by using this PDF? Do you have some documentation I can reference to where I can see the process of uploading this PDF? (not the process of how to create the xcprivacy file or how to add it to xcode nor all the properties that go in the plist file.)

in this weeks i received this error: ITMS-91055: Invalid API reason declaration - The PrivacyInfo.xcprivacy for the “VanigliaPro” file contains “App Functionality” as the value for a NSPrivacyAccessedAPITypeReasons key instead of a valid reason code for using an API in the NSPrivacyAccessedAPICategoryFileTimestamp category. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, values for NSPrivacyAccessedAPITypeReasons keys in your app’s privacy manifest must be valid reason codes for the corresponding API category. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. ITMS-91053: Missing API declaration - Your app’s code in the “xxxx” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. ITMS-91053: Missing API declaration - Your app’s code in the “xxxx” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. any help for make correct privacy file?

Hello, I have a problem. Our app is based on a set of javascript cross-platform development framework, which includes bridging and packaging of the Foundation Framework. This bridging and packaging itself does not make any API calls, but it contains almost all security APIs. This In this case, does this Framework, which is only used as a bridge, need to add a privacy manifest statement? But since it does not make any API calls, how should I fill in the content?

Hi Everybody, I would like to see the feature, that allows us to limit the access for selected apps to get access to our Contacts. Especially apps like WhatsApp cannot be trusted, in my opinion, so I would love to see the possibility to prevent, that they just analyse our full Contact book and sell the data. With a limited access feature, we can at least decide, which information we wanna share with suspicious companys. What do you think and how could we reach the developers attention to get this with the next major update. Greetings from Europe

Hi, I just received a new email from AppStore Review while submitting our app for review. This time I got informed, that I need to declare two NSPrivacyAccessedAPITypes: NSPrivacyAccessedAPICategorySystemBootTime and NSPrivacyAccessedAPICategoryFileTimestamp. I tried to find where we make use of APIs falling under these categories, but I couldn't find any in our app code. I searched within our SwiftPM checkout folder too, seeing if there is an SDK missing the PrivacyInfo.xcprivacy file itself or the required declaration, again no luck. In another thread is described how a link map could help to find the source of my problem, but this file doesn't help me at all. I can find occurrences of the API names as string, but not all of them are API calls (e.g. creationDate which is a custom property). So my question is now, how can I find the source of these warnings? I dislike the idea of blindly adding both declarations with all options on. Best, Thomas

I recently received a notification after my app submission, highlighting missing API declarations in accordance with the new privacy requirements. Following the guidelines, I already updated my pods, which now include their own privacy manifest files. However, I'm still facing issues as detailed in the attached communication from App Store Connect. Anyone know how to done this?

Our website supports Apple login, but after logging in, the server obtains the private mailbox of Apple users, but we found that sending emails to this private mailbox failed. The following is the response result I sent to the privacy mailbox using Google mailbox

We are using mach_absolute_time to determine the number of CPU cycles in our app, and from that, we are using it to seed a random number generator. From this random number generator, we are getting a series of random numbers and combining it with other random numbers from another generator not seeded via mach_abolute_time. This combined random number is being sent off device as a unique ID for authentication purposes. I've read through the required reasons for using this API, and I am not sure if it falls under the acceptable use cases. My gut-feeling is that it does not. The following reasons are what Apple lists as acceptable reasons for this API: 35F9.1 Declare this reason to access the system boot time in order to measure the amount of time that has elapsed between events that occurred within the app or to perform calculations to enable timers. Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception for information about the amount of time that has elapsed between events that occurred within the app, which may be sent off-device. 8FFB.1 Declare this reason to access the system boot time to calculate absolute timestamps for events that occurred within your app, such as events related to the UIKit or AVFAudio frameworks. Absolute timestamps for events that occurred within your app may be sent off-device. System boot time accessed for this reason, or any other information derived from system boot time, may not be sent off-device. 3D61.1 Declare this reason to include system boot time information in an optional bug report that the person using the device chooses to submit. The system boot time information must be prominently displayed to the person as part of the report. Information accessed for this reason, or any derived information, may be sent off-device only after the user affirmatively chooses to submit the specific bug report including system boot time information, and only for the purpose of investigating or responding to the bug report. Would anybody be able to confirm that this usage is allowed or if we will need to change it to be in accordance with Apple's new policies regarding the usage of this API? Thanks

How to handle libraries that are not explicitly added by me, but pulled by other SPMs that I use in my project? For example Firebase SPM pulls other packages like Abseil, nanopb etc. Do I need to handle those, and make sure they contain privacy manifests, or is Firebase package "responsible" for those?

When transferring an app from one team to another, Sign in with Apple users have to me carefuly migrated since their unique identifiers are team-scoped. To migrate users from Team A to Team B, a transient transfer identifier, aka transfer_sub, has to be generated by Team A before the transfer to prepare the app data, using specific migration endpoints provided by Apple. "Preparing the app data" means, for example, associate database entries to the transfer id instead of the team-specific id. One the app has been transferred, and during 60 days, Team B will find the transfer_sub in ID tokens issued by Apple Sign In, and thanks to this shared identifier they can retrieve the user data and associate it to their new unique identifier. So far so good ! Now, the question : if an app is transferred from Team A to Team B, and then, shortly thereafter (a few days later), from team B to team C, will the transfer_sub related to the B-C transfer be different ? Or will they remain the same as the ones issued for the A-B transfer ? (I'm asking this question in order to avoid the possible catastrophe of an ill-prepared double app transfer) Thank you !

We use few third party dependencies that declare API Reasons and we integrate those using SPM. Since SPM will statically link those dependencies in the main binary, we get a report from App Store that we need to declare those reasons in our Privacy manifest file. This is somewhat surprising since third party privacy manifest is bundled within our app, it is just independent of our app's main Privacy manifest file. Is there a way to aggregate all privacy manifest files, or does Apple plan to scan for all privacy manifest files in application bundle?

Hello. I'm having an issue using SPM to include a privacy manifest in my project. For example, if I use Alamofire 5.9.0 (with the PrivacyInfo.xcprivacy file) using SPM, I am continuously receiving the email saying ITMS-91053: Missing API declaration - System Boot Time when submitting an app for review. But use the same version of Alamofire using cocoapod(as a dynamic library), the PrivacyAccessedAPI issue will not occur. Is there any resolution for this problem? If I use a library using SPM, do I need to add the library's information in the main app's PrivacyInfo.xcprivacy file? Thank you.

Hello. I am having issue with the privacy warnings. Basically i am using react native without expo and i want to fix the warnings that are displayed via apple store connect. As per instruction, i created the PrivacyInfo.xcprivacy file, added my project as target and filled the rules out. After doing that, when i try to build i get errors: "Multiple commands produce '/Users//Library/Developer/Xcode/DerivedData/-fvniikaunkvfgngctvgfjncckcat/Build/Products/Debug-iphonesimulator/.app/PrivacyInfo.xcprivacy'" "Target '' (project '') has copy command from '/ios/PrivacyInfo.xcprivacy' to '/Users//Library/Developer/Xcode/DerivedData/-fvniikaunkvfgngctvgfjncckcat/Build/Products/Debug-iphonesimulator/.app/PrivacyInfo.xcprivacy'" "That command depends on command in Target (project ): script phase “[CP] Copy Pods Resources”". Some solutions suggested removing the PrivacyInfo from Copy Bundle resources. That way the build worked but the app store connect still gave warning. to me the issue seems to arise during copy pods resources, it wants to create the PrivacyInfo.xcprivacy file, but it already exists. Or maybe it its something else. Any help or direction is much obliged