How to declare Privacy manifest

It is stated that

From Fall 2023 you’ll receive an email from Apple if you upload an app to App Store Connect that uses required reason API without describing the reason in its privacy manifest file. From Spring 2024, apps that don’t describe their use of required reason API in their privacy manifest file won’t be accepted by App Store Connect.

There are some answers here : https://developer.apple.com/videos/play/wwdc2023/10060/ but far from answering all questions.

I have questions on how to implement:

  • Where exactly is the privacy manifest ? How to create it, from which file template in Xcode ? WWDC speaks of a PrivacyInfo.xcprivacy (does it require a more recent version of Xcode than 14.2).
  • WWDC describes a framework case. Is it the same for a "final" app ?
  • is there a specific format for describing the reason ? Or just plain text.
  • Is this text visible to the user or only to reviewer ?
  • does it apply retroactively to apps already in AppStore (do they need to be resubmitted ?). It seems not.

So I tried, in an iOS App, to declare the PrivacyInfo.xcprivacy as explained, with Xcode 14.2, using plist template, to no avail.

Really not clear on how to proceed or even start… We would need a clear step by step tutorial with all prerequisites (Xcode or MacOS versions needed for instance).

It's a file you add from Xcode. New / File / iOS / Resource / App Privacy. After that, you add to it like the below image. I'm using Xcode 15 beta 5 to do this. It's not available with current, non-beta version of Xcode.

Thanks for the info.

That means that it will be soon mandatory to use Xcode 15, probably MacOS 14, to submit app ?

Thanks SpaceMan. It would be really nice if Apple would document their sh*t. It took a really long time for me to find your message. I'm glad I wasn't searching before you posted your answer.

I think the message here is that one should wait until the last moment before conforming to Apple's new policies. Presumably, xcode 15 (where privacy is supported) will be in production release before they start cracking down on app privacy configurations.

Briefly XCode 15 will be mandatory by April 2024

There's a privacy manifest timeline at this video and also a lot of informationin this article

@SpaceMan

Is PrivacyInfo finished if it's included in the library??

Is it not necessary to have a specific directory structure??

Aha, hope the rules does not destroy a developer, I just think when a new app uploaded, let the reviewer think if it is ok for publishing, while not give such boring things to developer.

My main issue is what code is actually using the apis that Apple is complaining about. Eg, these are the ones in the email I received:

NSPrivacyAccessedAPICategoryDiskSpace
NSPrivacyAccessedAPICategoryFileTimestamp
NSPrivacyAccessedAPICategoryUserDefaults

Ok, the last one I understand. I am using UserDefaults. But I don't know who's using the first 2, although I might guess that it's also UserDefaults under the hood?

I created the file "PrivacyInfo.xcprivacy" and included it in my project with the keys that I was notified were required.

However, I get the same email complaining that these four entries are missing:

NSPrivacyAccessedAPICategoryDiskSpace
NSPrivacyAccessedAPICategoryFileTimestamp
NSPrivacyAccessedAPICategoryUserDefaults
NSPrivacyAccessedAPICategorySystemBootTime

Is there something else that's required for the newly added privacy manifest to be recognized during review? The file is currently located at the root directory of my project; next to the .xcodeproj file

I'm using XCode 15.2.0

I'm having trouble with NSPrivacyAccessedAPICategoryDiskSpace. NSPrivacyAccessedAPICategoryDiskSpace appears when I list the symbols in the compiled binary. My code uses NSFileManager to find and load resources, but it never checks the free space in the system or volume.

0000000000000000         *UND* _NSFileSize
0000000000000000         *UND* _NSFileSystemFreeSize
0000000000000000         *UND* _NSFileSystemSize

Even if I comment the NSFileMager code, just including the Foundation library leaves these symbols. Any ideas?

Any ideas?

See this thread:

https://developer.apple.com/forums/thread/748621

But to be honest you might as well save yourself the bother and just add one of the innocuous permitted reason codes.

I find the interface in Xcode to edit these .plist files really clunky (and the 'reasons' for using an API aren't up to date and also don't filter according to the API you've selected). I own an app development company and have to create like 50 of these in the next few weeks. So I built a form to generate them really quickly and have published it so anyone can use it:

https://wemakeapps.net/manifest-maker

Enjoy.

(PS Sorry it's not a real link, Apple won't let me)

That is a very nice tool and thank you for that! I beat my head against this issue for a couple of days... trying everything I could think of in the PrivacyInfo ... and lo and behold I was creating the plist correctly... but for some reason if you add the PrivacyINfo into your xCode project, unlike adding any other Swift file, it doesn't mark the PrivacyInfo file for Target Membership in your build. So as you continue to submit trying to figure out why you keep getting those emails from Apple ... this may be the reason. Check that the Target Membership was selected for this file in xCode...

I am new to coding so pardon my naivety. I made a simple app for my company where customers can place orders and leave their names and phones numbers. Upon placing an order the app creates a collection in Google Firebase then generates an email with some HTML code. My app does not use any API's directly, and I believe I received the warning email solely because of the Firebase SDK like many others. I updated my app with what I believe to be proper "declaration of the data collected by my app or by third-party SDKs" according to https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests - but I am wondering if I actually did it correctly. To the OP, thank you for addressing this issue and thank you SpaceMan for getting me started.

See Attached

How to declare Privacy manifest
 
 
Q