Privacy Manifest Warning Email is missing SDKs

We submitted an app to TestFlight and received the expected warning email. However, the email did not mention any of the SDK frameworks that were in the app. The email only mentioned the app itself and the app's extensions.

We expected to get warnings for our frameworks that used required reason APIs.

We also expected to get warnings for frameworks in the "list of commonly used third-party SDKs"

Why are the warnings not as expected?

Is this because Test Flight is not making the same kind of warning emails that will be created for the App Store?

Declaring privacy manifest has become a tiring affair. Instead apple should have worked on their over complicated app signin process to simplify it . As per answer for your query. You will have to submit app and see for warnings fix them for next submission and repeat the same. That's the only approach I am seeing as of now

  1. Did you add PrivacyInfo to the app??

  2. Is the API of the SDK that you didn't write the same as the API that you used in the app??

  3. Is the commonly used SDK in the list using the Required Reason API??

The email only mentioned the app itself and the app's extensions.

If your third party dependencies are statically linked to your app/extension targets (the default for most SPM packages, or when using linkage: :static in CocoaPods), you are probably seeing this because the contents of the third party code is embedded within you app/extension binary rather than embedded in the /Frameworks directory as it's own dynamic framework.

This results in the confusing warning message that makes it sound as if the usage exists within your own code.

I'd love for somebody to correct me, but I think that the only solution today is for you crawl through the PrivacyManifest.xcprivacy file for each of your third party dependencies and to copy the required API usages into your own PrivacyManifest.xcprivacy files in your app and extension targets.

If this sounds frustrating to you, please consider submitting a feedback to Apple as well. If you are not sure what to write, I have a template and instructions here: https://liamnichols.eu/2024/03/22/privacy-manifests.html.

Hey @SlippedCognitive , I've been having the same issue.

If you are to take things literally, Apple has said "Starting in spring 2024, you must include the privacy manifest for any SDK listed below when you submit new apps in App Store Connect that include those SDKs, or when you submit an app update that adds one of the listed SDKs as part of the update."

So, in other words, if your app already included those "commonly used third-party SDKs" before Spring 2024, you should be fine.

You dont have to believe me but it seems that Unity is saying the same thing to their users, see "What does this mean for updates of already published apps?" section on their forums, im not allowed to link it here.

As for your own frameworks that you have embedded inside your app, if they are statically linked and they use an API that is not used in your app, you have to have a privacy manifest or you'll get a warning. Otherwise, for dynamically linked and embedded frameworks, it does seem like Apple doesnt care about those atm but i cant find any confirmation for that to be the case. Seems Apple is purposely vague with their statements.

Privacy Manifest Warning Email is missing SDKs
 
 
Q