An ITMS-91061: Missing privacy manifest rejection email looks as follows: ITMS-91061: Missing privacy manifest- Your app includes "<path/to/SDK>", which includes , an SDK that was identified in the documentation as a privacy-impacting third-party SDK. Starting February 12, 2025, if a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: https://developer.apple.com/support/third-party-SDK-requirements. Glossary ITMS-91061: Missing privacy manifest: An email that includes the name and path of privacy-impacting SDK(s) with no privacy manifest files in your app bundle. For more information, see https://developer.apple.com/support/third-party-SDK-requirements. : The specified privacy-impacting SDK that doesn't include a privacy manifest file. If you are the developer of the rejected app, gather the name of the SDK from the email you received from Apple, then contact the SDK's provider for an updated version that includes a valid privacy manifest. After receiving an updated version of the SDK, verify the SDK includes a valid privacy manifest file at the expected location. For more information, see Adding a privacy manifest to your app or third-party SDK. If your app includes a privacy manifest file, make sure the file only describes the privacy practices of your app. Do not add the privacy practices of the SDK to your app's privacy manifest. If the email lists multiple SDKs, repeat the above process for all of them. If you are the developer of an SDK listed in the email, publish an updated version of your SDK that includes a privacy manifest file with valid keys and values. Every privacy-impacting SDK must contain a privacy manifest file that only describes its privacy practices. To learn how to add a valid privacy manifest to your SDK, see the Additional resources section below. Additional resources Privacy manifest files Describing data use in privacy manifests Describing use of required reason API Adding a privacy manifest to your app or third-party SDK TN3182: Adding privacy tracking keys to your privacy manifest TN3183: Adding required reason API entries to your privacy manifest TN3184: Adding data collection details to your privacy manifest TN3181: Debugging an invalid privacy manifest

General: Forums topic: Privacy & Security Forums tag: Privacy Developer > Security — This also covers privacy topics. App privacy details on the App Store UIKit > Protecting the User’s Privacy documentation Bundle Resources > Privacy manifest files documentation TN3181 Debugging an invalid privacy manifest technote TN3182 Adding privacy tracking keys to your privacy manifest technote TN3183 Adding required reason API entries to your privacy manifest technote TN3184 Adding data collection details to your privacy manifest technote TN3179 Understanding local network privacy technote Handling ITMS-91061: Missing privacy manifest forums post Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Apps that try to access the contents of the pasteboard cause a system prompt to appear asking the user "AppName" would like to paste from "OtherAppName" Do you want to allow this? Don't Allow Paste Allow Paste This prompt does not appear if you implement a UIPasteControl and the user taps it to signal intent to paste, but this control cannot be placed into a UIMenu. I read this could be achieved with UIAction.Identifiers like .paste or .newFromPasteboard but the prompt still appears with the following code. What's the trick? override func viewDidLoad() { super.viewDidLoad() title = "TestPaste" view.backgroundColor = .systemBackground let imageView = UIImageView() imageView.translatesAutoresizingMaskIntoConstraints = false imageView.contentMode = .scaleAspectFit imageView.clipsToBounds = true view.addSubview(imageView) NSLayoutConstraint.activate([ imageView.topAnchor.constraint(equalTo: view.topAnchor), imageView.leadingAnchor.constraint(equalTo: view.leadingAnchor), imageView.trailingAnchor.constraint(equalTo: view.trailingAnchor), imageView.bottomAnchor.constraint(equalTo: view.bottomAnchor) ]) navigationItem.rightBarButtonItem = UIBarButtonItem(title: "Add", image: UIImage(systemName: "plus"), menu: UIMenu(children: [ UIAction(identifier: .paste) { _ in imageView.image = UIPasteboard.general.image } ])) }

We use TeamCity as our Continuous Integration (CI) solution to build and run automated tests. These are integration tests executed through our 4D application, which is properly code‑signed and notarized. These CI machines are heavily used and build multiple versions per day, making them critical to our development workflow. However, we are experiencing an issue on some machines: after a certain period of time, network communication through our application stops working, while network communication remains fully functional when using third‑party tools (for example, LDAP clients). Based on our investigation, this issue appears to be related to Local Network Privacy management. We have followed the procedure described in Apple’s Technical Note: TN3179: Understanding local network privacy | Apple Developer Documentation to reset network authorizations, but this has not been sufficient to resolve the issue. In addition, our CI environment requires acknowledging a large number of Local Network access permission prompts. Given that these machines build multiple versions per day and are intended to run unattended, this is not practical in an automated CI context. We have around ten Macs dedicated to running these tests, and manually approving these pop‑ups is not a viable solution.

Dear TestFlight Team! I am observing an increasing misuse of TestFlight public and private invites to distribute scam, spam, and potentially malicious builds: I had reported this already in December last year via Feedback assistant, but since the malicious behavior has not stopped, I hope that you can forward my bug reports to the right team: FB21379977, FB21845307 In multiple cases, these builds impersonate well-known apps (e.g. ChatGPT, OpenAI, Meta) by changing the app name and icon after an initial TestFlight approval, misleading users into installing software from unrelated developer accounts. I believe this represents a systemic weakness in the TestFlight review and update flow, enabling targeted phishing or malware distribution outside the App Store review process. My bug reports have attached: TestFlight invitation emails (.eml) Screenshots from TestFlight documenting impersonation behavior ⸻ Steps to reproduce Create a new Apple Developer account. Upload an initial, benign app (e.g. a calculator) as version 1.0.0 and obtain TestFlight approval. Upload a second build: without changing the version number increase build number Change the app name to a well-known product (e.g. “ChatGPT”) Change the app icon to match the impersonated product Invite targeted email addresses to the TestFlight group. Recipients receive an official TestFlight invite and are prompted to install the impersonating app. ⸻ Expected results TestFlight builds that significantly change app identity (name, icon, branding) should: Require additional review, or Be blocked from distribution without re-approval. Developer accounts should not be able to impersonate well-known companies (e.g. “OpenAI Platforms LLC”) without verification. Users should be protected from installing TestFlight builds that materially differ from what was originally reviewed. ⸻ Actual results App name and icon can be changed between TestFlight builds without triggering additional review. TestFlight invites can convincingly impersonate trusted brands. Targeted users may reasonably believe they are installing a legitimate beta. This creates a credible vector for: Phishing (credentials, payment details) Data exfiltration Social engineering attacks I did not install the builds to avoid personal risk, but the attached artifacts should allow Apple’s internal teams to reproduce and analyze the behavior safely. Some more examples:

I was planning to add the Facebook SDK in one of the releases, and I had everything prepared (including changing the privacy policy to state that my app tracks users for advertising). I changed the privacy policy in the App Store connect, thinking that this wouldn't take effect until I sent the app to review. However, after careful consideration, I decided not to move on with the Facebook SDK. My app does not currently track users for advertising. Even though I sent a new release (UI improvements only), I still can't change the privacy policy to remove that my app "tracks" the user. I read multiple posts with people facing similar issues. For my binary, I have: No PrivacyInfo.xcprivacy file NSUserTrackingUsageDescription in Info.plist No tracking declarations in my app configuration I contacted support, and I was redirected here. My case number is 102778907920

Dear Screen Time Team! The Screen Time passcode can be brute-forced without rate limiting by repeatedly attempting guesses through the "Erase All Content and Settings" flow. This allows unlimited passcode attempts with no delay, lockout, or escalation, effectively defeating the purpose of the Screen Time passcode as a parental control mechanism. Impact: Children can bypass Screen Time protections by guessing the passcode No rate limiting enables trivial brute-force attacks (especially for 4-digit codes) Undermines trust in Screen Time as a parental control system Creates real-world safety risks for families relying on Screen Time restrictions Publicly shared methods (e.g. on TikTok) increase likelihood of widespread abuse Steps to Reproduce: Enable Screen Time and set a passcode Open Settings → General → Transfer or Reset iPhone → Erase All Content and Settings When prompted for the Screen Time passcode, enter an incorrect code Repeat the process with different guesses Expected Result: After a small number of incorrect attempts, the system should: enforce exponential backoff delays, or temporarily lock further attempts, or require Apple ID authentication Attempts should be rate-limited across system flows Actual Result: Unlimited passcode attempts are allowed No delay, lockout, or penalty is applied Enables rapid brute-force guessing of the Screen Time passcode Notes: This appears to bypass standard passcode protections that exist in other parts of iOS The issue is especially severe for 4-digit Screen Time passcodes (10,000 combinations) The attack surface is exposed through a system-level reset flow Suggested Fix: Introduce global rate limiting for Screen Time passcode attempts across all entry points Apply exponential backoff after failed attempts Require Apple ID authentication after multiple failures Consider enforcing 6-digit minimum passcodes for Screen Time Log and unify attempt counters across system components Severity: Critical (Security vulnerability enabling brute-force of parental control passcode) See TikTok: https://www.tiktok.com/@aldanaisthebest12170/video/7615053429500644621 Feedback request: FB22263276 – Frederik (one sec app)

Hi, we have an app which used DeviceID to track users. We had implemented ATT and setup our privacy declaration in ASC accordingly. Now in our new version we decided to not track users anymore. We removed NSUserTrackingUsageDescription, removed ATT permission code and submitted the new version. Now, reviewer has complained that our privacy declaration in ASC still says we are tracking users and refused app acceptance. They told us to update the privacy declaration in ASC. We tried to do so, but ASC does not allow us to remove device ID tracking. It is showing a warning that our app still uses NSUserTrackingUsageDescription and in fact that is true for the production version. We are now in a chicken egg problem. We can't change our privacy declaration in ASC because the production version still uses the feature AND we do not get the new version accepted as long as our privacy declaration is not changed. How can we fix that ? Pls advise !

I am doing my app for review to publish for the first time, and I did multiple fixes. I lastly got a generic response for the fixes already done. Now unable to figure out what exactly to fix. Can any help be provided by the reply below I received [Apple Reply] Guidelines 5.1.1(i) - Legal - Privacy - Data Collection and 5.1.2(i) - Legal - Privacy - Data Use Issue Description The app appears to share the user’s personal data with a third-party AI service but the app still does not clearly explain what data is sent, identify who the data is sent to, and ask the user’s permission before sharing the data. Apps may only use, transmit, or share personal data after they meet all of the following requirements: Disclose what data will be sent Specify who the data is sent to Obtain the user’s permission before sending data Identify in the privacy policy what data the app collects, how it collects that data, all uses of that data, and confirm any third party the app shares data with provides the same or equal protection Next Steps If the app sends user data to a third-party AI service, revise the app to explain what data is sent, identify who the data is sent to, and ask the user’s permission before sharing personal data with a third-party AI service. If it does not already, the app’s privacy policy must also identify what data the app collects, how it collects that data, and all uses of that data, including if it is shared with a third-party AI service. Note that only including this information in the app's Terms of Service or Privacy Policy is not sufficient. If the app does not send user data to a third-party AI service or does not include a third-party AI service, reply to this rejection to confirm and add this information to the App Review Information section of App Store Connect.

in iOS26.4, after installing the app for the first time, opening the app and clicking on the UITextField input box will trigger the system to pop up the network permission application interface. This issue did not exist before iOS 26.3, only in iOS 26.4. This is a fatal bug where the network permission request box should not pop up when the developer has not called the network related API.

We’re having an iPad issue accessing the local network with iPadOS 26.3. We have an automation system that tests our app on an iPad using accessibility tags. the XCTest test code sends messages from the iPad via TCP/IP to setup external test equipment. The messages abruptly stopped transmitting across the iPad blood-brain barrier with iPadOS 26.3 (26.2.1 and earlier works fine). The technique that worked involved installing a helper app with the same bundleID as our app, allowing the helper app to access the network, and when our app runs it has network access through the helper. It’s clever and kludgey. Forums that we referenced in the past: https://developer.apple.com/forums/thread/663858 TN3179: Understanding local network privacy | Apple Developer Documentation I suspect that something was changed in 26.3 that closed our window. I need two things: ID what is different in 26.3 and fix the automation system. If there’s a new way for XCUITest code to access the local network I’m happy to try it out.

Hi, We’re building an iOS app that uses the Screen Time APIs (FamilyControls and DeviceActivity) to display a user’s own usage metrics inside the app. With the appropriate permissions granted, we are successfully reading and presenting metrics such as: Total screen time Device pickups These metrics are already visible to the user inside our app. We would now like to introduce a user-initiated “Share” feature. The idea is to: Render selected Screen Time metrics into a shareable image card generated locally on device. Present the standard iOS share sheet (UIActivityViewController). Allow the user to share that image to Messages, social apps, etc., if they choose. Important clarifications: This is fully user-initiated. The app does not automatically transmit Screen Time data. The metrics are already displayed in-app with user permission. The share asset would be generated locally. No background export or server-side posting would occur unless explicitly triggered by the user via the share sheet. We are seeking clarification on whether there are any policy or API restrictions around: Rendering Screen Time-derived metrics into a user-facing share card Allowing user-initiated export of those metrics via the standard iOS share flow Are there any additional privacy requirements, entitlement constraints, or App Review considerations we should be aware of when implementing this? Thanks in advance for any guidance.

Summary I'm implementing NEURLFilter with the com.apple.developer.networking.networkextension.url-filter-provider entitlement for a system-wide URL filtering feature. The feature works perfectly in development-signed builds (connecting successfully to my PIR server over extended testing) but every production-signed build fails before any network call is made. NEURLFilterManager reports .serverSetupIncomplete (code 9). After installing the NetworkExtension debug profile, the unredacted com.apple.CipherML logs reveal the cause: no privacy proxy is provisioned for this bundle identifier, and the connection is configured proxy fail closed. Environment iOS 26 Entitlement: com.apple.developer.networking.networkextension.url-filter-provider Extension point: com.apple.networkextension.url-filter-control PIR server configured via NEURLFilterManager.setConfiguration(...) Privacy Pass issuer configured Dev-signed builds: working correctly, connecting to the PIR server Production-signed builds (both TestFlight and distribution): failing identically The Error Chain Surfaced to the app via NEURLFilterManager.lastDisconnectError: NEURLFilterManager.Error.serverSetupIncomplete (code 9) ← NEAgentURLFilterErrorDomain Code 3 ← com.apple.CipherML Code 1100 "Unable to query status" ← com.apple.CipherML Code 1800 (error details were logged and redacted) After installing the VPN (NetworkExtension) debug profile, the unredacted com.apple.CipherML subsystem shows: queryStatus(for:options:) threw an error: Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." UserInfo={ _NSURLErrorNWPathKey = satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, uses wifi, LQM: good, NSErrorFailingURLKey = https://<my-pir-server>/config, NSUnderlyingError = { Error Domain=NSPOSIXErrorDomain Code=50 "Network is down" }, _NSURLErrorPrivacyProxyFailureKey = true, NSLocalizedDescription = "The Internet connection appears to be offline." } The critical diagnostic line in the com.apple.network subsystem is: nw_endpoint_proxy_handler_should_use_proxy Proxies not present, but required to fail closed And the connection setup shows the proxy fail closed flag is mandatory for the connection: [C... ... Hostname#...:443 quic, bundle id: <my-bundle-id>, attribution: developer, using ephemeral configuration, context: NWURLSession (sensitive), proxy fail closed] start The network path itself is healthy (Wi-Fi good, DNS resolves correctly), but the connection is explicitly configured to fail closed if no proxy is present, and no proxy is provisioned for this bundle identifier. The entire failure happens in approximately 18 ms, far too fast for any network round-trip, confirming no traffic ever leaves the device. What I've Verified The entitlement is present in the distribution build The NEURLFilterControlProvider extension loads and returns a valid Bloom filter prefilter (with a tag that round-trips correctly between extension and framework) NEURLFilterManager.setConfiguration(pirServerURL:pirPrivacyPassIssuerURL:pirAuthenticationToken:controlProviderBundleIdentifier:) accepts all four parameters without error Development-signed builds of the same bundle identifier connect successfully to the same PIR server On production-signed builds, zero requests reach the PIR server — failure is purely client-side, before any network activity The Question How does the OHTTP privacy proxy get provisioned for a bundle identifier so that production builds can successfully use NEURLFilter? Specifically: Is there a Capability Request form I need to submit for url-filter-provider? I cannot find one in the Capability Requests section of my developer portal. Should I be running my own OHTTP gateway (for example using swift-nio-oblivious-http), and if so, does Apple then need to provision routing from their OHTTP relay to my gateway URL? Is the OHTTP relay path meant to be automatic once the entitlement is active, and if so, is there a specific activation step I'm missing? Is there any way to verify the current provisioning state for a specific bundle identifier from the developer portal? I can provide the full sysdiagnose and unredacted bundle/server details privately to an Apple engineer if that would help diagnose. I'd prefer to keep them out of a public post. Thanks!

I need to bring attention to a very suspicious "copycat" incident that suggests a potential metadata scraping issue. I submitted my original sports insights app, KickPick, for review on April 2nd, 2024. To my shock, I discovered a competitor app already live on the store with same app name and nearly identical app information (descriptions, metadata) and a very similar UI structure. Domain Registration: The infringing developer registered their website domain on the exact same day I submitted my app for review (April 2nd). This is not a coincidence; it points to automated monitoring or scraping of new submissions/metadata. Plagiarized Legal Assets: While the UI has some variations, they have copied my Privacy Policy and Terms of Service verbatim. These documents were custom-written for my specific project logic, yet they appear on their site with only the company name changed. App Information: The app descriptions and store metadata are almost identical to what I provided in my pending submission. It is highly concerning that an original creator's work, is being "front-run" by a low-effort clone that appears on the store exactly when the original is submitted. I have filed a formal Rights Infringement report, but I want to ask the community: Has anyone else noticed clones popping up with domains registered on their exact submission date?

Problem description Since macOS Sequoia, our users have experienced issues with multicast traffic in our macOS app. Regularly, the app starts but cannot receive multicast, or multicast eventually stops mid-execution. The app sometimes asks again for Local Network permission, while it was already allowed so. Several versions of our app on a single machine are sometimes (but not always) shown as different instances in the System Settings > Privacy & Security > Local Network list. And when several instances are shown in that list, disabling one disables all of them, but it does not actually forbids the app from receiving multicast traffic. All of those issues are experienced by an increasing number of users after they update their system from macOS 14 to macOS 15 or 26, and many of them have reported networking issues during production-critical moments. We haven't been able to find the root cause of those issues, so we built a simple test app, called "FM Mac App Test", that can reproduce multicast issues. This app creates a GCDAsyncUdpSocket socket to receive multicast packets from a piece of hardware we also develop, and displays a simple UI showing if such packets are received. The app is entitled with "Custom Network Protocol", is built against x86_64 and arm64, and is archived (signed and notarized). We can share the source code if requested. Out of the many issues our main app exhibits, the test app showcases some: The app asks several times for Local Network permission, even after being allowed so previously. After allowing the app's Local Network and rebooting the machine, the System Settings > Privacy & Security > Local Network does not show the app, and the app asks again for Local Network access. The app shows a different Local Network Usage Description than in the project's plist. Several versions of the app appear as different instances in the Privacy list, and behave strangely. Toggling on or off one instance toggles the others. Only one version of the app seems affected by the setting, the other versions always seem to have access to Local Network even when the toggle is set to off. We even did see messages from different app versions in different user accounts. This seems to contradicts Apple's documentation that states user accounts have independent Privacy settings. Can you help us understand what we are missing (in terms of build settings, entitlements, proper archiving...) so our app conforms to what macOS expects for proper Local Network behavior? Related material Local Network Privacy breaks Application: this issue seemed related to ours, but the fix was to ensure different versions of the app have different UUIDs. We ensured that ourselves, to no improvement. Local Network FAQ Technote TN3179 Steps to Reproduce Test App is developed on Xcode 15.4 (15F31d) on macOS 14.5 (23F79), and runs on macOS 26.0.1 (25A362). We can share the source code if requested. On a clean install of macOS Tahoe (our test setup used macOS 26.0.1 on a Mac mini M2 8GB), we upload the app (version 5.1). We run the app, make sure the selected NIC is the proper one, and open the multicast socket. The app asks us to allow Local Network, we allow it. The alert shows a different Local Network Usage Description than the one we set in our project's plist. The app properly shows packets are received from the console on our LAN. We check the list in System Settings > Privacy & Security > Local Network, it includes our app properly allowed. We then reboot the machine. After reboot, the same list does not show the app anymore. We run the app, it asks again about Local Network access (still with incorrect Usage Description). We allow it again, but no console packet is received yet. Only after closing and reopening the socket are the console packets received. After a 2nd reboot, the System Settings > Privacy & Security > Local Network list shows correctly the app. The app seems to now run fine. We then upload an updated version of the same app (5.2), also built and notarized. The 2nd version is simulating when we send different versions of our main app to our users. The updated version has a different UUID than the 1st version. The updated version also asks for Local Network access, this time with proper Usage Description. A 3rd updated version of the app (5.3, also with unique UUID) behaves the same. The System Settings > Privacy & Security > Local Network list shows three instances of the app. We toggle off one of the app, all of them toggle off. The 1st version of the app (5.1) does not have local network access anymore, but both 2nd and 3rd versions do, while their toggle button seems off. We toggle on one of the app, all of them toggle on. All 3 versions have local network access.

Background We are investigating Safari’s Prevent Cross‑Site Tracking feature (part of Intelligent Tracking Prevention / Link Tracking Protection) on iOS and macOS (latest versions). We fully understand and respect Safari’s privacy objectives and are not requesting any whitelisting or relaxation of protections. Our goal is to understand how Safari determines when and where query parameter stripping is applied, so we can design a compliant and predictable implementation. Based on public WebKit and privacy documentation, it is understood that Safari’s tracking prevention behavior may be influenced by: Tracker classification sources such as: DuckDuckGo Tracker Radar https://github.com/duckduckgo/tracker-radar EasyList / EasyPrivacy https://easylist.to/easylist/easyprivacy.txt WebKit privacy architecture and heuristics, including behavior described in: WebKit “Private Browsing 2.0” / Link Tracking Protection documentation https://webkit.org/blog/15697/private-browsing-2-0/ Request for Guidance To help us align fully with Safari’s privacy model, we respectfully request guidance on: How Safari determines, at a domain or subdomain level, when to apply query parameter stripping under Prevent Cross‑Site Tracking. Whether evaluation may be influenced by: Tracker classification sources (e.g., domain reputation or known tracking endpoints) Runtime network behavior (such as cross‑site analytics requests) Subdomain‑specific context or historical behavior Whether Prevent Cross‑Site Tracking is evaluated: Per navigation event Per domain or subdomain Based on cumulative or runtime signals Whether Apple recommends specific design patterns or alternatives for handling essential, non‑tracking URL data in a way that is compatible with Safari’s privacy protections. Our objective is to design a solution that respects Safari’s intent and avoids reliance on fragile or unpredictable URL‑based behavior.

Hi everyone. Since the update to iOS 26, we are no longer able to tap the person's name and view the certificate of a signed email and choose to install the certificate or remove it. This has always worked just fine but seems to be broken on iOS 26 and I have verified that it does not work on iOS 26.1 beta as well. The part that is strange is it does work just fine on an iPad running iPad OS 26. This makes it impossible to send encrypted emails to someone via the mail app on an iPhone. I have found a temporary workaround which is to install Outlook for iOS and install the certificates through that app which then allows me to send encrypted emails via Outlook. This appears to be a bug just with the iPhone as I have also seen a few other people online talking about the same problem. Has anyone found a solution to this?

Thank you for submitting an update to the app, Macy's: Online Shopping & Save, for review. We noticed some issues that require your attention. Please see below for additional information. If you have any questions, we are here to help. Reply to this message in App Store Connect and let us know. Review Environment Submission ID: d429df7a-35c1-4b8f-a85f-c0cce2dcd376 Review date: March 26, 2026 Review Device: iPhone 17 Pro Max Version reviewed: 2603.4.0 Guideline 5.1.2(iii) - Legal - Privacy - Data Use and Sharing Issue Description The app includes fingerprinting functionality that is designed to identify the user or device. Specifically, the app aggregates user and device data to track the user, either directly or indirectly using probabilistic methods. This functionality is found in services or code included in the app, such as AppsFlyer. Apps that fingerprint users or devices are not appropriate. Per section 3.3.9 of the Apple Developer Program License Agreement, neither you nor the app may derive data from a device in order to uniquely identify it. Next Steps Follow these steps to resolve this issue: Identify the fingerprinting functionality in the app. Some or all of this functionality may be provided by third-party SDKs. If you have questions about these SDKs, contact the SDK provider. Remove any functionality from the app that uses algorithmically converted device and usage data to identify the user or device. You should remove any related code or implemented SDKs that support fingerprinting. Since fingerprinting is never appropriate, requesting the user's permission to track them or disclosing fingerprinting activity in a privacy policy will not resolve this issue.

Hi there, We have been trying to set up URL filtering for our app but have run into a wall with generating the bloom filter. Firstly, some context about our set up: OHTTP handlers Uses pre-warmed lambdas to expose the gateway and the configs endpoints using the javascript libary referenced here - https://developers.cloudflare.com/privacy-gateway/get-started/#resources Status = untested We have not yet got access to Apples relay servers PIR service We run the PIR service through AWS ECS behind an ALB The container clones the following repo https://github.com/apple/swift-homomorphic-encryption, outside of config changes, we do not have any custom functionality Status = working From the logs, everything seems to be working here because it is responding to queries when they are sent, and never blocking anything it shouldn’t Bloom filter generation We generate a bloom filter from the following url list: https://example.com http://example.com example.com Then we put the result into the url filtering example application from here - https://developer.apple.com/documentation/networkextension/filtering-traffic-by-url The info generated from the above URLs is: { "bits": 44, "hashes": 11, "seed": 2538058380, "content": "m+yLyZ4O" } Status = broken We think this is broken because we are getting requests to our PIR server for every single website we visit We would have expected to only receive requests to the PIR server when going to example.com because it’s in our block list It’s possible that behind the scenes Apple runs sporadically makes requests regardless of the bloom filter result, but that isn’t what we’d expect We are generating our bloom filter in the following way: We double hash the URL using fnv1a for the first, and murmurhash3 for the second hashTwice(value: any, seed?: any): any { return { first: Number(fnv1a(value, { size: 32 })), second: murmurhash3(value, seed), }; } We calculate the index positions from the following function/formula , as seen in https://github.com/ameshkov/swift-bloom/blob/master/Sources/BloomFilter/BloomFilter.swift#L96 doubleHashing(n: number, hashA: number, hashB: number, size: number): number { return Math.abs((hashA + n * hashB) % size); } Questions: What hashing algorithms are used and can you link an implementation that you know is compatible with Apple’s? How are the index positions calculated from the iteration number, the size, and the hash results? There was mention of a tool for generating a bloom filter that could be used for Apple’s URL filtering implementation, when can we expect the release of this tool?

Hello, sorry for the awkward text formatting but I kept getting prevented from positing due to "sensitive language"... Help.txt

I have the issues in this particular guideline: Issue Description We noticed that the app requires users to register with personal information to purchase In-App Purchase products that are not account based. Apps cannot require user registration prior to allowing access to app content and features that are not associated specifically to the user. User registration that requires the sharing of personal information must be optional or tied to account-specific functionality. Next Steps To resolve this issue, please revise the app to not require users to register before purchasing In-App Purchase products that are not account based. You may explain to the user that registering will enable them to access the purchased content from any of their supported devices and provide them a way to register at any time, if they wish to later extend access to additional devices. Please note that although guideline 5.1.1 requires an app to make subscription content available to all the supported devices owned by a single user, it is not appropriate to force user registration to meet this requirement; such user registration must be optional. For this issue, I have revised my app accordingly many times, but it still get rejected even though I believe that I have revised my app accordingly. My app name is Wallpaperlogoart and my app ID