Feature-rich products like Firebase offer a lot of features, but don't use all of them. For example, Firebase Analytics may or may not use a user id. Do I need to include all the features of firebase analytics in my privacy manifest just because I've included firebase analytics in my app, even if I don't use it?

Apple requires declaring the use of UserDefaults in both the App and third-party libraries in the PrivacyInfo. However, I also utilize UserDefaults in the Notification Service Extension. Should I treat the Extension as part of the App and only declare it within the App project? Or do I need to separately declare it for the Extension as well?

Apple will enforce Privacy Manifest starting this spring. Apple said it would inform you through e-mail before then. I think a lot of developers should have already received mail. But it's harder to find mail-related content than I thought. Has anyone received an email? If so, what is it about??

I'm developing a (XC) 3rd party framework, but the framework doesn't use any privacy access API as listed in listed in this document. Do I still need to include the PrivacyManifest.xcprivacy file which will have empty content into the framework?

Hi, I uploaded my app to the app store but Apple rejected it and gave me the following reason for rejection. I don't know how to fix it because url for policy of privacy is working and show information. Please guide me for this how can I resolve it and re upload my app. Thank You Guideline 1.5 - Safety - Developer Information The support URL specified in your app’s metadata, https://www.doclinkapp.net/privacypolicy, does not properly navigate to the intended destination. Next Steps To resolve this issue, please revise your app’s support URL to ensure it directs users to a webpage with support information.

Relevant background: WWDC23: Get started with privacy manifests WWDC23: Verify app dependencies with digital signatures Upcoming third-party SDK requirements Many of the SDKs that will require privacy manifests and signatures are distributed as source and integrated via Swift Package Manager. I recently studied the progress made by ~10 of the listed SDKs and it seems like there's a growing consensus that the solution to including a privacy manifest when distributing via source is to list the manifest as a bundled resource. However, I've seen little discussion of the signing requirement. This is understandable since, as the forum post Digital signatures available for Swift Packages? points out, the dependency signing talk was focused on binaries. Yet, I'm curious whether signing of some kind will actually be required for SDKs distributed as source (e.g. to enable validating the authenticity of the privacy manifest). Clarification on this point would help tremendously as we work to ensure we'll be compliant as soon as the new requirement begins to be enforced.

In my project, I am using a third-party SDK called "SwiftyJSON" which is not maintained or updated since April 2019. So in such cases where the third-party SDKs are not updated with a PrivacyInfo.xcprivacy will it affect the app release in Appstore or in such cases is there any way to bypass non-maintained SDK?

Hello, I have questions regarding the Privacy Manifest compliance, If I am using an third party SDK's, listed in the document should have their own manifest file? Or in our app manifest we can include the details collected by the SDK's if the SDK's doen't have their manifest file? Do we have any other options if the listed SDK's doesn't conatins the manifest file, can handle with our application manifest? Thanks!

Our company has a library that can be used internally. This is being used as a .a file. The languages are in C and C++. C code contains stat. Is this the same stat as Apple refers to?? How do you solve this??

Are a privacy manifest and signature required for any SDKs other than those listed on the following page? https://developer.apple.com/jp/support/third-party-SDK-requirements/ We integrate the LINE SDK for Unity (https://developers.line.biz/ja/docs/line-login-sdks/unity-sdk/overview/) in our apps. LINE SDK for Unity uses an API corresponding to the Required Reason API on the following page. https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api Can you please let us know whether a privacy manifest and signature are required for this third-party SDK as well? Thank you in advance for your attention to this matter.

Hi Team, 

I am developing a sample authPluggin which should connect to a mobile app via bluetooth connection, 
So here are the scenario

 Authplugin with Bluetooth connection shoould work on lockscreen+login 

I have created mechanism- prepared:privillaged, main, clean:Privilaged Calling corebluetoothmanager initiation at the time of prepared:privilaged mechanism I have to add my auth plugin’s mechanism before loginwindow:success mechanism

 But I always gets unauthorized = 3, from power state of bluetooth

 Note: With App, bluetooth connection is working fine, Its giving error with authPlugin How to achieve my ultimate goal, is this the right way?

Our application uses Disk Space API, specifically volumeAvailableCapacityForImportantUsageKey to determine the available free space on the device. However, we are facing challenges in understanding the reasoning criteria that an application needs to satisfy to use this API effectively. As part of our application requirement, we present an information modal to the user when disk space is low. Additionally, we log available disk space information and upload the logs to the cloud under certain conditions. We initially thought that E174.1 from the Privacy Manifest Files documentation fits our purpose. However, we are concerned about potentially violating the guideline: "Information accessed for this reason, or any derived information, may not be sent off-device." Could someone please provide additional clarity on how to navigate this fine line and ensure that our application aligns with the recommended practices and guidelines while handling disk space-related functionality? Thank you in advance for any insights or guidance you can provide! NOTE: We upload the logs to our server for troubleshooting and it may happen without user knowledge. Logs are encrypted and may contain the disk free space information

For example my app is using Firebase and Alamofire. Still I could find the Manifest files for the above SDKs. What would be impact on app if the above api's is not updated with their Manifests.

We develop SDKs that are distributed as XCFramework to our clients. We seek clarification regarding the necessity of attaching a Privacy Manifest, especially in instances where our SDK does not interact with data that would typically be covered under such a manifest. Additionally, in the scenario where our SDK's primary function is the transmission and reception of data, which may potentially include personal data, are we required to declare in the Privacy Manifest that we handle personal information? This query persists even when all personal data processing is executed on the server side. From our current understanding, based on the information available at https://developer.apple.com/support/third-party-SDK-requirements/, it appears that SDKs are only obligated to have a signature, and incorporating a Privacy Manifest may not be compulsory. We would appreciate further insight or confirmation on this matter.

Hi, we have an app which used DeviceID to track users. We had implemented ATT and setup our privacy declaration in ASC accordingly. Now in our new version we decided to not track users anymore. We removed NSUserTrackingUsageDescription, removed ATT permission code and submitted the new version. Now, reviewer has complained that our privacy declaration in ASC still says we are tracking users and refused app acceptance. They told us to update the privacy declaration in ASC. We tried to do so, but ASC does not allow us to remove device ID tracking. It is showing a warning that our app still uses NSUserTrackingUsageDescription and in fact that is true for the production version. We are now in a chicken egg problem. We can't change our privacy declaration in ASC because the production version still uses the feature AND we do not get the new version accepted as long as our privacy declaration is not changed. How can we fix that ? Pls advise !

MacOS Sonoma Version 14.2.1 I am running a python script via crontab, and the script runs, but I get an error when trying to iterate the ~/.Trash directory: PermissionError: [Errno 1] Operation not permitted: '/Users/me/.Trash' I have enabled full disk access for: /usr/sbin/cron, /usr/bin/crontab, and terminal.app, but still have the same problem. If I run the script directly, it works fine, but when cron runs it, I get the error above. ~/.Trash is the only directory that I've found to have problems with. I've tried both using absolute path and relative to my home directory . I have tried a few different crontab entries, but get the same result from all of them (I've ran each version directly and each works fine when not ran via cron). */5 * * * * /Users/me/miniforge3/envs/dev/bin/fclean >> /dev/null 2>&1 */5 * * * * /Users/me/miniforge3/envs/dev/bin/python /Users/me/miniforge3/envs/dev/bin/fclean >> /dev/null 2>&1 */5 * * * * /Users/me/miniforge3/envs/dev/bin/python /Users/me/path/to/file.py >> /dev/null 2>&1 if it's helpful the python function that's raising the permission issue is: def clean_folder(folder: Path, _time: int = days(30)) -> None: """ If a file in the specified path hasn't been accessed in the specified days; remove it. Args: folder (Path): Path to folder to iterate through _time (int): optional time parameter to pass as expiration time. Returns: None """ for file in folder.iterdir(): if expired(file, _time): try: rm_files(file) except PermissionError as permission: logging.exception(permission) continue except Exception as _err: logging.exception(_err) continue ``

We have a closed-source SDK distributed as a static framework. We are experiencing some difficulty in incorporating Privacy Manifests. We added the Privacy Manifest as a resource in the xcframework using the Copy Bundle Resources phase. Our expectation was that the developer could then add the xcframework to their application and select the Embed Without Signing embed option. Even though it's a static framework, Xcode removes the static archive from the framework when it is embedded in the target bundle as described here: Embedding a static framework using a Copy Files build phase now removes the static archive from the framework when it is embedded in the target bundle. The REMOVE_STATIC_EXECUTABLES_FROM_EMBEDDED_BUNDLES build setting can be set to NO to opt out of this behavior. The COPY_RESOURCES_FROM_STATIC_FRAMEWORKS build setting, previously used in the legacy build system to extract and copy the resources from a static framework to the target bundle, no longer has any effect with the new build system as the entire framework is copied instead (minus the static archive as described above) The problem is that by doing this, the Info.plists present in the platform folder (.framework) is also embedded into the host app. The Info.plist now references the binary that was removed, causing a validation error when uploading to iTunes Connect. Similarly, if we remove the Info.plist from the xcframework platforms folders, it is not possible to run the host application on the simulator. Firebase is facing the same problem as they prepare to incorporate Privacy Manifests into their frameworks. When distributing via CocoaPods and SPM, we do not have this problem since it is possible to reference an external .xcprivacy to the xcframework in the package itself. So, in summary, how do we incorporate Privacy Manifests into a static framework?

Hi! In the team I work with, we develop an sdk for iOS which has support for two internal variations, one with basic capabilities and another with full ones, embedded in the same xcframework. The thing is with the privacy manifest change in the horizon, we are wondering if the sdk in the basic version can have a manifest with some values and the manifest in the sdk full version can have a different value, since the capabilities enabled in one may have different nutrition label types values than the other. Is that scenario feasible, or there is a different way for this situation? Thanks

Current situation. I'm using third-party sdk make by myself with my app. my app use UserDefaults api, and My sdk(framework) too Recently, apple store policy changed, apple says If you use "Userdefaults API", Include Privacy Manifest. As a result My app including two Privacy manifest If I create 10 SDKs, and all of these SDKs use "Userdefaults API", and one app itself also uses the "Userdefaults API", is it correct to include 11 "Privacy manifests" in this app?

I am looking into Privacy Manifests for a 3rd party SDK. An iOS project I'm working on includes several algorithmic libraries. I found this issue on swift-algorithms. Can I be sure that I don't really need to add a Privacy Manifests file for a library that is a collection of pure algorithms?