Hello. I am having issue with the privacy warnings. Basically i am using react native without expo and i want to fix the warnings that are displayed via apple store connect. As per instruction, i created the PrivacyInfo.xcprivacy file, added my project as target and filled the rules out. After doing that, when i try to build i get errors: "Multiple commands produce '/Users//Library/Developer/Xcode/DerivedData/-fvniikaunkvfgngctvgfjncckcat/Build/Products/Debug-iphonesimulator/.app/PrivacyInfo.xcprivacy'" "Target '' (project '') has copy command from '/ios/PrivacyInfo.xcprivacy' to '/Users//Library/Developer/Xcode/DerivedData/-fvniikaunkvfgngctvgfjncckcat/Build/Products/Debug-iphonesimulator/.app/PrivacyInfo.xcprivacy'" "That command depends on command in Target (project ): script phase “[CP] Copy Pods Resources”". Some solutions suggested removing the PrivacyInfo from Copy Bundle resources. That way the build worked but the app store connect still gave warning. to me the issue seems to arise during copy pods resources, it wants to create the PrivacyInfo.xcprivacy file, but it already exists. Or maybe it its something else. Any help or direction is much obliged

As title, i tried to get tracking domain by Network instruments, but it shows Call os_log APIs on a logging handle network instruments. Anyone know how can i log the domain. Thanks

Step follow: Open your project in Xcode. Choose Product > Archive. Xcode creates the archive and reveals it in the organizer Control-click the archive in the organizer and choose Generate Privacy Report Choose a location to save the privacy report When I open the privacy report file, I can't see the content. Could you help me resolve this issue?

Dear Experts, I've just received the exciting new email from App Store Connect telling me that I'm using a "required reason" API call and need to declare it in my privacy manifest. Of course this is easy to fix, I'll just add the code to my privacy manifest - but I thought I'd at least go through the motions of trying to work out what function I am calling and from where. First issue is that the email just tells me that the app "references one or more APIs that require reasons ... including NSPrivacyAcceeedAPICategoryFileTimestamp". Dear Apple, why on earth can't you actually tell me the specific function that I am calling? (FB13689896). So let's see if I can work out what has been detected. I look at the app binary: % objdump --syms App.app I think that is probably more or less what App Review must get from their scan, right? So I can see _stat in there but it doesn't know the corresponding source file. So I go to the build directory with the object files and extract symbols from them all individually, using objdump --syms. Provided that I've not enabled link-time optimisation that works and I can find ... zero calls to stat(). Which tells me that my C++ std::filesystem calls have not been detected! Interesting. So if you want to bypass this amazing new privacy technology, I guess that's the way to go. Anyway if there's a call to stat() in the binary but not in the object files, it must be coming from one of my .a files. That's a bit more difficult to track down as (1) my .a files are not in a convenient single directory, and (2) they may have calls to stat() in archive members that aren't needed and aren't included in this binary. So the question: is there some convenient way to take the binary and identify which object files or static library archive members resulted in which of its UND symbols?

Hello, I am trying to develop an app , using Flutter. My app has its own database which it contains the customer info such as name, address and phone number. I need to get the caller's phone number then I use the phone number and search in my database and if the phone# exist in our DB , I extract customer info and show it on pop up screen. How can I get the phone number of the person who is calling? i tried this, it didnt work: let networkInfo = CTTelephonyNetworkInfo() guard let carrier = networkInfo.serviceSubscriberCellularProviders?.first?.value else { return nil } return carrier.mobileNetworkCode Is there any way to get caller's number while he/she is calling? Thanks P.

Hello, my dear colleages. I'm a new ios developer (actually I'm sr. android dev), so this is my first publishing in app store. I have create an app with memes, where users can create memes, share it and judge. I have already tearm of uses, privacy policy, registration and report (because I want to create a stable product), but apple has own opinion: Require that users agree to terms (EULA) and these terms must make it clear that there is no tolerance for objectionable content or abusive users - okay, I will add EULA to my links, but it already contains the rules of creating content A method for filtering objectionable content - blocking happens automatically by user reports. I explained it to the reviewer, but he ignored it and repeated this mark (all marks) again. By user reports the memes with 10 or more marks will be hidden for content delivery. What does he want else? How can the filters resolve it or content already hidden? What actually should I do and these "filters"? A mechanism for users to flag objectionable content - The same. What else does he want? A mechanism for users to block abusive users - This is jsut ridiculous! Users can not write each other and can not communicate with each other. They can only create and judge memes. I'm not sure that reviewer really was looking my app. Maybe 30 seconds? So, how can I follow to his marks if he doesn't listen and doesn't check? Use fake feature? That's shame! The developer must act on objectionable content reports within 24 hours by removing the content and ejecting the user who provided the offending content - The same. The blocking happens automatically. We don't have moderators and can control this process manually (only 2 members in the team). I really don't understand why apple make my life harder)) Google and Huawui have already published app in the internal testing without wrong useless marks. As I know this situation is normal behaviour for apple. Anyway I want to resolve this "marks" and finish the publish process - users are waiting for. Please guys, help me to do it correct - I don't have experience with apple support and it looks for me like a circus! P.S. Links to the terms of uses and privacy policy available on the register screen

I just submitted a build to TestFlight this morning that should have set off the same alarms as last week, but it didn't. We received no emails complaining about "ITMS-91053" violations like happened on this branch before. We've been working hard to figure out how to meet your new privacy requirements, and it's been quite frustrating. I thought I finally fixed it yesterday, but today I wanted to run a sanity test. I went back and created a build that should fail, but now that one is apparently fine as well. I'm at a complete loss.

I receive this from apple on review , what I suppose to change Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing The app privacy information you provided in App Store Connect indicates you collect data in order to track the user, including Browsing History, Other Diagnostic Data, Crash Data, Performance Data, Name, Search History, Physical Address, Customer Support, and Other Data Types. However, you do not use App Tracking Transparency to request the user's permission before tracking their activity. Apps need to receive the user’s permission through the AppTrackingTransparency framework before collecting data used to track them. This requirement protects the privacy of users. Next Steps Here are two ways to resolve this issue: If you do not currently track, or decide to stop tracking, update your app privacy information in App Store Connect. You must have the Account Holder or Admin role to update app privacy information. If you track users, you must implement App Tracking Transparency and request permission before collecting data used to track. When you resubmit, indicate in the Review Notes where the permission request is located.

Because the latest privacy manifest file requires inclusion for submissions after May 1st, based on the document: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files I have two questions regarding the NSPrivacyTrackingDomains field: In my app, NSPrivacyTrackingDomains and regular user login registration data loading use the same second-level domain "myapp.com". If "tracking.myapp.com" is specified in NSPrivacyTrackingDomains but the user does not grant tracking permission to the App Tracking Transparency framework, can the app still access the network through third-level domains such as "login.myapp.com" or "data.myapp.com"? At the bottom of the document, there is a note: "You only need to supply NSPrivacyAccessedAPITypes for apps and third-party SDKs on iOS, iPadOS, tvOS, visionOS, and watchOS." Does this mean that NSPrivacyTrackingDomains and NSPrivacyTracking properties do not need to be filled out as of May 1st? Will there be any issues if they are not filled out? Eagerly awaiting your response! Thanks!!!

Existing external libraries are distributed in the form of framework files. However, if the company providing the library delays the Privacy Manifest registration patch, how can I handle this situation? Am I just keep getting my app rejected? In an app that uses a specific commit in open source branch, what should I do if the Privacy Manifest is registered only in the latest version of that version? For various reasons, including functional stability, the open source cannot be updated to the latest version.

I have developed a framework that uses Alamofire which is included in the list of third-party SDKs that require the Privacy Manifest. https://developer.apple.com/support/third-party-SDK-requirements/ The latest version of Alamofire already includes the PrivacyManifest.xcprivacy file and is visible from my own framework. My question is if it is necessary to add a PrivacyManifest.xcprivacy to my framework in that case and if so, should it be the same as Alamofire's? Wouldn't that be redundant? My framework does not use any API that has to be declared. If another framework were to use my framework that uses Alamofire, should I also create a PrivacyManifest.xcprivacy? Thank you.

I saved the device token in UserDefaults. The information is passed on to the backend server of my app when needed. CA92.1: Declare this reason to access user defaults to read and write information that is only accessible to the app itself. I was thinking about using CA92.1, but that seems to mean reading and writing entirely within the app. 1C8F.1: Declare this reason to access user defaults to read and write information that is only accessible to the apps, app extensions, and App Clips that are members of the same App Group as the app itself. Can I see my app's backend server as belonging to "the apps, app extensions, and App Clips that are members of the same App Group"? Would it be okay to apply 1C8F.1?

我想知道对于5月1日之后，用户如果没有更新app，是否会受到影响？

Hello, Currently, my app only uses web view to load HTML data and external safari web view by link click. I have seen the following developer's details. So if HTML data load on web view needs data collection enabled, then which Types of data need to be added to data collection? Also. if we disable all types of Data collection from privacy. Is apple will allow you to submit the app? or Reject it? Any help will be appreciated. Thanks

Hello, When you integrate framework linked statically, the usage is that those framework provide a bundle in which they put their PrivacyInfo.xcprivacy file. If you decompress an .ipa file you submit to Apple, you can see this bundle at the root. The problem is that the PrivacyInfo.xcprivacy files inside bundles seem not to be scan by Apple in the privacy process. Thus Apple send us issues about missing privacy. Have you already heard about this problem ? Probably link to what i am saying : Firebase issue #12557 Thank you very much for your feedback !

Hello, I created my manifest file, added to target and when I send app to review I receive email. I have no idea what is wrong. I tried change localization, modify file and nothing. Still don't work. Xcode version 15.3. localization file and add to target: email: manifest file: Manifest file

Hello Apple We have read your guide on https://developer.apple.com/documentation/bundleresources/privacy_manifest_files#4284009 and it is unclear how the NSPrivacyTrackingDomains affects WebView functionality of the app. We have WebView based functionality we use for signup/ login of customers in the app and that can potentially track users. It is stated that If the user has not granted tracking permission through the App Tracking Transparency framework, network requests to these domains fail and your app receives an error. However based on our testing the domains listed in NSPrivacyTrackingDomains have no effect on network requests happening in the WebView if the user declines tracking via the App Tracking Transparency prompt. (e.g pages are loaded, network requests to listed tracking domains are happening) Can you confirm it is the case on what should de done about it? Right now we have a custom implementation on our side that passes the result of the App Tracking Transparency prompt to the WebView instructing it weather it can send requests to tracking domains or not.

We're distributing an XCFramework to a customer to create their own apps. With the new XCFramework signing requirements, we have a question with regards the way how to implement it. We're using a few of the frameworks on the list https://developer.apple.com/support/third-party-SDK-requirements/ including [AFNetworking], as a dependencies for our framework. We are building those frameworks from source code and not using any binaries provided by any third-party. We also modify the open source code, so that it is different from the original open source code in a way so that it won't lead to runtime conflicts in case the customers is including similar frameworks in their application. We're using those derivatives of the open source frameworks as a statically linked libraries to our SDK. Questions: Do we need to sign the third party frameworks of which we have cloned source code and using it within our SDK Framework? Is it required that the XCFramework built this way is signed when it is delivered to a third party and they use it in their app?

In my project, I am using a third-party SDK called "SwiftyJSON" which is not maintained or updated since April 2019. So in such cases where the third-party SDKs are not updated with a PrivacyInfo.xcprivacy will it affect the app release in Appstore or in such cases is there any way to bypass non-maintained SDK?

Can someone please confirm in this case whether I need a privacy manifest in BOTH my app, and the third party SDK. One of the Firebase SDKs we are using uses UserDefaults. As such we are now getting warning emails from Apple about using restricted APIs. Google have said that they will be releasing a privacy manifest that will get rid of this error. However, the app itself does, like most, use UserDefaults itself. With Firebase already declaring the usage of UserDefaults, is it necessary to then re-state it, in a privacy manifest for the app? Or is this simply the third party SDK provider's problem? Thank you