我想知道对于5月1日之后，用户如果没有更新app，是否会受到影响？

Hello, What are the guidelines for mergeable libraires regarding privacy data ? In particular where do we put the PrivacyInfo.xcprivacy file in this situation, so as Apple process can scan it when we upload the package of the app. Thank you.

Hello, When you integrate framework linked statically, the usage is that those framework provide a bundle in which they put their PrivacyInfo.xcprivacy file. If you decompress an .ipa file you submit to Apple, you can see this bundle at the root. The problem is that the PrivacyInfo.xcprivacy files inside bundles seem not to be scan by Apple in the privacy process. Thus Apple send us issues about missing privacy. Have you already heard about this problem ? Probably link to what i am saying : Firebase issue #12557 Thank you very much for your feedback !

Hello, Currently, my app only uses web view to load HTML data and external safari web view by link click. I have seen the following developer's details. So if HTML data load on web view needs data collection enabled, then which Types of data need to be added to data collection? Also. if we disable all types of Data collection from privacy. Is apple will allow you to submit the app? or Reject it? Any help will be appreciated. Thanks

I saved the device token in UserDefaults. The information is passed on to the backend server of my app when needed. CA92.1: Declare this reason to access user defaults to read and write information that is only accessible to the app itself. I was thinking about using CA92.1, but that seems to mean reading and writing entirely within the app. 1C8F.1: Declare this reason to access user defaults to read and write information that is only accessible to the apps, app extensions, and App Clips that are members of the same App Group as the app itself. Can I see my app's backend server as belonging to "the apps, app extensions, and App Clips that are members of the same App Group"? Would it be okay to apply 1C8F.1?

When you generate privacy report for your app and meet the following issue, you should check two things. Check if you add your PrivacyInfo.xcprivacy into Target Membership. Check if Installation Directory is /Applications, on my side I can't gererate report if I change it to other path or other name with xcode 15.3(15E204a). It must be /Applications. I know /Applications means LOCAL_APPS_DIR or SYSTEM_APPS_DIR, but I want to use USER_APPS_DIR = $(HOME)/Applications or any path I write into Installation Directory. What should I do to make the generate tool follow my personal Installation Directory? And how to use command line to generate this report?

Can someone please confirm in this case whether I need a privacy manifest in BOTH my app, and the third party SDK. One of the Firebase SDKs we are using uses UserDefaults. As such we are now getting warning emails from Apple about using restricted APIs. Google have said that they will be releasing a privacy manifest that will get rid of this error. However, the app itself does, like most, use UserDefaults itself. With Firebase already declaring the usage of UserDefaults, is it necessary to then re-state it, in a privacy manifest for the app? Or is this simply the third party SDK provider's problem? Thank you

We're distributing an XCFramework to a customer to create their own apps. With the new XCFramework signing requirements, we have a question with regards the way how to implement it. We're using a few of the frameworks on the list https://developer.apple.com/support/third-party-SDK-requirements/ including [AFNetworking], as a dependencies for our framework. We are building those frameworks from source code and not using any binaries provided by any third-party. We also modify the open source code, so that it is different from the original open source code in a way so that it won't lead to runtime conflicts in case the customers is including similar frameworks in their application. We're using those derivatives of the open source frameworks as a statically linked libraries to our SDK. Questions: Do we need to sign the third party frameworks of which we have cloned source code and using it within our SDK Framework? Is it required that the XCFramework built this way is signed when it is delivered to a third party and they use it in their app?

Hello Apple We have read your guide on https://developer.apple.com/documentation/bundleresources/privacy_manifest_files#4284009 and it is unclear how the NSPrivacyTrackingDomains affects WebView functionality of the app. We have WebView based functionality we use for signup/ login of customers in the app and that can potentially track users. It is stated that If the user has not granted tracking permission through the App Tracking Transparency framework, network requests to these domains fail and your app receives an error. However based on our testing the domains listed in NSPrivacyTrackingDomains have no effect on network requests happening in the WebView if the user declines tracking via the App Tracking Transparency prompt. (e.g pages are loaded, network requests to listed tracking domains are happening) Can you confirm it is the case on what should de done about it? Right now we have a custom implementation on our side that passes the result of the App Tracking Transparency prompt to the WebView instructing it weather it can send requests to tracking domains or not.

We received an email from App Store Connect with the subject 'uploaded build for {AppName} has one or more issues' regarding our latest package, {versionNumber}' The email states that we need to add an App Privacy Manifest for our extensions before May 1st, and it specifies which categories need to be added. However, some of the categories mentioned, such as NSPrivacyAccessedAPICategorySystemBootTime, NSPrivacyAccessedAPICategoryFileTimestamp, NSPrivacyAccessedAPICategoryDiskSpace, are not used from our application. Do we still need to add these? If so, under which 'Privacy Accessed API Reasons' code should we add them?

My app is using Advertising data type to track but it leverages third-party ads SDKs to do so. I add NSPrivacyCollectedDataTypeAdvertisingData and NSPrivacyCollectedDataTypeTracking that is true to my app's manifest file. Those third-party ads SDKs will have their own manifests declaring the values of NSPrivacyTracking and tracking domains. In this case, do I need to set NSPrivacyTracking as true and add domains those SDKs are connecting to the host app's privacy manifest? My guess is no since all manifests are merged in to a single report finally.

I noticed that Apple's articles have changed since originally being published. For example, some required reason codes have been added to Describing use of required reason API Since there is no visible modification date or revision date on the page, how can we get notiifications for changes to these pages? I did not find a 'watch' button in them.

I received an email from Apple saying the app is using: NSPrivacyAccessedAPICategoryDiskSpace NSPrivacyAccessedAPICategoryFileTimestamp NSPrivacyAccessedAPICategorySystemBootTime I'm not directly calling (afaik) any API that might be involved in getting the disk space, file timestamp, nor system boot time, so presumably these are indirectly originating in a pod whose api I'm using. However I have about 100 pods in the app, how can I know which one these are originating from? (100 seems a lot, but its a React Native app and that alone pulls in dozens and dozens of pods implicitly in addition those specified explicitly in a pod file) I can try and update all the pods to the latest version, but if the offending pod(s) hasn't added a manifest file, then I have no way of knowing which one it is - therefore I can neither contact them to ask when they will release a new version, nor can I attempt to try and remove the pod, because I just don't know which one might be causing the manifest warning. So what are we supposed to do in this situation?

Morning All, just wanted a little help with my xamarin forms app. When I publish to test flight for a public test build I am always receiving the email about ITMS-91053: Missing API declaration. I have followed the steps and created a PrivacyInfo.xcprivacy in Xcode and I can see it in my xamarin iOS project but I still get the email saying it is missing. Is there something I am missing or ned to reference in the info.plist etc. My looks like the following: `

We submitted an app to TestFlight and received the expected warning email. However, the email did not mention any of the SDK frameworks that were in the app. The email only mentioned the app itself and the app's extensions. We expected to get warnings for our frameworks that used required reason APIs. We also expected to get warnings for frameworks in the "list of commonly used third-party SDKs" Why are the warnings not as expected? Is this because Test Flight is not making the same kind of warning emails that will be created for the App Store?

I thought I read somewhere in the privacy manifest documentation that they were not required for app extensions because extensions will inherit the privacy info from their parent apps and SDKs, but now I can't find a reference for that. If that is the case, I don't think it is working correctly, because we are getting warnings about missing API declarations for things that should be covered by an app or SDK manifest from what I can tell.

Will an app be rejected after the 1st of May 2024 if it contains a Embedded Dynamic XCFramework that uses a Required Reason API and it does not declare the Required Reason API usage inside its Privacy Manifest? Important note: I am asking about dynamic xcframeworks that are NOT on Apple's list of commonly-used SDKs. I am asking because I'm only getting warnings about missing API declaration for the main app binary and app extensions. I do not get any warnings for the embedded dynamic xcframeworks that i have in my app.

Hi, I am new to Swift and trying to develop an app that needs photolibraryusagedescription and photolibraryaddtionsusagedescription. On simulation, I have fetched all photos and delete selected photos successfully but can't share selected photos so I've connect real device to test it out. However, after allow full access to photo album, I got error Domain=NSCocoaErrorDomain Code=4097, "connection to service with pid 1353 named com.apple.privacyaccountingd" UserInfo={NSDebugDescription=connection to service with pid 1353 named com.apple.privacyaccountingd} I've looked up for solutions so far but still have no idea what created that issue and how to solve it, I've been using the latest version of all devices and apps related. Could someone guide me about this issue? Thank you Here's the code of my ContentView, and function I use to request access, respectively: import Photos struct ContentView: View { @State var showGuide: Bool = false @State var showInfo: Bool = false @StateObject private var photoFetcher = PhotoFetcher() @State private var photoOffset: CGSize = .zero @State private var animateOut = false @State private var refreshTrigger = false @State private var showingShareSheet = false @State private var itemsToShare: [Any] = [] func likePhoto() { guard !self.photoFetcher.destinations.isEmpty else { return } // Some animation later DispatchQueue.main.asyncAfter(deadline: .now() + 0.5) { if !self.photoFetcher.destinations.isEmpty { let tempPhoto = self.photoFetcher.destinations.removeLast() self.photoFetcher.destinations.insert(tempPhoto, at: 0) } photoOffset = .zero animateOut = false } } func dislikePhoto() { guard !self.photoFetcher.destinations.isEmpty else { return } let deletePhoto = self.photoFetcher.destinations.last?.asset guard let deleteAsset = deletePhoto else { return } PHPhotoLibrary.shared().performChanges({ PHAssetChangeRequest.deleteAssets([deleteAsset] as NSArray) }) { success, error in DispatchQueue.main.async { if success { self.photoFetcher.destinations.removeLast() self.refreshTrigger.toggle() } else { print("Error deleting photo") } } } } func sharePhoto() { guard let topAsset = photoFetcher.destinations.last?.asset else { return } let manager = PHImageManager.default() let options = PHImageRequestOptions() options.version = .current options.isSynchronous = false options.deliveryMode = .highQualityFormat manager.requestImage(for: topAsset, targetSize: CGSize(width: UIScreen.main.bounds.width, height: UIScreen.main.bounds.height), contentMode: .aspectFit, options: options) { image, _ in if let image = image { DispatchQueue.main.async { self.shareImage(image: image) } print("shareImage called") } } } func shareImage(image: UIImage) { itemsToShare = [image] showingShareSheet = true print("Item to share: \(itemsToShare)") } var body: some View { VStack{ Spacer(minLength: 20) ZStack { ForEach(photoFetcher.destinations, id: \.id) { oldPic in CardView(showGuideView: $showGuide, showInfoView: $showInfo, oldPics: oldPic) } } .padding(.horizontal) Spacer() CardNav(onLike: { likePhoto() }, onDislike: { dislikePhoto() }, onShare: { sharePhoto() }) Spacer(minLength: 20) } .onAppear(perform: photoFetcher.requestPhotoLibraryAccess) .alert(isPresented: $photoFetcher.showAlert) { Alert( title: Text("Permission required"), message: Text(photoFetcher.alertMessage), primaryButton: .default(Text("Settings"), action: { // Open the app's settings UIApplication.shared.open(URL(string: UIApplication.openSettingsURLString)!, options: [:], completionHandler: nil) }), secondaryButton: .cancel() ) } .sheet(isPresented: $showingShareSheet) { ActivityViewController(activityItems: itemsToShare, applicationActivities: nil) } } } #Preview { ContentView() } PHPhotoLibrary.requestAuthorization { status in DispatchQueue.main.async { if status == .authorized { self.fetchPhotos() } else { // Do something self.handleDeniedAccess() } } } }

My app does not knowingly capture or retain user data in any form, but I wanted to make sure that I don’t inadvertently have access to user data via CloudKit. I’m reaching out to confirm this. Here’s the basic structure of the app - users can enter information which is then retained for their own use. I’m using SwiftData. @Model data is saved in a CloudKit container, which permits data syncing across iOS devices. I’ve never written any code to make the container database I’m using for the app (or zones within it) anything other than private, so I think (??) by default the data is stored privately. Data syncing does work and my icloud.developer.apple.com dashboard shows a private database subscription but no public or shared subscriptions. My understanding of this design has been that the user’s data was stored in their personal, private iCloud account and I did NOT have access to it (nor do I need or want to have access). However, then I watched this WWDC 2018 video on GDPR compliance (https://developer.apple.com/videos/play/tech-talks/703/), in which Michael Ford presents code that provides “visibility into the data that is saved in CloudKit for the user”, including the private database. This sounds to me like a developer might actually be able to access a user’s private database data. Have I misinterpreted this WWDC 2018 presentation, has a developer’s access to user data in a private database changed since 2018, or do I actually have access to user data via my reliance on CloudKit to save user data? Many thanks for your help!

I'm referring to the use of a "settings bundle" plist to cause the main Settings app to display your app's preferences which the app can then read via NSUserDefaults, as described here: https://developer.apple.com/library/archive/documentation/Cocoa/Conceptual/UserDefaults/Preferences/Preferences.html#//apple_ref/doc/uid/10000059i-CH6 I am wondering if this is actually deprecated, or something. I ask because, (1), it still has the high-quality old-style documentation, and (2) there doesn't seem to be a "required reason API" code for using it. Specifically, the NSUserDefaults required reason API codes are CA92.1 : "This reason does not permit reading information that was written by other apps or the system" 1C8F.1 : "This reason does not permit reading information that was written by apps, app extensions, or App Clips outside the same App Group or by the system." C56D.1: "...third-party SDK..." - nope. AC6B.1: "... com.apple.configuration.managed ..." - nope. None of the codes permit reading preferences that have been set by the Settings app using this method.