As announced on WWDC23 apps and SDKs will have to include a privacy manifest file, which can be added in Xcode 15 and will become mandatory in Spring 2024. Apps and third-party SDKs — distributed as XCFrameworks, Swift packages, or framework bundles — can contain a privacy manifest file, named PrivacyInfo.xcprivacy. Source: Documentation I'm still unsure how this reflects on apps or SDKs containing multiple targets, e.g. an app which contains network layer code in a separate target (but only as code included locally and not developed by some third party). Do we have to include a separate privacy manifest for each target or is it enough to have one privacy manifest in the "main" target that covers data usage of all targets.

How do i get rid of the screen recording or mic usage privacy icon from the menubar its very annoying and its there alot even though its not even being used by anything it is an empty dropdown Image

Hello, I am an audio developer, currently using macOS version 14.1.1. I noticed that after disabling the microphone, the small yellow dot in the Control Center disappears immediately, but the one in the menu bar takes about 20 seconds to disappear. I tested the built-in Voice Memos app and found the same behavior. Our users may be concerned about their privacy being violated, even though the software is not using the microphone at that time. We believe this is a bug, and the microphone icon in the menu bar should disappear immediately after the microphone is no longer in use. Do you have plans to fix this issue in future versions? Additionally, is there any workaround for the current version? As a supplement, we are using CoreAudio API with AudioDeviceStart & AudioDeviceStop, not AudioUnit.

Hello Apple Developer Community, I am reaching out to seek some assistance with an issue I've encountered related to user privacy settings in my app. Despite configuring the PrivacyInfo.xcprivacy file to disallow tracking and including specific domains within the Privacy Tracking Domains, I am observing that URLs containing these restricted domains are still being displayed within a webView in my app. Here are some specifics of the issue: The behavior occurs in both the iOS 17.1.1 simulator and on physical devices. I've double-checked the setup to ensure it aligns with the official documentation and expected privacy restrictions. I'm hopeful that someone in the community or from the Apple team can shed light on the matter. Why might the specified domains not be blocked as per the privacy settings? Any insights or guidance on resolving this would be greatly appreciated as it's crucial for maintaining the privacy standards of our app. Thank you for your time and help. Best regards,

I have gone through (many times) the videos and documentation around adding privacy manifest support to applications and SDKs etc - specifically via the expected PrivacyInfo.xcprivacy file. I am across adding it to the application, and to libraries that produce an xcframework (and signing those etc), however, I also have a series of Swift Package libraries available on GitHub which afaict will also require the privacy info file to declare the libraries privacy related intentions. So my questions are: Where should I add this file within the package setup? Should there be a privacy info file per importable target? Is it expected that the generated privacy report of an application will show info about the library? I have tried within the sources area, and in the root/manifest section, but when I generate a privacy report on the archived application that utilities this library, I can't see any indication that the info is included in the report. This is the generated privacy report from Xcode organiser: My libraries do not actually track or access anything in the required API's list, however I also added some user tracking and linking etc to the privacy info file as a test, and it does not indicate that these are happening in the generated privacy report on the application. Quick example/clarification: I have tried putting the file here: MyPackage - Package.swift > Sources > TargetName - PrivacyInfo.xcprivacy and here MyPackage - Package.swift - PrivacyInfo.xcprivacy > Sources > TargetName If there are docs that I have missed running through this, please link me 😅- I have searched for some clear answers through docs and forum questions but I can't seem to get clarification.

I am trying to prepare for Privacy manifest files. Is it possible to set up and proceed as follows? PrivacyInfo matinest file - Privacy Tracking domains Setting Like : example.com?abc When ATT permission is denied, example.com?abc -> Request Fail. and ther other path Like : example.com?qwe -> Request Success.

Hi, I am preparing privacy info manifest for my application. I am using stat to read not timestamp data from file. I wonder how in this case should I specify this info in the API usage? Should it be specified at all(since stat() is listed only in File Timestamp API)? Or maybe you can add stat to Disk space APIs and add one more reason there? Here is similar thread about this and nothing emerged so creating this to increase visibility of the problem: https://developer.apple.com/forums/thread/734750 Best regards, Konrad

My team is attempting to use an an add-in for Outlook for Mac that stores a Microsoft account access credentials in safari, so that it can refresh the credentials in the background and not force users to manually re-login every time the credentials expire. The update to safari that prevents local storage has prevented this from working correctly. It appears that the local storage prevention policy can be disabled with this command: 'defaults write com.apple.Safari BlockStoragePolicy -bool false' This initially seemed to work but no long seems to be allowing the credentials to be stored. I was unable to find any documentation as to what exactly this command does. I wanted to see if anyone knew exactly what this command does and if there is a variation or alternative command that would make local storage in safari allowed again.

Buongiorno, che tipo di accesso sicuro e che testimonia l'autenticità di un utente, è possibile usare ? E' possibile far inviare dall'utente che si vuol registrare, una foto di un suo documento di identità ed anche con la face authentication ? E' possibile usare lo SPID ? Grazie molto. Firenze Web Division.

The Upcoming third-party SDK requirements say that Signatures are also required in these cases where the listed SDKs are used as binary dependencies. Does the signature have to be a signature from the original developer of the SDK? I ask because we may need to modify some of our third-party SDKs before including them in our app, and I'm wondering if we'll be OK if we sign the framework. Thanks!

(I am working on an iOS project.) I'm looking into Privacy Manifest as an Apple policy change. I have a problem here.. some of the libraries I use are no longer updating. I can't find a library to replace it, so I'm going to fork the library, and I'm going to add Privacy Manifest. Apple API Doc I will download the fork library into my Mac and search the entire API list announced by Apple above through Xcode one by one. If I find a problem API, I will add it to Privacy Manifest. Is this a good way to do it??? Is there any better way?? Wouldn't it be a problem for me to add??

Hi Safari team, I am a product manager working for a large content recommendation company. Our JavaScriot SDK is running on more than 9000 leading publishers worldwide and has been certified to be aligned with global legal and privacy regulations and guidelines. We have the following problem: Since the launch of Safari 17 (in iOS, iPadOS, and MacOS) - we can see our JavaScript SDK blocked when the user uses the private browsing mode Safari 17 sometimes identifies our loading and rendering JavaSctipt files as any request/action by our domain to be a tracking activity (we see the JavaScript files in the console tagged with “Blocked connection to known tracker” log) In previous Safari versions, we only got the tracking functionality blocked, allowing our content to render We have the following questions: Can JavaScript running in Safari detect the user has the privacy mode turned on? Was there something specific in Safari 17 “Tracking Protection” functionality that now blocks content rendering on the page in addition to tracking activity? Context: We can run our JavaScript without performing any form of tracking, either directly by my domain or any other 3rd party vendor we are working with. We will render our content without performing any form of tracking or fingerprinting We are already following Apple’s iOS IDFA guidelines. Our iOS SDK, for example, detects and respects when the user opts out from sharing the IDFA on an iOS app running our code. In that case, we show our content without breaching the App Tracking Transparency framework rules. Besides sponsored content, our JavaScript SDK also powers organic recommendations for our clients. With Safari 17 blocking anything in private browsing mode, we see unfair interference with organic engagement. Please let us know if you provide guidance to allow our JavaScript SDK to render content when the user uses the private browsing mode, adhering to the privacy requirements. Thank you for helping! Omri.

I'm encountering a strange issue with PPPC configuration files and app visibility in Security & Privacy for standard users on the latest macOS version. The Scenario: I created a PPPC file granting accessibility and screen recording permissions for my app. I deployed the PPPC file to devices using MDM. Surprisingly, the app doesn't appear under Security & Privacy > Privacy > Screen Recording or Accessibility for standard users. However, if I remove the PPPC file, the app instantly shows up in those locations. What I've Tried: Double-checked the PPPC file syntax and permissions configuration. Redeployed the PPPC file and verified successful installation on devices. Restarted devices and re-registered the MDM profile. The Impact: This issue prevents standard users from granting my app the necessary permissions through the standard system interface. They require admin intervention to grant permissions manually, which is inconvenient and not ideal for our workflow. Seeking Help: I'm reaching out to the community for any insights or suggestions on resolving this issue. Has anyone encountered a similar problem with PPPC files and standard user permissions? Any advice or potential solutions would be greatly appreciated!

I'm having some problems accessing contacts inside of mac cli app. The main issue is that the app is not triggering a dialog requesting access to contacts. Some sources state that NSContactsUsageDescription should be added to info.plist. This info.plist is nowhere to be found inside the project in xcode. Then, some sources are stating that there was a xcode update, and now permissions are added on Targets -> Info tab, but this tab does not exist on mac cli project. Here is a code snippet: #import <Contacts/Contacts.h> int main(int argc, const char * argv[]) { @autoreleasepool { CNAuthorizationStatus status = [CNContactStore authorizationStatusForEntityType:CNEntityTypeContacts]; if (status == CNAuthorizationStatusNotDetermined) { NSLog(@"Contact access not determined."); CNContactStore *contactStore = [[CNContactStore alloc] init]; [contactStore requestAccessForEntityType:CNEntityTypeContacts completionHandler:^(BOOL granted, NSError * _Nullable error) { NSLog(@"Got response"); }]; } else if (status == CNAuthorizationStatusAuthorized) { NSLog(@"Access granted"); } else { NSLog(@"Access to contacts is denied or restricted."); } } return 0; } Running this outputs: Contact access not determined. and app exits with code 0. How would one access contacts inside of mac cli app project? Or setup proper permissions so that dialog would trigger? PS. I have also tried adding info.plist manually, but there was no difference. Maybe I did something wrong? Is info.plist even used in mac cli project?

As the new requirement for Privacy manifests is coming this Spring 2024 (https://developer.apple.com/news/?id=r1henawx), Apple released a list of SDK's that need to comply with this requirement and provide a privacy manifest file: https://developer.apple.com/support/third-party-SDK-requirements/ I have some questions: Do i need to declare a privacy manifest file for the SDKs if i'm updating an old app that already includes one of these SDKs? Apple states "when you submit an app update that adds one of the listed SDKs as part of the update" which in my understanding applies only when an app adds an SDK for the first time in an app update. What happens with SDK's that are not in this list? Should every single SDK an app uses to include the privacy manifest file?

I am using the library through SPM. I asked the library developer to add Privacy Manifest, and it was completed. But when I checked Archive on Xcode, it doesn't generate a report. How can I solve it?? What modifications should I ask library developers to make?? I've seen in other questions to check out "Do not embed". But it seems to be different from this situation.

My iOS app get access to Calendars on iPhone and iPad (iOS 17) bey when running on Mac (designed for iPad) the app gets the ".notDetermined" authorizationStatus after a call to EKEventStore.authorizationStatus(for: .event). What should I do so that my App gain access to Calendars ?

I have a MacOS screenshot app that was created in 2014. I've recently updated some code and libraries and am having problems with the transfer of screenshot entablements to the new app. Basically, if a user had the old version of my app they would have to delete the old enablement start the new app and then re-enable the updated version of the app. Why is this happening? It's confusing because the user sees that my app is enabled but the enablement isn't working.

I am creating a Privacy manifest file and have a question about adding to NSPrivacyTrackingDomains. For example, if I am using Firebase for two purposes, analytics and crashes, if I specify the Firebase domain as NSPrivacyTrackingDomains and the user rejects the tracking, will the crash information etc. also stop being sent?

I'm looking over data use categories for the privacy manifest here https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests My app retrieves information such as OS Version, OS Name, locale info for the reason analytics. It also retrieves cellular infomation and device information for the reason app functionality. For this, I think it falls under "Other Data types" and the value "NSPrivacyCollectedDataTypeOtherDataTypes" in the privacy manifest. Do we need to specify further what that "other" data type is? How do I add "OS Information" or "Device Information" as part of the entry for "NSPrivacyCollectedDataTypeOtherDataTypes" in the manifest? Thanks