WWDC 2023 states that app developers should be provided with a Privacy Manifest. And Apple released a list of influential libraries. Should I add it in the case below as well?? If Apple is not the mentioned library If 'Describing use of required reason API' is not used Summary: Are all libraries subject to Privacy Manifest?

Hello. We provide the SDK in the form of a static library wrapped in the xcframework. Therefore, the final app will not include any embedded frameworks. I know that when an SDK is included in an app using the embed method, there is a separate privacy manifest for the SDK in the app. However, since static libraries are usually included in a do not embed manner, I wonder if there is another way. Also, if use SPM, cannot specify the embed format separately. Therefore, when creating a Privacy Report in the app, the privacy manifest item included in the SDK is not included. I wonder if there will be no problem if I simply include the privacy manifest file in the xcframework. (Even if it is not included separately in the app like a dynamic library) Any response would be appreciated.

Hello, I have develop a app but continue to reject for 2 problems from resolve: For GUIDELINES 3.1.1.: I don't know how i can resolve, because there are more apps that is paymant using browser on app without use in-app purchase, example the apps SUPERENALOTTO when I pay, open a window browser with type of payments (especially out the app), the app ENI PLENITUDE when there is a bill to pay, can pay with Apple Pay on app but how can I specify the price on in-app purchase if the price is not fixed but occurs based on the cost of the bill. On in-app purchase there are the price that I have to insert from $0.99 to up. Please can you help me? Because, yesterday I have change on app the payment on browser but they rejected it anyway. For GUIDELINES 5.1.1: There are too every apps that can registered without specifying or explaining what registration is for, example the apps BADOO and LOVOO and NETFLIX there are only ACCESS, REGISTERED and PASSWORD DISMISSED...Can you help me with this too? Can I see a specific example? A screenshot? I've been studying and updating/editing for many days but they rejected me 10 times Thank you very much.

Hi everyone, after looking through the WWDC videos and documentations I can see that there is a new requirement of privacymanifest and code signature for 3rd party SDKs consumed as a binary dependency. I just have two questions in relation to this 1.if my company takes the source code of let's say AFNetworking and build it into a binary dependency in our environment for our app to consume. Does this mean that we can provide our own privacy manifest and code signing?
 
2. If we are unable to provide our own manifest and code signature in the case of MFEs such as AFNetworking that is deprecated. How will we proceed from there?

I am currently engaged in developing a mobile application using Cordova. This app incorporates CordovaLib as source code but does not utilize XCFramework. I have some inquiries regarding compliance with the privacy updates enforced by Apple starting April 2024. What is the recommended approach for code signing in projects utilizing Cordova? I am unable to find clear guidelines in Apple's documentation specific to Cordova, and I am uncertain about the proper procedure. With respect to Apple's privacy updates (referenced here: https://developer.apple.com/news/?id=r1henawx), are there any specific considerations or necessary modifications for Cordova apps? If not using XCFramework, what are the recommended steps to integrate these updates? This information is crucial for my project, and I am eager to adhere to Apple's official guidelines. Any advice or guidance on this matter would be greatly appreciated. Thank you for your time and assistance.

Hello, I have a project that generates a fat Static Library (NOT a Static XC Framework), and the output of that project would be a single static library file let us say: libProject.a We are distributing this libProject.a to our clients and we are not using XCFrameworks yet. In this specific case (Static Library) do we need PrivacyInfo.xcprivacy file? and in case it is required how is it supposed to be distributed with the static library? is it enough for the ones who are calling this library in their project to add the missing XCPrivacy entries to their app "PrivacyInfo.xcprivacy" file ? PS: I know ideally it would be better to use Static Framework instead of Static Library but that is still planned in our schedule for a future release, Since "Static Library" target type is still supported by Xcode 15.2 that means there must be a solution. Thanks in advance,

Xcode 15 supports .xcprivacy extensions, but if we added PrivacyManifest to the project and built the project through Xcode 14.3 with PrivacyManifest already added, Apple Review will see that the project has the PrivacyManifest you need? or how is this supposed to work? Or should we build the project via Xcode 15+ and only then will it be transferred to you correctly?

My app depends on the user granting Accessibility access (Allow this application to control your computer). There’s no formal permissions API (that I know of) for this, it just happens implicitly when I use the API for the first time. I get an error if the user hasn’t granted permission. If the user grants permission and I'm able to successfully register my CGEventTap (a modifier key event tap), but then later revokes it, key responsiveness goes awry. I don’t get any kind of error to my callback, but I do get tapDisabledByTimeout events periodically. I believe something is causing significant delays (but not preventing) in delivering events to my tap. Upon receiving this, I'm considering attempting to register another tap as a way to test permission, and disabling the real one if I no longer have permission. Does anyone have any better ideas? For Apple: see FB13533901.

Hi community, i am updating the PrivacyInfo file of our app. Our app has multiple extensions, some of them accessing the UserDefaults. Because of that I want to set the Privacy Accessed API Type to a value of 1C8F.1. However, from the drop down menu for possible values, the value for code 1C8F.1 is not available. It does not show up in the list. Can I just manually edit the underlying xml file and just add <string>1C8F.1</string> to the array for NSPrivacyAccessedAPITypeReasons and expect it to work or will this cause issues when submitting our app to the app review?

I'm writing a C/C++ command line program which, at some point, calls IOHIDManagerOpen. I've added both my program executable and lldb as permitted for input monitoring (as far as I remember, my program was added after showing up a permission prompt, I've added lldb manually later, trying to resolve the problem). My problem is that when I run my program from within lldb in Terminal, the call to IOHIDManagerOpen returns kIOReturnNotPermitted. When I run my program directly in the terminal session (without lldb), this call returns kIOReturnSuccess. Such behaviour means it will be impractical to use lldb for any debugging of this program. What can be done to make lldb session behave the same way, the normal execution works? I'm on: 23.2.0 Darwin Kernel Version 23.2.0: Wed Nov 15 21:55:06 PST 2023; root:xnu-10002.61.3~2/RELEASE_ARM64_T6020 arm64 and: lldb-1500.0.200.58 Apple Swift version 5.9.2 (swiftlang-5.9.2.2.56 clang-1500.1.0.2.5)

Updating our SDK and App with privacy manifests I'm struggling to understand what the PDF reports are used for. Privacy Manifest Apple page A few things which I can't find an answer for are; What is the point of the PDF report? It seems filling in the manifests doesn't autofill the app privacy questions on app store connect Is there a way for this report to be generated as part of an automated build process in xcodebuild?

hi,there are some questions about Privacy manifest 1.why do we just see the information about app's manifest in PrivacyReport after app has been archived,that does not contain our SDK's manifest info.but our frameworks that app contains have manifest. 2.does every SDK need to add manifest if this SDK collects user data or uses API? 3.there is list of third-part-sdk https://developer.apple.com/support/third-party-SDK-requirements/ ,if we use an SDK not listed and the sdk has collected use data or used api that need to display reason,should we add manifest file?

Hi, I've run an Instruments network capture of our iOS app and the Points of Interest track lists faults due to undisclosed tracking domains. For example app-measurement.com which is used by Firebase causes the fault: Fault: app-measurement.com is not listed in your app's NSPrivacyTrackingDomain key in any privacy manifest. It may be following users across multiple apps and websites to create a profile about users of apps that contact this domain. However my PrivacyInfo.xcprivacy file contains (API and Nutrition info omitted): NSPrivacyTracking: true NSPrivacyTrackingDomains: app-measurement.com So I'm surprised the fault is still occurring. Is it because the call is coming from a 3rd party SDK (Firebase)? I'll be removing this entry once a compliant Firebase SDK is released but figured it should still work. I've checked that the IPA contains PrivacyInfo.xcprivacy, and that I'm able to generate a privacy report. I'm using Xcode 15.0, iOS 17.1.

:( We are currently in the process of developing a video calling app using WebRTC. We initiate one-to-one video calls with the AVAudioSession configured as follows: do { if audioSession.category != .playAndRecord { try audioSession.setCategory( AVAudioSession.Category.playAndRecord, options: [ .defaultToSpeaker ] ) try audioSession.setActive(true, options: .notifyOthersOnDeactivation) } if audioSession.mode != .videoChat { try audioSession.setMode(.videoChat) } } catch { logger.error(msg: "AVAudioSession: \(error.localizedDescription)") } After initiating a video call, we recorded this app's video call using the iOS default screen recording feature. As a result, the recorded video includes system audio. However, iOS/iPad apps with similar features (Zoom, Skype, Slack) do not include audio in their recordings. Why does this difference occur? Is this behavior a security feature of iOS, and are there specific conditions required? Is there a need for some sort of configuration in AVAudioSession? additional :( I also reached out to Apple Developer Technical Support, and they responded, "We were able to reproduce it, but since we don't understand the issue, we will investigate it." What's that about...

I have an app that is getting rejected from TestFlight because of this error: ITMS-90683: Missing purpose string in Info.plist - Your app’s code references one or more APIs that access sensitive user data, or the app has one or more entitlements that permit such access. The Info.plist file for the “TurtleTuner.app” bundle should contain a NSCameraUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. If you’re using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. For details, visit: https://developer.apple.com/documentation/uikit/protecting_the_user_s_privacy/requesting_access_to_protected_resources. The app does not use the camera, only the microphone. I cannot find references to the camera in any of the third party libraries I'm using. What are some ways to troubleshoot this beyond looking for "camera" in the few dependencies? For context, this commit allows the app to get through successfully to TestFlight: https://github.com/tsargent/turtle-tuner/commit/67d4a52e62839ad6c2a49848bea9c408d983f17a While this following commit, which reverts the commit, fails on TestFlight with the mentioned camera permission error: https://github.com/tsargent/turtle-tuner/commit/c95b0b16c4e85d77e625d36b816ed53faa826cf5

Share Extension can access files from the Photos app but not the Files app. In case of the Photos app the file url is something like file:///var/mobile/... In case of the Files app the url stars with file:///private/var/mobile/... The following error is thrown in case of the Files app Error Domain=NSCocoaErrorDomain Code=260 "The file “file.pdf” couldn’t be opened because there is no such file." However the file is there, it was selected via the Files app and the share button was used to launch the Share Extension. Also the access to the file is within the following block url.startAccessingSecurityScopedResource() ... url.stopAccessingSecurityScopedResource() Another issue is that the Share Extension does not appear in the Settings / Privacy / Files and Folders. Here are the apps which have the "Applications that have requested access to files and folders will appear here". What is the solution to allow the Share extension access the files from the Files app ?

My team is building an SDK to release to game developers. Does our SDK require to meet the same IOS App store submission checklist? Wondering if there is any SDK checklist for IOS

Hello, according to this doc Apple will begin blocking app store submissions in Spring 2024 when an application or one of its 3rd-party SDKs calls certain iOS/iPadOS system APIs without declaring a reason for doing so via a privacy manifest. It seems that for framework and app targets, adding a privacy manifest is relatively straightforward: Add the xcprivacy file to the project and make it a member of the appropriate build target. For apps and fameworks, this will cause the privacy manifest to be copied into the root directory of the .app or .framework bundle at build time. I work on a SDK which ships to application developers as a static library (.a) bundled within a xcframework. It seems that Xcode will not allow a privacy manifest file to be added as a member of a static library target. Which I assume is because when compiled, a static library build target does not produce a bundle like a ".app" or ".framework" which you'd get when compiling an app or framework target. Just a standalone (.a) file. What is the recommended way for developers of static libraries to provide application developers with a privacy manifest for their SDK? Is there a mechanism for including the privacy manifest somewhere within the xcframework bundle at the time it is created for the static lib, so that it automatically gets copied into an application which may link to it? If not, can the privacy manifest be included in a resource bundle which we already provide to our partners along with the static lib? Or does the manifest need to exist within the root directory of the application bundle since the contents of the static lib will ultimately get embedded into the app binary? If that is the case, do we need to provide our app partners with a separate standalone xcprivacy file, which they would need to incorporate into their project?

I am looking into Privacy Manifests for a 3rd party SDK. An iOS project I'm working on includes several algorithmic libraries. I found this issue on swift-algorithms. Can I be sure that I don't really need to add a Privacy Manifests file for a library that is a collection of pure algorithms?

Current situation. I'm using third-party sdk make by myself with my app. my app use UserDefaults api, and My sdk(framework) too Recently, apple store policy changed, apple says If you use "Userdefaults API", Include Privacy Manifest. As a result My app including two Privacy manifest If I create 10 SDKs, and all of these SDKs use "Userdefaults API", and one app itself also uses the "Userdefaults API", is it correct to include 11 "Privacy manifests" in this app?