Suppose I have some third party frameworks integrated in an application. From May inwards, its mandatory to have privacy manifest for all the tracking APIs. But if the third party library doesnt have any plans to integrate the third party framework, how should we proceed to avoid rejection from the app store?

Hello, I’ve got some questions about the privacy manifest. On March 18, we built our company's app with Xcode 14, submitted it for review, and it passed. However, we did not make any adjustments for the privacy manifest and yet did not receive any related emails. Our app utilizes APIs like UserDefaults and file stamps. We've got permission from our users to use tracking, so we turned on Xcode15 instruments to check the network, but there were no faults identified in the points of interest. It looks like we’re engaged in tracking activities, possibly with tools like Firebase. Can someone who knows about this please give me an answer?

We've been getting missing API declaration errors when submitting our app to App Store Connect for review. As SDK providers, while we have attempted our best effort to declare which APIs are being called in our Privacy Manifests, it's difficult to determine what we are missing especially with multiple libraries. Only the app container is raised as the offending target, so how do we determine which dependency or even which API call is causing App Store Connect to flag errors, so we can properly declare usage in our Privacy Manifests?

Hi, I've run an Instruments network capture of our iOS app and the Points of Interest track lists faults due to undisclosed tracking domains. For example app-measurement.com which is used by Firebase causes the fault: Fault: app-measurement.com is not listed in your app's NSPrivacyTrackingDomain key in any privacy manifest. It may be following users across multiple apps and websites to create a profile about users of apps that contact this domain. However my PrivacyInfo.xcprivacy file contains (API and Nutrition info omitted): NSPrivacyTracking: true NSPrivacyTrackingDomains: app-measurement.com So I'm surprised the fault is still occurring. Is it because the call is coming from a 3rd party SDK (Firebase)? I'll be removing this entry once a compliant Firebase SDK is released but figured it should still work. I've checked that the IPA contains PrivacyInfo.xcprivacy, and that I'm able to generate a privacy report. I'm using Xcode 15.0, iOS 17.1.

I requested the com.apple.developer.device-information.user-assigned-device-name entitlement on Feb 11 and received an email reply stating "We’ll contact you within a few weeks with your request status." However, it's been more than a month without any updates. Can anyone chime in with their experience RE: how long it took for Apple to review their request for this entitlement? https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_device-information_user-assigned-device-name

Does anybody know what the "Document Storage" entry in the Privacy settings for an app means? I recently discovered that the Privacy Settings of my own app nowadays has a "Document Storage" entry, with (for me) the possible choices: "iCloud Drive", "On My Phone", and "Dropbox". I don't know with which version of iOS these appeared. When "iCloud Drive" is selected (the default), then the explanatory text below it says "Automatically upload and store your documents in iCloud Drive" My app has no explicit support for iCloud Drive or iCloud in general, and no support for Dropbox. Some of its files are stored in the Documents folder of the app, which is publicly accessible (through the Files app, e.g.) My users assume that enabling the option will automatically copy those files to iCloud Drive, but that does not seem to be happening. I have searched half a day for any documentation around this from Apple, but found nothing. So: does anybody know what that setting does? And: if it does not do anything, then how can I can make sure it does NOT appear, to not confuse my users?

Dears, do we have to expect any alert from Apple during upload to appcenter for new clients in order to be compliant to Third Party SDK and signature? I'm uploading new beta clients every day without any evidence (rather than the Xcode 15 one) Could someone notify if receiving any alert during upload step or can we have any alert during manual review? It's not clear to me if i have to work on it or what. Thanks

Issue: The screen saver is not shown, and the user is not locked after removing a smart card with a logged in user. I have tried setting tokenRemovalAction to 1, along with various other com.apple.security.smartcard defaults, and I have also tried setting "turn on screen saver when login token removed." None of this makes the screen locked on card removal. Is this an issue with MacOS14 or is there a different setting/value that has to be set for this to work correctly?

Are mergeable libraries compatible with digital signatures and privacy manifests? If so, what happens to the privacy manifests from each merged library? Do they get merged?

Hello, I want to release an update of my app and I was wondering if the privacy manifest is already required for submitting an update, or if the app will get rejected for this reason (missing manifest file). Thank you

Dear Developer Community, I recently implemented privacy manifest changes in accordance with Apple guidelines. However, have encountered unexpected issues with BLE communication while our app was running in the background when there are multiple reader. During local testing in both debug and release modes within Xcode, have not experienced any problems with BLE communication, even with multiple readers. However, upon uploading the build to TestFlight for testing, i found that communication was being blocked when multiple readers are there. This behavior was quite perplexing. Upon further investigation, I decided to revert the privacy manifest changes and retested via TestFlight. Surprisingly, we did not encounter any issues with BLE communication. I am reaching out to this forum to inquire whether anyone else has encountered similar issues with BLE communication. Additionally, I have submitted a report via Feedback Assistant to seek assistance from Apple. I am particularly interested in understanding if any core logic related to BLE is affected by the privacy manifest changes. As Apple has mandated the inclusion of the privacy manifest for App Store submissions starting from Spring 2024, any insights or assistance on this matter would be greatly appreciated.

Lets say i have an sdk that is not one of those listed, but it uses one of those listed. In this case, do i have to get the sdk im using to update their dependency to add the required signature and privacy manifest?

I am assuming that even if the app i am using is not listed in the ios list of privacy impacting sdks, if they use a privacy impacting sdk in their sdk, then my app will be required to get the privacy manifest for that privacy impacting sdk: the rule must (logically!) be transitive. So far apple has not sent any email about the app needing to provide that for any of our sdks. but i am worried that maybe apple has not done the check for us yet, and by the time they do , we will be near deadline to submit an app.

In https://developer.apple.com/support/third-party-SDK-requirements/ it says "Signatures are also required in these cases where the listed SDKs are used as binary dependencies. " As I am clueless regarding the technicalities of how sdks are added to a host app, the term binary dependency means nothing to me. For reference, our app uses Cocoapods to install all of the sdks.

Hello. From March 13, 2024, he said he would send an e-mail related to 'Privacy Manifest'. Does Apple send us an email to the review process? Or does it send the app after it is finally released??

As per the https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_data_use_in_privacy_manifests Mentions that Third-party SDKs need to provide their own privacy manifest files. What about the SDKs which are in-house? Meaning if the application contains the SDKs which are developer within the same company as the application would be treated as Third-party SDKs?

This is the mail I received from Apple while testing. If you look at it, it shows that there are two items that are problematic. As you can see, "ITMS-91053: Missing API decimation" shows the same problem in both, but the colors are displayed differently. (Purple, Gray) There were four problems in the mail I received while testing more, but all of them received the same color. Is this just a mail error?? Or does the color have a meaning?

Hi, I am testing out an update for my app in macOS Sonoma. I first installed the App Store version of my app on the device running macOS Sonoma, and it ran fine. I then installed an updated version of my app through TestFlight (built with macOS Ventura SDK), but when I run this updated version, I get prompted ”MyApp differs from previously opened versions. Are you sure you want to open it?". Why is this happening? Is this warning only because the app is updated through TestFlight, or do I need to do something to prevent this warning from happening when I update my app through the App Store? I see this mentioned in an Apple security update:: App Sandbox now associates your macOS app with its sandbox container using its code signature. The operating system asks the person using your app to grant permission if it tries to access a sandbox container associated with a different app. For more information, see Accessing files from the macOS App Sandbox. My app is already sandboxed, and I'm not trying to access a different app's sandbox container, just my own. For the TestFlight build, it probably also uses the same Release configuration that the App Store build uses. I might have changed my provisioning profiles recently because they expired. Would that affect this and cause a prompt to be showed? Would love to know more about this prompt and how to avoid it. Thanks.

I want to develop a safari extension for a study for a pet project website. I want to understand the challenges faced by the users while making searches on my e-commerce website. So the extension would basically trigger a survey when active on my website. If I were to understand what was searched on the website I would need to capture the url for the current page on they are on. Would this be possible? Would it comply with Apple regulation policies?

Hello community: I have some questions about xcprivacy and third parties. I was talking to a third party owner and he told me that in PrivacyInfo.xcprivacy you only need to declare the minimum things to use the third party. For example, the third party uses the user's default value to save data about the application, but also if he has extensions, he uses it to communicate data between the application and the extension. Just declare the first one. Also, it retrieves purchase history and there's a way to use it anonymously (although in my opinion it is not the most used feature by this third party) so the data is not linked to anyone, but if you use a user identified with Apple ID, purchase history is linked to it. So if the third party only declares the minimal things that he uses, how can we know the rest of the data/api uses? Is this approach correct?