Hello, Scenario: My app is running in the foreground, logged into my backend server and I have registered for push notifications and received a push token. I have pin code activated on the phone. I make some code changes and re-flash it in Xcode, the app is running in debug mode wired to Xcode. I put the app in the background and lock the screen and wait 30 sec until data protection is activated and the keychain cannot be accessed. I send a push notification. In this case didRegisterForRemoteNotificationsWithDeviceToken if often called with the same push token as I had before. Data is protected in this state, hence I cannot access the auth token and send the token to the server. In this case it is not needed since the token is the same, but it got me a bit worried. In didRegisterForRemoteNotificationsWithDeviceToken I send the push token to the server, as the Apple docs recommend. My concern now is: could didRegisterForRemoteNotificationsWithDeviceToken be called in a real scenario when the phone is locked and data protection is activated? The Apple docs say: Device tokens can change periodically, so caching the value risks sending an invalid token to your server. And gives an example: For example, UIKit calls the method when the user launches an app after having restored a device from data that is not the device’s backup data. In this case, since the user is initiating it, the phone is unlocked so data should be unprotected. But that is one example, what more scenarios could there be that triggers this function, and could data be protected in those scenarios? I'm worried that it could be triggered, even if its rare, in a state where data protection is activated, hence I cannot send the new push token to the server, and thus future remote notifications from the server will not be received by my app until the users logs out and logs in again.

My project (an non-sandbox app) was written in Swift on MacOS and it can execute the Apple script successfully. I would like to listen for Privacy & Security > Automation > System Events status changes when the user changes it in System Settings to disable or enable my app feature in MacOS. My app can receive Accessibility changes through this notification "com.apple.accessibility.api" Are there any system notifications for my app to receive Automation > System Events status changes? Thank you!

I’m looking for guidance on what to do with the new changes [coming] (https://developer.apple.com/support/third-party-SDK-requirements/) for adding Privacy Manifest to my app. I’m using on of the listed SDK which they include a Privacy Manifest of their own, do I need to include one in my app or do I just use the third-party’s? Also what happens when a developer hasn't updated its swift package to contain one?

In the "Privacy updates for App Store submissions" section, the addition of a privacy manifest file is required for app releases after May 1. We added a subdomain and defined it in NSPrivacyTrackingDomains, but when we separate the subdomain and main domain as "tracking.example.com" when ATT is allowed and "example.com" when ATT is not allowed would the communication on the main domain not result in an error? I couldn't figure it out exactly from the documentation or the session, so please let me confirm. Documentation: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files Session (domain definition): https://developer.apple.com/videos/play/wwdc2023/10060/?time=387

In the "Privacy updates for App Store submissions" section, the addition of a privacy manifest file is required for app releases after May 1. We added a subdomain and defined it in NSPrivacyTrackingDomains, but when we separate the subdomain and main domain as "tracking.example.com" when ATT is allowed and "example.com" when ATT is not allowed would the communication on the main domain not result in an error? I couldn't figure it out exactly from the documentation or the session, so please let me confirm. Documentation: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files Session (domain definition): https://developer.apple.com/videos/play/wwdc2023/10060/?time=387

The text from https://developer.apple.com/news/?id=3d8a9yyh states, "Make sure to use a version of the SDK that includes its privacy manifest and note that signatures are also required when the SDK is added as a binary dependency." Does this imply that I must update all the third-party libraries I use to versions that "include a privacy manifest"? I do not wish to upgrade the third-party library code, but I can ensure that the privacy manifest in my app will include the privacy manifest related to the APIs utilized by these older versions of the third-party libraries

this post is related to the https://developer.apple.com/videos/play/wwdc2023/10061/ Hi, we are wondering if the framework should be signed. the video indicates that all xcframework must be signed, on the other hand framework is not mentioned even website. does anyone have ideas?

Hello, I have a project that generates a fat Static Library (NOT a Static XC Framework), and the output of that project would be a single static library file let us say: libProject.a We are distributing this libProject.a to our clients and we are not using XCFrameworks yet. In this specific case (Static Library) do we need PrivacyInfo.xcprivacy file? and in case it is required how is it supposed to be distributed with the static library? is it enough for the ones who are calling this library in their project to add the missing XCPrivacy entries to their app "PrivacyInfo.xcprivacy" file ? PS: I know ideally it would be better to use Static Framework instead of Static Library but that is still planned in our schedule for a future release, Since "Static Library" target type is still supported by Xcode 15.2 that means there must be a solution. Thanks in advance,

Hello, We provide some xcframework for customer, the xcode automatically merge all privacy manifests under the xcframework? If it is a framework, do you need to manually configure the app level privacy manifest ?

Would it be acceptable to include a blank privacy manifest file for a open-source third-party SDK that does not fit any of the Data Types or Required Reason APIs categories? Or would it be better not to include one at all?

Hello everyone, I have a question about the file PrivacyInfo.xcprivacy: Is it mandatory to have it in all XCFrameworks for submitting/updating apps in the App Store after Spring 2024? Alternatively, can the app declare all the values of this file directly (including the required configurations for third-party libraries) while the third party delivers the XCFrameworks with this file included?

Using the Bonjour service requires obtaining local network permissions, but the Bonjour service also scans nearby devices through Bluetooth. Why doesn't Bluetooth permission be required? https://developer.apple.com/library/archive/qa/qa1753/_index.html#apple_ref/doc/uid/DTS40011315/ Did I misunderstand? Is there an issue with the design of iOS here?

The current structure of my SDK xcframework is XXXX-Release.xcframework. Inside that, I have an XXXX.xcframework and a LICENSE.md file. Currently, this structure works fine in Swift Package Manager, dropping the XXXX-Release.xcframework file into Xcode and CocoaPods. When I sign my xcframework as per Apple's requirements, I need to sign XXXX.xcframework, which is on the second level. Signing this works fine. Will this meet Apple's requirements for signing an xcframework? I just want to make sure the current structure of my SDK does not need to change. Thanks

Do I have to add the Privacy Manifest file in my SDK if I'm not using any required reason APis and not collecting any data?

Hi. My team is still using GLKit. I have no choice but to keep using it to support non-iOS products as well. (We don't have many developers.) While researching 'Privacy Manifest', I found out that the third party library needs to add 'PrivacyInfo'. I confirmed on Xcode that GLKit is Apple SDKs. Does this mean it's not a third party library? Is using GLKit not related to 'Privacy Manifest'?

Hey everyone, Was having a look into this article posted by Apple. I noticed that one of the SDKs I use - FirebaseMessaging - is included on that list. Having a look into the SDK's repository, I noticed that the Firebase team is already addressing the issue, as this PR shows. But, if you look at that SDK's PrivacyInfo.xcprivacy file, the NSPrivacyAccessedAPITypes property has no value associated with it. Apple clearly states that APIs that use required reason APIs are the ones that need to be updated until Sprint 2024. FirebaseMessaging looks like it doesn't, so why is it included on that list? Looking forward to your feedback.

Our company has a library that can be used internally. This is being used as a .a file. The languages are in C and C++. C code contains stat. Is this the same stat as Apple refers to?? How do you solve this??

Hi Team, We have a static framework and we have included the PrivacyInfo.xcprivacy for each architecture inside the xcframework and when we try to generate the privacy report it throws error like xcprivacy not found. Can you please tell us how to include the PrivacyInfo.xcprivacy file for static frameworks.

Hi, We are a fraud detection and prevention company. We provide SDKs to customers to integrate with their applications. I wanted to clarify if we are required to provide the data collection details in the manifest files same question for the system APIs the reasons mentioned for the system APIs don't fit with our use case, how can we get the custom reasons added in case we need to mention those in the manifest.

Hello, I need to monitor input events and convert keycode to symbol. E.g. convert kHIDUsage_KeyboardQ to symbol according to used keyboard layout. Are there any API to get current keyboard layout (language) in C++? If I understand correctly, the API TISGetInputSourceProperty() is deprecated. Are there any way to monitor keyboard layout changed? (some system notification in case of keyboard layout change) Are there any way to translate keycode to symbol except UCKeyTranslate() which is part of deprecated Unicode Utilities? Thank you in advance.