Missing privacy manifest

Hi,

The email attached states that we need to add GoogleToolboxForMac's missing privacy manifest. I received the attached report

after running my app privacy report, however it is different and does not include GoogleToolboxForMac. I'm not sure if we need to add the privacy manifest for GoogleToolboxForMac alone or for both of them. If yes, what should I put in my privacy manifest for GoogleToolboxForMac?

IS IT BELOW CODE NEED TO ADD IN PRIVACY MANIFEST

<dict> <key>NSPrivacyAccessedAPITypes</key> <array/> <key>NSPrivacyCollectedDataTypes</key> <array/> <key>NSPrivacyTracking</key> <false/> <key>NSPrivacyTrackingDomains</key> <array/> </dict>

OR

IS IT BELOW CODE NEED TO ADD IN PRIVACY MANIFEST

<dict> <key>NSPrivacyAccessedAPITypes</key> <array> <dict> <key>NSPrivacyAccessedAPIType</key> <string>NSPrivacyAccessedAPICategoryUserDefaults</string> <key>NSPrivacyAccessedAPITypeReasons</key> <array> <string>CA92.1</string> </array> </dict> </array> <key>NSPrivacyCollectedDataTypes</key> <array/> <key>NSPrivacyTracking</key> <false/> <key>NSPrivacyTrackingDomains</key> <array/> </dict>

Please reply ASAP

Regards, Viharshitha

Do you have the complete report to see the list of dependencies?

The error message 'ITMS-91061: Missing privacy manifest' indicates that your iOS app is missing the necessary privacy manifest files for certain features you are using in your app. The privacy manifest files are required to disclose how your app uses sensitive user data, such as location, contacts, photos, etc.

In your case it seems like is a third party library. Third-party frameworks also require a privacy manifest and signature. It seems like your report is asking for the privacy manifest for GoogleDataTransport that may be a dependency. Check all their dependencies for GoogleToolboxForMac.

https://developer.apple.com/support/third-party-SDK-requirements/

Please refer to the link provided above. The library you are currently using, GoogleToolboxForMac as well as GoogleDataTransport, is included in the list. It seems by the error that could be one of the dependencies. Do you have the complete report? The third-party library you receive should provide a newer version of the library that includes the privacy manifest.

I recommend contacting the third-party framework provider to obtain a version that includes the privacy manifest.

Albert Pascual
  Worldwide Developer Relations.

Hi

do i need to take any action for it? i tried to generate privacy report from xcode

is it fine or will it stop for app store push? please help on it

@viharshitha , you are raising 2 different issues.

The email attached

As explained by @DTS Engineer, your app includes GoogleToolboxForMac, a privacy-impacting SDK that doesn't contain a privacy manifest file. Contact the SDK's author to request a version of the SDK that includes a privacy manifest.

after running my app privacy report, however it is different and does not include GoogleToolboxForMac

The privacy report only includes information added to the NSPrivacyCollectedDataTypes key in the privacy manifest file. For instance, if the privacy manifest file includes all keys except this key, the privacy report shows an error message. The GoogleDataTransport_Privacy.bundle appears in the report because it probably includes NSPrivacyCollectedDataTypes.

is it fine or will it stop for app store push? please help on it

If you receive an updated version of GoogleToolboxForMac that includes a privacy manifest file, the privacy report will include information about this SDK if and only if its privacy manifest includes a valid NSPrivacyCollectedDataTypes key. For more information, see TN3184: Adding data collection details to your privacy manifest.

.

Thank you for your response. I checked myself in my project. Since the third part SDK introduced a privacy manifest and it is included in pods now, I need to make sure that my production IPA file resolves the email issue mentioned below.

Don't want to take risk at last app submission date. please help me

@viharshitha

I checked myself in my project. Since the third part SDK introduced a privacy manifest and it is included in pods now, I need to make sure that my production IPA file resolves the email issue mentioned below.

If your Xcode project now contains an updated version of the SDK with a privacy manifest file, rebuild, archive, then submit your app for review again.

Can I submit my app for review elsewhere to check if the issue has been resolved, since I'm still working on our features and can't formally publish or distribute it?

Can I submit my app for review elsewhere to check if the issue has been resolved, since I'm still working on our features and can't formally publish or distribute it? if i upload my build at external testing then Apple will review my below mentioned issue?

@DTS Engineer, Team already updated to newer version of that sdk, They can see privacy manifest in pod file, When they perform generate privacy report, They see only one item** googledatatransport**, Do we have any other way to validate the privacy manifest file? Could you help the team on this..

@viharshitha

Can I submit my app for review elsewhere to check if the issue has been resolved, since I'm still working on our features and can't formally publish or distribute it

Only submit your app for review once you are done implementing and testing it.

check if the issue has been resolved,

To confirm that your issue was resolved, confirm GoogleToolbooxForMac contains a privacy manifest file at the expected location for this type of product.

  • For iOS, iPadOS, tvOS, visionOS, or watchOS frameworks, the privacy manifest appears at the root of the framework’s bundle.*
  • For macOS and Mac Catalyst frameworks, the privacy manifest file resides in Versions/A/Resources/ in the framework’s bundle.

For more information, see Adding a privacy manifest to your app or third-party SDK.

@sujeetcarrier

They can see privacy manifest in pod file, When they perform generate privacy report, They see only one item** googledatatransport**,

As mentioned above, the privacy report only includes information added to the NSPrivacyCollectedDataTypes key in the privacy manifest file. The googledatatransport appears in the report because its privacy manifest file probably includes NSPrivacyCollectedDataTypes.

Do we have any other way to validate the privacy manifest file? Could you help the team on this.

What do you mean by validating the privacy manifest?

If you want to find out if the privacy-impacting framework includes a privacy manifest file, see the above answer.

If you want to find out if a privacy manifest is properly formatted, and contains valid keys and values, see the following resources:

Missing privacy manifest
 
 
Q