Reputation: 24325
ITMS-91053: Missing API declaration - Privacy
Why am I all of a sudden getting this on successful builds with Apple?
Although submission for App Store review was successful, you may want to correct the following issues in your next submission for App Store review. Once you've corrected the issues, upload a new binary to App Store Connect.
ITMS-91053: Missing API declaration - Your app’s code in the “Test” file references one or more APIs that require reasons, including the following API categories:
NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.ITMS-91053: Missing API declaration - Your app’s code in the “Test” file references one or more APIs that require reasons, including the following API categories:
NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.ITMS-91053: Missing API declaration - Your app’s code in the “Test” file references one or more APIs that require reasons, including the following API categories:
NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.ITMS-91053: Missing API declaration - Your app’s code in the “Test” file references one or more APIs that require reasons, including the following API categories:
NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.
Upvotes: 270
Views: 106415
Answers (13)
Reputation: 496
For Flutter developers it's fine to create a new App Privacy file in Xcode (%YOUR_FLUTTER_PROJECT%/ios/Runner/PrivacyInfo.xcprivacy) and configure the keys and reasons. e.g.:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSPrivacyAccessedAPITypes</key>
<array>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryDiskSpace</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>E174.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>CA92.1</string>
</array>
</dict>
</array>
</dict>
</plist>
Please not just copy without verifying your own API usage. Possible reasons are listed here:
Upvotes: 33
Reputation: 7
Add the following keys to my Privacyinfo.xcprivacy file:
<key>NSPrivacyTracking</key>
<false/>
<key>NSPrivacyTrackingDomains</key>
<array/>
<key>NSPrivacyCollectedDataTypes</key>
<array>
<dict/>
</array>
<key>NSPrivacyAccessedAPITypes</key>
<array>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>C617.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategorySystemBootTime</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>35F9.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryDiskSpace</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>7D9E.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>CA92.1</string>
</array>
</dict>
</array>
Upvotes: -11
Reputation: 6406
For Xamarin and MAUI applications:
Create a Privacyinfo.xcprivacy file with the XML content as described elsewhere in this post (ensuring it tailored to your app, obviously), but make sure to mark the Build Action for Privacyinfo.xcprivacy as "BundleResource".
<BundleResource Include="Privacyinfo.xcprivacy" />
Upvotes: 2
Reputation: 31
For those who are looking for boilerplate generation and finding SDK/dependency's PrivacyInfo.xcprivacy files, you can read and follow steps in this guide. Use Google Translate, as it's written in Chinese.
The steps would be
- using one of scanners
- in case you are using CocoaPods or Carthage, the scanner will try to search related PrivacyInfo.xcprivacy file from the correct repository
- if it can't find it, it will include it in warning texts
- as for your own project, fill in the your own reason in the generated template file.
- if things are correct, you will see correct entries privacy report when you generate it from built archive files (Xcode → Organizer → Archives → right-click on the correct archive files and Generate Privacy Report)
In case your project is still using outdated pods from CocoaPods, and cannot update it, you will have to manually copy the file (generated from one of scanners in the guide). And you will have to set the correct target for each pod (Alamofire file, copy into Xcode, set Target to "Alamofire", not your project as the target).
It is a similar approach to Carthage.
Not everyone is working in the greenfield of SPM, and targeting the latest iOS version, so I hope this helps.
Upvotes: 2
Reputation: 11140
As some people had already mentioned, from 2024-05-01 you have to describe in PrivacyInfo.xcprivacy, why you use some methods (read more here). Its to prevent apps from making a digital fingerprint of a person in order to identify him/her along the other apps.
Even though I described all required reasons API in my app, I still got email from App Review (ITMS-91053: Missing API declaration).
What I had to do was to find all methods described here for API category which was mentioned in the email also in the Package Dependencies. This way I found that some libraries still use the methods or hadn't created a PrivacyInfo file yet in my resolved version. So I had to update those libraries.
Even though this resolved some problems, I still got email from App Review. I tried to find all the methods from the reported API category, but I didn't find anything. And then I realized that I was searching just for Swift methods. So I switched Language in Apple Docs to Objective-C, and this way I was able to find that some libraries which used these Objective-C methods. I updated them, and it fixed my problem.
Upvotes: 0
Reputation: 171
I received the same notification from Apple:
ITMS-91053: Missing API declaration - Your app’s code in the “ ” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time...
ITMS-91053: Missing API declaration - Your app’s code in the “ ” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time...
I added PrivacyInfo.xcprivacy file as in video https://developer.apple.com/videos/play/wwdc2023/10060 with following content:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSPrivacyAccessedAPITypes</key>
<array>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>CA92.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategorySystemBootTime</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>35F9.1</string>
</array>
</dict>
</array>
</dict>
</plist>
And don't forget to set Target Membership for this file to your main bundle. Otherwise you will get the same result.
After this, I didn't get a warning from Apple.
P.S.: One more important note. If extensions are used in the project, the email from Apple will probably include these extensions as well. In this case, the separate PrivacyInfo.xcprivacy files with the necessary reasons must be added to the specified extensions as well. Accordingly, you must set the Target Membership for PrivacyInfo.xcprivacy, depending on the extension required.
Upvotes: 13
Reputation: 8635
This is all documented in the Apple's website. Here are the steps:
- Create a privacy manifest file for your app:
To add the privacy manifest to your app or third-party SDK in Xcode, follow these steps: Choose File > New File.
Scroll down to the Resource section, and select App Privacy File type.
Click Next.
Check your app or third-party SDK’s target in the Targets list.
Click Create.
By default, the file is named PrivacyInfo.xcprivacy; this is the required file name for bundled privacy manifests.
At the top level of this property list file, add the following key to the dictionary:
NSPrivacyAccessedAPITypesBasically, the keys that you need to add have been mentioned in the Apple's email:
... you must include a NSPrivacy...., in this link search for each of the keys mentioned in your email starting withNSPrivacy...and see what the accepted reason codes are related to your own app and add it.
You should have one item for each NSPrivacy... key under the NSPrivacyAccessedAPITypes, which each of them has only one Privacy Accessed API Type which is the key name and one Privacy Accessed API Reasons which can include one or more reason codes.
And do not forget to select target for PrivacyInfo.xcprivacy file.
Your privacy manifest file will look like something like this in the end:
References:
Upvotes: 224
Reputation: 248
Starting in fall 2023, you will receive an email when uploading apps that use Apple's essential API to App Store Connect. If the reason for using the API is not explained in the app's PrivacyInfo file, the app will not pass from May 2024.
You can see what APIs are there and what are the reasons for the approval: Describing use of required reason API
Also there's this video about it: Get started with privacy manifests
How can you use it?
You have to add PrivacyInfo.xcprivacy
In the PrivacyInfo.xcprivacy file, you can define what data the SDK collects, where it is used for connection, and whether it is used for tracking.

Upvotes: 14
Reputation: 4680
I was getting similar warnings after my upload. It seems there is still quite some time to resolve it (before May 1, 2024). I added the following keys to the app target's Privacy manifest (PrivacyInfo.xcprivacy), based on Apple's developer documentation regarding the matter.
<key>NSPrivacyAccessedAPITypes</key>
<array>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>C617.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>CA92.1</string>
</array>
</dict>
</array>
The Privacy Manifest file can be created from Xcode. Create a new file, search and select App Privacy as a file type, and select the concerning targets (those targets are mentioned in these warnings you got after uploading). Details on how to edit the Privacy Manifest is documented in this link.
And also more on it in this WWDC 2023 video.
Upvotes: 72
Reputation: 727
For people who are using Expo Go or any expo package you find the current status here: https://github.com/expo/expo/issues/27796.
Update
Here is the official Expo documentation now. Expo packages now include a PrivacyInfo.xcprivacy if required. You can also add your own PrivacyInfo.xcprivacy via settings in app.json (details here https://docs.expo.dev/guides/apple-privacy/#configuration-in-appjsonappconfigjs) if you are using a native iOS library that using a "restricted reason" API.
Upvotes: 6
Reputation: 573
//Create the PrivacyInfo file via File->new->App privacy then add the following code in that file . After that Distribute your app for appstore it will resolved your issue
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSPrivacyAccessedAPITypes</key>
<array>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryDiskSpace</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>85F4.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategorySystemBootTime</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>35F9.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>C617.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>CA92.1</string>
</array>
</dict>
</array>
</dict>
</plist>
Upvotes: 4
Reputation: 876
Apple is sending this email because your application or the 3rd party SDK used by your application is using any of the APIs that require its reason to use.
You can check the api and their reasons from the following links.
A list of third parties can be found
What you have to do is
- Add the privacyinfo.xcprivacy file from xcode
- Update the SDK version to a version that has privacyinfo support.
Upvotes: 2
Reputation: 625
Explanation: The ITMS-91053 errors you received indicate that your app's code specifically references APIs within the mentioned categories. This isn't a generic template that all apps must fill out; rather, it's a notification based on a scan of your app's binary by Apple's review process, which identified that your app uses these specific APIs. Starting May 1, 2024, Apple requires developers to declare the use of such APIs in their app's
Just in case you're looking for an example, my PrivacyInfo.xcprivacy Source Code looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!--
PrivacyInfo.xcprivacy
SwiftyGaming
Created by Ndriqim Haxhaj on 3/21/24.
Copyright (c) 2024 ___ORGANIZATIONNAME___. All rights reserved.
-->
<plist version="1.0">
<dict>
<key>NSPrivacyAccessedAPITypes</key>
<array>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>CA92.1</string>
<string>C56D.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategorySystemBootTime</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>35F9.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryDiskSpace</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>E174.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>DDA9.1</string>
<string>0A2A.1</string>
</array>
</dict>
</array>
</dict>
</plist>
The PrivacyInfo.xcprivacy must be created this way:
Full article: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files
Mine is located near Info.plist (don't mix these two) 
All the reasons used above (CA92.1, C56D.1, ...) are taken from official documentation link: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api
Here is a final representation of PrivacyInfo.xcprivacy as Property List:
Upvotes: 23
Related Questions
- Cordova-ios 7.1.0: ITMS-91053: Missing API declaration after adding privacy manifest
- App Store missing API declaration (for May 2024+)
- Why Apple keeps warning even after I handled the new privacy manifest rule?
- ITMS-91053: Missing API declaration - ReactNative
- Verify my PrivacyInfo.xcprivacy file, please?