Solve ITMS-91053: Missing API declaration
Apps missing API details in their privacy file will get rejected by App Store Connect
Download my sample PrivacyInfo.xcprivacy file.
In the world of app development, privacy is paramount. Apple’s guidelines for developers include a crucial step: detailing the use of required reason APIs in privacy manifest files. This documentation process is not just about compliance; it’s a commitment to transparency and user trust.
1) Create a privacy manifest
To add the privacy manifest to your app or third-party SDK in Xcode, follow these steps:
- Choose File > New File.
- Scroll down to the Resource section, and select App Privacy File type.
- Click Next.
- Check your app or third-party SDK’s target in the Targets list.
- Click Create.
By default, the file is named PrivacyInfo.xcprivacy this is the required file name for bundled privacy manifests. You need to add the privacy manifest file to your target’s resources for Xcode to use it when you generate a privacy report.
2) Required reason APIs
Some APIs that your app uses to deliver its core functionality — in code you write or included in a third-party SDK — have the potential of being misused to access device signals to try to identify the device or user, also known as fingerprinting.
If you upload an app to App Store Connect that uses the required reason API without describing the reason in its privacy manifest file, Apple sends you an email reminding you to add the reason to the app’s privacy manifest.
In this case, select the PrivacyInfo.xcprivacy in Xcode, and click the “+” button next to the App Privacy Configuration. Then select the API reason that Apple provided. In this example we have NSPrivacyAccessedAPITypes.
The next step is to click the “+” button next to the Item 0 in order to add API Type and API Reasons.
Now it’s time to add a description for the API Reasons. You can find all the API reasons here.
NSPrivacyAccessedAPITypeReasons (Privacy Accessed API Reasons)
For this example, we will use this description for the API reasons:
CA92.1: Access info from the same app, per documentation
NOTE: You only need to paste CA92.1, then hit Enter. It should get populated with the right text automatically.
NSPrivacyAccessedAPIType (Privacy Accessed API Type)
This will be the API type that Apple provided in the email. For this example we use: NSPrivacyAccessedAPICategoryUserDefaults
3) Generate Privacy Report
This step is optional. In Xcode 15, when submitting your app to the App Store, you can generate a privacy report that consolidates all privacy manifests from your project. This is done by selecting “Generate Privacy Report” from the context menu in Xcode Organizer for an app archive. This feature helps ensure your app meets App Store privacy requirements.
FAQ:
Q) Can I add multiple reasons if I use UserDefaults for other things?
A) Yes, you can use more reasons. Just make sure that those reasons are matching the ones from Apple: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api
Q) How do I find out if my app is compliant?
A) When you submit the app for review, App Store Connect will send you an email. To avoid re-submitting the app again, we recommend submitting your app for TestFlight App Review. This will trigger the email as soon as you submit it for review.
Another benefit of TestFlight App Review is that you will get early feedback from the App Review team.
Q) When should my app include the PrivacyInfo.xcprivacy file?
A) Ideally as soon as you publish a new app or an app update. But if you prefer to wait, you still have time until May 1, 2024.
If you have any questions or suggestions, please feel free to send an email to support@apps4world.com.
If you have made it until the end :) here is a 10% OFF coupon ZWV-YJN-TVZ for any iOS Source Code from the Apps4World marketplace.
Thanks for reading!