Question posted in 
I apologize for yet another Privacy Manifest post. I know there’s been endless posts about this recently, but after searching high and low (and trying lots of things), I’m still in a lurch here and can’t get out.
Upon submitting my newest Flutter build to the App Store, I’ve been getting the dreaded Invalid Binary error and subsequent email:
ITMS-91056: Invalid privacy manifest – The PrivacyInfo.xcprivacy file from the following path is invalid: “PrivacyInfo.xcprivacy”. Keys and values in your app’s privacy manifests must be valid.
I do have a Privacy Manifest in my app (target: Runner), and I thought I built it properly:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSPrivacyTrackingDomains</key>
<array/>
<key>NSPrivacyTracking</key>
<false/>
<key>NSPrivacyCollectedDataTypes</key>
<array>
<dict>
<key>NSPrivacyCollectedDataType</key>
<string>NSPrivacyCollectedDataTypeOtherDiagnosticData</string>
<key>NSPrivacyCollectedDataTypeLinked</key>
<false/>
<key>NSPrivacyCollectedDataTypeTracking</key>
<false/>
<key>NSPrivacyCollectedDataTypePurposes</key>
<array>
<string>NSPrivacyCollectedDataTypePurposeAnalytics</string>
</array>
</dict>
</array>
<key>NSPrivacyAccessedAPITypes</key>
<array>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>C617.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>1C8F.1</string>
<string>C56D.1</string>
</array>
</dict>
</array>
</dict>
</plist>
However, building a Privacy Report from the subsequent archive consistently gives me the same results:
Now, I’m still super new to this, but I assumed that report meant that I should add this bit to the Privacy Manifest, which I did:
<key>NSPrivacyCollectedDataTypes</key>
<array>
<dict>
<key>NSPrivacyCollectedDataType</key>
<string>NSPrivacyCollectedDataTypeOtherDiagnosticData</string>
<key>NSPrivacyCollectedDataTypeLinked</key>
<false/>
<key>NSPrivacyCollectedDataTypeTracking</key>
<false/>
<key>NSPrivacyCollectedDataTypePurposes</key>
<array>
<string>NSPrivacyCollectedDataTypePurposeAnalytics</string>
</array>
</dict>
</array>
Totally though that was going to be the solution, but I’m still getting the same errors in both the Privacy Report and App Store Connect. Totally out of ideas here. Any help would be be super appreciated!
Bit more context if needed:
- firebase_core: ^3.6.0
- firebase_storage: ^12.3.2
- Flutter: 3.24.3
- Dart: 3.5.3
- DevTools: 2.37.3
- cocoapods: 1.15.2
- Xcode: 16.0
The app was working and uploading to the App Store Connect beautifully until about a month ago (when the new policies rolled out). Also recently, I started to add Firestore functionality to my app – so I’m assuming the NEW package being added to an OLD app/project is what’s gotten me in trouble.
2
Answers
After months of banging my head against the wall, I finally figured it out. Make sure your Privacy Manifest is in the right folder! My Manifest was in the top-level Runner folder — it needs to be in the secondary Runner folder (Runner > Runner) ...
Something so simple.
God knows why they decided to have a Runner folder inside a Runner folder...
A bit late, but here’s my answer:
Apple has made privacy manifest key values mandatory at package level for app submission since April 2024. If you are using some packages that requires critical permissions to function and if those permissions are not stated in PrivacyInfo.xcprivacy, then you must update that package to its latest version.
In my case, I upgraded
connectivity_plusto its latest version in Flutter, and it resolves this issue.