Question 378180 in Xcode Question posted in
Whether you're new to Xcode or an experienced developer, our archive has everything you need to know about this integrated development environment (IDE). From basic functionalities to advanced features, our archive covers a wide range of Xcode-related questions and answers. Browse our archive now and find solutions to your Xcode questions, and take your app development skills to the next level

Xcode – Why Apple keeps warning even after I handled the new privacy manifest rule?

Apple’s message:

ITMS-91053: Missing API declaration - Your app’s code in the “{app name}” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “{app name}” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “{app name}” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “{app name}” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

So, I did the following to tackle the issue:

  • Upgrade 3rd party SDKs that are listed in the required list of Apple so that they have their manifest.
  • Out of the four API categories, only NSPrivacyAccessedAPICategoryUserDefaults is also needed on the app side (as my app uses UserDefaults), so I added it to the app’s PrivacyInfo.xcprivacy.

However, when I submitted the new app, Apple still responded with the same warning. My understanding is privacy manifests of the App and SDKs are merged into one (or equivalent). Is that correct? What am I missing then?

Swift Packages and versions

The log from the xcodebuild

[08:11:49]: ▸ Resolved source packages:
[08:11:49]: ▸   GoogleAppMeasurement: https://github.com/google/GoogleAppMeasurement.git @ 10.22.0
[08:11:49]: ▸   GoogleDataTransport: https://github.com/google/GoogleDataTransport.git @ 9.4.0
[08:11:49]: ▸   GTMSessionFetcher: https://github.com/google/gtm-session-fetcher.git @ 3.3.1
[08:11:49]: ▸   UIPiPView: [email protected]:torufuruya/UIPiPView.git @ b3183e7
[08:11:49]: ▸   CwlCatchException: https://github.com/mattgallagher/CwlCatchException.git @ 2.1.1
[08:11:49]: ▸   GoogleSignIn: https://github.com/google/GoogleSignIn-iOS @ 7.1.0
[08:11:49]: ▸   CwlPreconditionTesting: https://github.com/mattgallagher/CwlPreconditionTesting.git @ 2.1.0
[08:11:49]: ▸   AudioKit: https://github.com/AudioKit/AudioKit.git @ 5.5.7
[08:11:49]: ▸   nanopb: https://github.com/firebase/nanopb.git @ 2.30910.0
[08:11:49]: ▸   AppCheck: https://github.com/google/app-check.git @ 10.18.0
[08:11:49]: ▸   Pulse: https://github.com/kean/Pulse @ 1.1.0
[08:11:49]: ▸   Quick: https://github.com/Quick/Quick.git @ 6.1.0
[08:11:49]: ▸   SwiftlySearch: https://github.com/thislooksfun/SwiftlySearch.git @ 1.2.5
[08:11:49]: ▸   GoogleUserMessagingPlatform: https://github.com/googleads/swift-package-manager-google-user-messaging-platform.git @ 2.3.0
[08:11:49]: ▸   swift-video-generator: https://github.com/dev-labs-bg/swift-video-generator.git @ 1.4.1
[08:11:49]: ▸   AdvancedScrollView: https://github.com/dmytro-anokhin/advanced-scrollview.git @ 0.0.6
[08:11:49]: ▸   GTMAppAuth: https://github.com/google/GTMAppAuth.git @ 4.1.1
[08:11:49]: ▸   Firebase: https://github.com/firebase/firebase-ios-sdk.git @ 10.22.0
[08:11:49]: ▸   SwiftyStoreKit: https://github.com/bizz84/SwiftyStoreKit.git @ 0.16.4
[08:11:49]: ▸   Mocker: https://github.com/WeTransfer/Mocker.git @ 3.0.1
[08:11:49]: ▸   leveldb: https://github.com/firebase/leveldb.git @ 1.22.3
[08:11:49]: ▸   Promises: https://github.com/google/promises.git @ 2.4.0
[08:11:49]: ▸   abseil: https://github.com/google/abseil-cpp-binary.git @ 1.2022062300.1
[08:11:49]: ▸   URLImage: https://github.com/dmytro-anokhin/url-image @ 3.1.1
[08:11:49]: ▸   AppAuth: https://github.com/openid/AppAuth-iOS.git @ 1.7.3
[08:11:49]: ▸   SwiftProtobuf: https://github.com/apple/swift-protobuf.git @ 1.25.2
[08:11:49]: ▸   swift-log: https://github.com/apple/swift-log.git @ 1.4.4
[08:11:49]: ▸   gRPC: https://github.com/google/grpc-binary.git @ 1.49.2
[08:11:49]: ▸   Mantis: https://github.com/guoyingtao/Mantis.git @ 2.7.0
[08:11:49]: ▸   Get: https://github.com/kean/Get.git @ 1.0.4
[08:11:49]: ▸   Fakery: https://github.com/vadymmarkov/Fakery @ 5.1.0
[08:11:49]: ▸   Nimble: https://github.com/Quick/Nimble.git @ 11.2.1
[08:11:49]: ▸   GoogleMobileAds: https://github.com/googleads/swift-package-manager-google-mobile-ads.git @ 11.2.0
[08:11:49]: ▸   GoogleUtilities: https://github.com/google/GoogleUtilities.git @ 7.13.1
[08:11:49]: ▸   ImagePickerView: https://github.com/ralfebert/ImagePickerView @ 0.5.0
[08:11:49]: ▸   InteropForGoogle: https://github.com/google/interop-ios-for-google-sdks.git @ 100.0.0

SDKs declaring the reported API categories

The result I grep the API categories directly in the swift package checkout folder: ~/Library/Developer/Xcode/DerivedData/{app name}/SourcePackages/checkouts/

NSPrivacyAccessedAPICategoryFileTimestamp

➜  checkouts grep NSPrivacyAccessedAPICategoryFileTimestamp . -lr
./firebase-ios-sdk/FirebaseDynamicLinks/Sources/Resources/PrivacyInfo.xcprivacy
./firebase-ios-sdk/Crashlytics/Resources/PrivacyInfo.xcprivacy
./grpc-binary/grpcpp-Wrapper/Resources/PrivacyInfo.xcprivacy
./grpc-binary/grpc-Wrapper/Resources/PrivacyInfo.xcprivacy
./grpc-binary/openssl-grpc-Wrapper/Resources/PrivacyInfo.xcprivacy
./gtm-session-fetcher/Sources/LogView/Resources/PrivacyInfo.xcprivacy
./GoogleUtilities/GoogleUtilities/Privacy/Resources/PrivacyInfo.xcprivacy

NSPrivacyAccessedAPICategoryDiskSpace

No SDKs. It must have used in the Firebase Crashlytics but it seems to be removed in the latest version.

# 10.22.0
- [fixed] Force validation or rotation of FIDs for FirebaseSessions.
- [changed] Removed calls to statfs in the Crashlytics SDK to comply with Apple Privacy Manifests. This change removes support for collecting Disk Space Free in Crashlytics reports.

I confirmed no other APIs that require this policy listed in the official document (e.g. statfs) were used in any SDKs.

NSPrivacyAccessedAPICategorySystemBootTime

➜  checkouts grep NSPrivacyAccessedAPICategorySystemBootTime . -lr
./firebase-ios-sdk/Crashlytics/Resources/PrivacyInfo.xcprivacy
./grpc-binary/grpcpp-Wrapper/Resources/PrivacyInfo.xcprivacy
./grpc-binary/grpc-Wrapper/Resources/PrivacyInfo.xcprivacy
./grpc-binary/openssl-grpc-Wrapper/Resources/PrivacyInfo.xcprivacy

NSPrivacyAccessedAPICategoryUserDefaults

➜  checkouts grep NSPrivacyAccessedAPICategoryUserDefaults . -lr
./GoogleSignIn-iOS/GoogleSignIn/Sources/Resources/PrivacyInfo.xcprivacy
./firebase-ios-sdk/FirebaseDynamicLinks/Sources/Resources/PrivacyInfo.xcprivacy
./firebase-ios-sdk/Crashlytics/Resources/PrivacyInfo.xcprivacy
./firebase-ios-sdk/FirebaseCore/Internal/Sources/Resources/PrivacyInfo.xcprivacy
./firebase-ios-sdk/FirebaseCore/Sources/Resources/PrivacyInfo.xcprivacy
./firebase-ios-sdk/FirebaseAuth/Sources/Resources/PrivacyInfo.xcprivacy
./firebase-ios-sdk/FirebaseRemoteConfig/Swift/Resources/PrivacyInfo.xcprivacy
./gtm-session-fetcher/Sources/Core/Resources/PrivacyInfo.xcprivacy
./GoogleUtilities/GoogleUtilities/Privacy/Resources/PrivacyInfo.xcprivacy
Tags:

2

Answers


  1. 0

    I had an issue with my firebase version. They have now released 10.23.1, which should:

    [Swift Package Manager / CocoaPods] Fixes the macOS/Catalyst xcframework structure issue in Firebase Analytics blocking submission via Xcode 15.3.

    I’m not sure if that will fix all your submission issues but it did resolve the NSPrivacyAccessedAPICategoryFileTimestamp warning for me.

    Login or Signup to reply.
  2. 0

    I am in the same boat, there is an opened issue about it. https://github.com/firebase/firebase-ios-sdk/issues/12557

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search