ITMS-91053: Missing API declaration - Privacy

Question

Why am I all of a suddent getting this on successful builds with Apple?

Although submission for App Store review was successful, you may want to correct the following issues in your next submission for App Store review. Once you've corrected the issues, upload a new binary to App Store Connect.

ITMS-91053: Missing API declaration - Your app’s code in the “Test” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

Answer 1

This is all documented in the Apple's website. Here are the steps:

• Create a privacy manifest file for your app:

To add the privacy manifest to your app or third-party SDK in Xcode, follow these steps: Choose File > New File.

Scroll down to the Resource section, and select App Privacy File type.

Click Next.

Check your app or third-party SDK’s target in the Targets list.

Click Create.

By default, the file is named PrivacyInfo.xcprivacy; this is the required file name for bundled privacy manifests.

• At the top level of this property list file, add the following key to the dictionary:

  NSPrivacyAccessedAPITypes

• Basically, the keys that you need to add have been mentioned in the Apple's email: ... you must include a NSPrivacy.... , in this link search for each of the keys mentioned in your email starting with NSPrivacy... and see what the accepted reason codes are related to your own app and add it.

You should have one item for each NSPrivacy... key under the NSPrivacyAccessedAPITypes, which each of them has only one Privacy Accessed API Type which is the key name and one Privacy Accessed API Reasons which can include one or more reason codes.

And Do not forget to select target for PrivacyInfo.xcprivacy file.

Your privacy manifest file will look like something like this in the end:

References:

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files#4284009

https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

Answer 2

I was getting similar warnings after my upload. Seems there is still quite some time to resolve it (before May 1, 2024). I added the following keys to the app target's Privacy manifest (PrivacyInfo.xcprivacy), based on Apple's developer documentation regarding the matter.

<key>NSPrivacyAccessedAPITypes</key>
<array>
    <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
            <string>C617.1</string>
        </array>
    </dict>
    <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
            <string>CA92.1</string>
        </array>
    </dict>
</array>

The Privacy Manifest file can be created from Xcode. Create a new file, search and select App Privacy as a file type, and select the concerning targets (those targets are mentioned in these warnings you got after uploading). Details on how to edit the Privacy Manifest is documented in this link.

And also more on it in this WWDC 2023 video.

Answer 3

Starting in fall 2023, you will receive an email when uploading apps that use Apple's essential API to App Store Connect. If the reason for using the API is not explained in the app's PrivacyInfo file, the app will not pass from May 2024.

You can see what APIs are there and what are the reasons for the approval. :https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

Also there's this video about it - https://developer.apple.com/videos/play/wwdc2023/10060

[how to use?]

1.you have to add PrivacyInfo.xcprivacy

2.In the PrivacyInfo.xcprivacy file, you can define what data the SDK collects, where it is used for connection, and whether it is used for tracking. 

Answer 4

After add PrivacyInfo.xcprivacy in you target past the code like below

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>NSPrivacyTracking</key>
    <false/>
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategoryDiskSpace</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>We check whether there is sufficient disk space to write files or crop image</string>
            </array>
        </dict>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>We are using this API to store data in local storage.</string>
            </array>
        </dict>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>We are getting file to update user profile pick.</string>
            </array>
        </dict>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategorySystemBootTime</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>We are using this API to get current date of system.</string>
            </array>
        </dict>
    </array>
</dict>
</plist>

Answer 5

Received the same notification from Apple: ITMS-91053: Missing API declaration - Your app’s code in the “ ” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time...

ITMS-91053: Missing API declaration - Your app’s code in the “ ” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time...

Added PrivacyInfo.xcprivacy file as in video https://developer.apple.com/videos/play/wwdc2023/10060 with following content:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"      "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>CA92.1</string>
            </array>
        </dict>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
                  <string>NSPrivacyAccessedAPICategorySystemBootTime</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>35F9.1</string>
            </array>
        </dict>
    </array>
</dict>
</plist>

And don't forget to set Target Membership for this file to your main bundle. Otherwise you will get the same result.

After this I didn't get warning from Apple.

P.S. One more important note. If extensions are used in the project, the email from Apple will probably include these extensions as well. In this case, the separate PrivacyInfo.xcprivacy files with the necessary reasons must be added to the specified extensions as well. Accordingly, you must set the Target Membership for PrivacyInfo.xcprivacy depending on the extension required.

Answer 6

For flutter devs it's fine to create a new App Privacy file in xcode (%YOUR_FLUTTER_PROJECT%/ios/PrivacyInfo.xcprivacy) and configure the keys and reasons. e.g:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
      <key>NSPrivacyAccessedAPITypes</key>
      <array>
          <dict>
              <key>NSPrivacyAccessedAPIType</key>
              <string>NSPrivacyAccessedAPICategoryDiskSpace</string>
              <key>NSPrivacyAccessedAPITypeReasons</key>
              <array>
                  <string>E174.1</string>
              </array>
          </dict>
          <dict>
              <key>NSPrivacyAccessedAPIType</key>
              <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
              <key>NSPrivacyAccessedAPITypeReasons</key>
              <array>
                  <string>CA92.1</string>
              </array>
          </dict>
      </array>
  </dict>
</plist>

UPDATE: please not just copy w/o verifying your own API usage. Possible reasons are listed here:

Apple Developer Documentation

Answer 7

add the following keys to my Info.plist

<key>NSPrivacyTracking</key>
  <false/>
  <key>NSPrivacyTrackingDomains</key>
  <array/>
  <key>NSPrivacyCollectedDataTypes</key>
  <array>
    <dict/>
  </array>
  <key>NSPrivacyAccessedAPITypes</key>
  <array>
    <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
            <string>C617.1</string>
        </array>
    </dict>
    <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategorySystemBootTime</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
            <string>35F9.1</string>
        </array>
    </dict>
    <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryDiskSpace</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
            <string>7D9E.1</string>
        </array>
    </dict>
    <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
            <string>CA92.1</string>
        </array>
    </dict>
  </array>

Answer 8

**I AM USE THIS IS FULL CODE APPLE ERROR MESSAGE REMOVED 100% WORKING **

To add the privacy manifest to your app or third-party SDK in Xcode, follow these steps:

Choose File > New File.

Scroll down to the Resource section, and select App Privacy File type.

Click Next.

Check your app or third-party SDK’s target in the Targets list.

Click Create.

By default, the file is named PrivacyInfo.xcprivacy; this is the required file name for bundled privacy manifests.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>CA92.1</string>
            </array>
        </dict>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategorySystemBootTime</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>35F9.1</string>
            </array>
        </dict>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>C617.1</string>
            </array>
        </dict>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategoryDiskSpace</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>85F4.1</string>
            </array>
        </dict>
    </array>
</dict>
</plist>

Answer 9

Explanation: The ITMS-91053 errors you received indicate that your app's code specifically references APIs within the mentioned categories. This isn't a generic template that all apps must fill out; rather, it's a notification based on a scan of your app's binary by Apple's review process, which identified that your app uses these specific APIs. Starting May 1, 2024, Apple requires developers to declare the use of such APIs in their app's

Just in case you're looking for an example, my PrivacyInfo.xcprivacy Source Code looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!--
PrivacyInfo.xcprivacy
SwiftyGaming

Created by Ndriqim Haxhaj on 3/21/24.
Copyright (c) 2024 ___ORGANIZATIONNAME___. All rights reserved.
-->
<plist version="1.0">
    <dict>
        <key>NSPrivacyAccessedAPITypes</key>
        <array>
            <dict>
                <key>NSPrivacyAccessedAPIType</key>
                <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
                <key>NSPrivacyAccessedAPITypeReasons</key>
                <array>
                    <string>CA92.1</string>
                    <string>C56D.1</string>
                </array>
            </dict>
            <dict>
                <key>NSPrivacyAccessedAPIType</key>
                <string>NSPrivacyAccessedAPICategorySystemBootTime</string>
                <key>NSPrivacyAccessedAPITypeReasons</key>
                <array>
                    <string>35F9.1</string>
                </array>
            </dict>
            <dict>
                <key>NSPrivacyAccessedAPIType</key>
                <string>NSPrivacyAccessedAPICategoryDiskSpace</string>
                <key>NSPrivacyAccessedAPITypeReasons</key>
                <array>
                    <string>E174.1</string>
                </array>
            </dict>
            <dict>
                <key>NSPrivacyAccessedAPIType</key>
                <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
                <key>NSPrivacyAccessedAPITypeReasons</key>
                <array>
                    <string>DDA9.1</string>
                    <string>0A2A.1</string>
                </array>
            </dict>
        </array>
    </dict>
</plist>

The PrivacyInfo.xcprivacy must be created this way:

Full article: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files

Mine is located near Info.plist (don't mix these two)

All the reasons used above (CA92.1, C56D.1, ...) are taken from official documentation link: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

Here is a final representation of PrivacyInfo.xcprivacy as Property List:

Answer 10

Apple is sending this email because your application or the 3rd party SDK used by your application is using any of the APIs that require its reason to use.

You can check the api and their reasons from the following links.

1. https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

A list of third parties can be found

• https://developer.apple.com/support/third-party-SDK-requirements/

What you have to do is

• Add the privacyinfo.xcprivacy file from xcode
• Update the SDK version to a version that has privacyinfo support.