Because the latest privacy manifest file requires inclusion for submissions after May 1st, based on the document: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files I have two questions regarding the NSPrivacyTrackingDomains field: In my app, NSPrivacyTrackingDomains and regular user login registration data loading use the same second-level domain "myapp.com". If "tracking.myapp.com" is specified in NSPrivacyTrackingDomains but the user does not grant tracking permission to the App Tracking Transparency framework, can the app still access the network through third-level domains such as "login.myapp.com" or "data.myapp.com"? At the bottom of the document, there is a note: "You only need to supply NSPrivacyAccessedAPITypes for apps and third-party SDKs on iOS, iPadOS, tvOS, visionOS, and watchOS." Does this mean that NSPrivacyTrackingDomains and NSPrivacyTracking properties do not need to be filled out as of May 1st? Will there be any issues if they are not filled out? Eagerly awaiting your response! Thanks!!!

Hello, Currently, my app only uses web view to load HTML data and external safari web view by link click. I have seen the following developer's details. So if HTML data load on web view needs data collection enabled, then which Types of data need to be added to data collection? Also. if we disable all types of Data collection from privacy. Is apple will allow you to submit the app? or Reject it? Any help will be appreciated. Thanks

Hi everybody i'm developing an app that shows events of an estate. i fetch the events from an endpoint and show them in a calendar like UI. The app it's pretty simple, just 2 endpoints and a few filters. We have 6 hyperlinks some pointing to the institutional website, some others to a platform my customer use to allow users to book rooms from his estate. The app does not collect any kind of cookies, there's no login or anything like that BUT a few version ago the app store connect blocked my app due to the absence of the tracking request within the links. the institutional website collect cookies and have his own banner and acceptance flow, i tried to explain that to the review team but they demanded me to add the request, so i did that and the app was accepted. Now i'm being rejected because of the tracking request because: _The app still appears to manipulate users into enabling tracking across different apps and websites. Specifically: The app still requires users to enable tracking in order to access the app's content and functionality, such as reserving a table. Users should have control over how their personal information is used and should not be forced or manipulated into enabling tracking._ I cant understand what should i doat this point, i've asked for info but the review team refuses to explain what steps do i need to take

Being a software company we create and distribute an iOS SDK with our customers world wide. The distribution of the software is in the form of a static library / XCFramework to our customers. They will integrate the SDK and use it to collect data from their hosting as first party. As Apple enforced through this article “Describing use of required reason API” - “starting from Fall 2023 you’ll receive an email from Apple if you upload an app to App Store Connect that uses required reason API without describing the reason in its privacy manifest file”. We are using "NSUserDefaults” in our SDK which is one among the required API listed, and as of now we didn’t create a Privacy manifest file and declared this on the SDK. We tried uploading our app to the Appstore connect portal, as we are not complying with the requirement from Apple we expect to see the warning message. Currently we are unknown about the impact of not having the Privacy manifest, and we would like to test the scenarios and make sure we are declaring the correct information on our SDK. Please could you review this and let us know why we are not receiving the emails. Or is that Apple didn’t harden the uploads yet and something planned for future date?

Environment: Xcode Version: 15.3 (15E204a) SDK Runtime: iOS 17.4 (17.4 - 21E213) - com.apple.CoreSimulator.SimRuntime.iOS-17-4 Issue: When calling requestTrackingAuthorization of ATTrackingManager, the completionHandler is immediately called with a value of notDetermined. This behavior is consistent even with async methods used in Runtime 14.0 and above.

In the "Privacy updates for App Store submissions" section, the addition of a privacy manifest file is required for app releases after May 1. We added a subdomain and defined it in NSPrivacyTrackingDomains, but when we separate the subdomain and main domain as "tracking.example.com" when ATT is allowed and "example.com" when ATT is not allowed would the communication on the main domain not result in an error? I couldn't figure it out exactly from the documentation or the session, so please let me confirm. Documentation: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files Session (domain definition): https://developer.apple.com/videos/play/wwdc2023/10060/?time=387

In the "Privacy updates for App Store submissions" section, the addition of a privacy manifest file is required for app releases after May 1. We added a subdomain and defined it in NSPrivacyTrackingDomains, but when we separate the subdomain and main domain as "tracking.example.com" when ATT is allowed and "example.com" when ATT is not allowed would the communication on the main domain not result in an error? I couldn't figure it out exactly from the documentation or the session, so please let me confirm. Documentation: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files Session (domain definition): https://developer.apple.com/videos/play/wwdc2023/10060/?time=387

I work with bloggers who write reviews about my app. I would like to track sales that originate on specific sites so I can pay them commissions, like an affiliate program. For example, if a person discovers our app by reading a review, I would like to give the blogger a URL to the App Store a UTM code so that I can track if the article generates sales of my app. if there is a 3rd party affiliate program management platform or software to do this, I might be open to using it. i’ve tried searching the web and other developers about this. It should be simple but it’s elusive if it’s out there at all.

I have an app that is meant for the kids category. It has been rejected based on non-compliance with 1.3 Kids Category "Kids Category apps may not send personally identifiable information or device information to third parties. Apps in the Kids Category should not include third-party analytics or third-party advertising". We have implemented Firebase analytics in our application. Is there any solution that we can implement for Firebase analytics in iOS kids application?

Hi, we have an app which used DeviceID to track users. We had implemented ATT and setup our privacy declaration in ASC accordingly. Now in our new version we decided to not track users anymore. We removed NSUserTrackingUsageDescription, removed ATT permission code and submitted the new version. Now, reviewer has complained that our privacy declaration in ASC still says we are tracking users and refused app acceptance. They told us to update the privacy declaration in ASC. We tried to do so, but ASC does not allow us to remove device ID tracking. It is showing a warning that our app still uses NSUserTrackingUsageDescription and in fact that is true for the production version. We are now in a chicken egg problem. We can't change our privacy declaration in ASC because the production version still uses the feature AND we do not get the new version accepted as long as our privacy declaration is not changed. How can we fix that ? Pls advise !

Xcode 15.0 iPhone15 iOS17.0 Simulator I created demo app with Privacy manifest defined NSPrivacyTracking to YES, and NSPrivacyTrackingDomains with specific domain (used CDTFA Tax Rate API as example and string value is ca.gov). However, after selecting Ask App not to Track on ATT dialog, URLSession was successed and got response from the domain. Is there any wrong on my implementation? or is this feature has not released yet?

Hello, I'm using the Flutter app_tracking_transparency plugin. Encounter a problem when the reviewer doesn't see the App Tracking Transparency request. All test devices work as expected (running on iOS 17.2). I've made some code changes according to this closed thread - https://github.com/deniza/app_tracking_transparency/issues/47 But still rejection. Next, I've added analytics, and see when the reviewer opens the app, the status of ATT is almost instantly set to «decline». This usually happens when a user disables tracking permission in device settings. Is there any chance that the reviewer disabled it?

I am correctly implementing the App tracking Transparency issue but am still getting app rejection from AppleConnect see the message below When I tested in IOS 16.6.1 it worked perfectly on a physical device. Guideline 2.1 - Information Needed On iPad, iOS 17.0. we are unable to locate the App Tracking Transparency permission request when reviewed My App is build with flutter and I am using Latest Flutter version . Can anybody help me in this regard.

I am trying to prepare for Privacy manifest files. Is it possible to set up and proceed as follows? PrivacyInfo matinest file - Privacy Tracking domains Setting Like : example.com?abc When ATT permission is denied, example.com?abc -> Request Fail. and ther other path Like : example.com?qwe -> Request Success.

I've noticed there are certain apps which seem to track that I'm using my iOS device, and then send me push notifications based on my usage. For example, I may pick up my phone in the middle of the night, unlock it, check my email, and minutes later, this app will send me a push notification attempting to sell me something. Is an actually app permitted to track my activity/usage on my iPhone, outside of my activity and usage within that app? If so, where can I learn more about this? Or is this app in violation of some rule in the ToU?

Can not update app privacy information about tracking user after remove the tracking functionality and "NSUserTrackingUsageDescription" from info.plist. Always reminds us App contains "NSUserTrackingUsageDescription"

Some apps have been rejected because they have user tracking in privacy, but the new version of the app no longer has tracking function. When I try to remove user tracking from privacy, the following message appears "Your app contains NSUserTrackingUsageDescription, indicating that you will request permission to track users. To update this information on your app's product page, you must indicate which data types are tracking users. If this is incorrect, update your app binary and upload a new build to App Store Connect." We no longer has the NSUserTrackingUsageDescription on binary/build. I've already sent several resources to apple informing the situation but they keep rejecting with the same message: "The app privacy information you provided in App Store Connect indicates you collect data in order to track the user, including Physical Address. However, you do not use App Tracking Transparency to request the user's permission before tracking their activity." I am not able to update my app. Has anyone been through this situation? Thanks.

Hello. Recently I've added an NSUserTrackingUsageDescription in the Info.plist of the app I'm working on. It works fine (the warning shows up) when I deploy it on testing device myself. However, the TestFlight build doesn't show any warning and there is no option in Settings for the app to allow tracking. Is it a TestFlight special behaviour or the warning shoud show up regardless it is a debug, TestFlight or App Store version of an app?

Apple recently announced some features to make device fingerprinting more difficult on their devices. The use of certain APIs that facilitate device fingerprinting will require justification. This technique is frequently used to prevent fraud and abuse in applications. For example, a device used to create and access multiple fake accounts to engage in fraudulent activities should be able to be identified and blocked. In the documentation on 'User privacy and data use', use cases related to fraud detection are not considered 'tracking' and are allowed. However it is not clear wether or not what applies to tracking can also be applied to fingerprinting. According to Apple's policies, is it possible to use device fingerprinting for fraud detection purposes?

I have not seen any trend data since Sept 9, 2023. Does anyone else have this issue? Do I contact developer support?