Hello, I’ve got some questions about the privacy manifest. On March 18, we built our company's app with Xcode 14, submitted it for review, and it passed. However, we did not make any adjustments for the privacy manifest and yet did not receive any related emails. Our app utilizes APIs like UserDefaults and file stamps. We've got permission from our users to use tracking, so we turned on Xcode15 instruments to check the network, but there were no faults identified in the points of interest. It looks like we’re engaged in tracking activities, possibly with tools like Firebase. Can someone who knows about this please give me an answer?

Please help me understand the phrasing from Apple's articles about this topic. Of course, I am referring to the SDKs from the official list, as only those are affected by the new regulations. 1, https://developer.apple.com/support/third-party-SDK-requirements/ Starting in spring 2024, you must include the privacy manifest for any SDK listed below when you submit new apps in App Store Connect that include those SDKs, or when you submit an app update that adds one of the listed SDKs as part of the update. That states 2 cases in which fresh SDK versions are needed, containing privacy information: If you submit a completely new app If your app update contains a framework which was not present in the previous version of the app So, according to my understanding, if I create an app update, which does not contain any new SDKs, only the ones that I have been using for a while now, I can keep using these older SKD versions. And it is not mandatory to update them to newer versions. Does Apple state anywhere that we have to update every SDK from the list this spring in every case? Because that would contradict what I quoted from the article. 2, https://developer.apple.com/news/?id=3d8a9yyh And if you add a new third-party SDK that’s on the list of commonly used third-party SDKs, these API, privacy manifest, and signature requirements will apply to that SDK. Again, this states that you have to use a fresh version of an SDK in case you add it newly to your app. This seems to reinforce my point that if a 3rd party SDK was already used in previous app versions, the new requirements do not apply to that SDK and I can keep using its older release which does not have its own privacy manifest file. My main concern here is that there are many 3rd party SDKs from the list that we already use in our projects, and it would be a huge effort if my team had to update all those SDKs in every project by May. But if I'm right, it is not mandatory for us. (Of course, it would be wise to update the SDKs every now and then, but that's not the point here.) Can anybody confirm whether my understanding is correct? Maybe link some proof if I'm not right? It would be nice to have a reply from someone working at Apple, to have a reliable answer.

I use sample code from [https://developer.apple.com/documentation/endpointsecurity/client?language=objc] but replace ES_EVENT_TYPE_AUTH_EXEC to ES_EVENT_TYPE_AUTH_OPEN, this is the full code: int main(int argc, const char** argv) { @autoreleasepool { es_client_t *client = NULL; es_new_client_result_t newClientResult = es_new_client(&client, ^(es_client_t * client, const es_message_t * message) { switch (message->event_type) { case ES_EVENT_TYPE_AUTH_OPEN: printf("auth open\n"); es_respond_auth_result(client, message, ES_AUTH_RESULT_ALLOW, true); break; default: panic("Found unexpected event type: %i", message->event_type); break; } }); // Handle any errors encountered while creating the client. switch (newClientResult) { case ES_NEW_CLIENT_RESULT_SUCCESS: // Client created successfully; continue. break; case ES_NEW_CLIENT_RESULT_ERR_NOT_ENTITLED: panic("Extension is missing entitlement."); break; case ES_NEW_CLIENT_RESULT_ERR_NOT_PRIVILEGED: panic ("Extension is not running as root."); break; case ES_NEW_CLIENT_RESULT_ERR_NOT_PERMITTED: // Prompt user to perform Transparency, Consent, // and Control (TCC) approval. // This error is recoverable; the user can try again after // approving the TCC prompt. // return YOUR_NEW_CLIENT_ERROR_CODE_PROMPT_TCC; break; case ES_NEW_CLIENT_RESULT_ERR_INVALID_ARGUMENT: panic ("Invalid argument to es_new_client(); client or handler was null."); break; case ES_NEW_CLIENT_RESULT_ERR_TOO_MANY_CLIENTS: panic ("Exceeded maximum number of simultaneously-connected ES clients."); break; case ES_NEW_CLIENT_RESULT_ERR_INTERNAL: panic ("Failed to connect to the Endpoint Security subsystem."); break; } // Subscribe the client to the ES_EVENT_TYPE_AUTH_EXEC event. // When the client receives a message with this event type, it must authorize // (allow or deny) the event. es_event_type_t eventTypes[1] = { ES_EVENT_TYPE_AUTH_OPEN }; es_return_t subscribeResult = es_subscribe(client, eventTypes, sizeof(eventTypes)); if (subscribeResult != ES_RETURN_SUCCESS) { panic ("Client failed to subscribe to event."); } NSRunLoop *runLoop = [NSRunLoop currentRunLoop]; [runLoop run]; } } I run this code in xcode, then mouse cursor be a colorful circle and rotating, application exited after about 10 seconds, xcode print: Message from debugger: Terminated due to signal 9 Program ended with exit code: 9 if I subscribe ES_EVENT_TYPE_NOTIFY_OPEN ES_EVENT_TYPE_NOTIFY_CLOSE, it works. What can I do for fix this?

1C8F.1 seems to cover all the situations that CA92.1 covers, plus 1C8F.1 covers data for app extensions and App Clips. If our SDK uses UserDefaults, and our group debates that some functionality is about data only accessible to the app and would be covered by code CA92.1 some functionality is about data accessible to extensions and App Clips and would be covered by code 1C8F.1 Can we declare both codes in our manifest file (PrivacyInfo.xcprivacy) ? Or should we only declare 1C8F.1 to cover both parts?

Hello, I have a question regarding the Privacy Manifest of a third-party SDK. We are using a static third-party SDK. This third-party SDK use the UserDefaults API, and it is also specified in the Privacy Accessed API Types within PrivacyInfo.xcprivacy. The static third-party SDK is added as a dependency via CocoaPods, and PrivacyInfo.xcprivacy is included in the Pods Resource. Additionally, our app does not use UserDefaults API. When we generate the Privacy Report, it correctly shows the data collected by the third-party SDK. However, when we submitted for review, we received a warning email stating that UserDefaults is being used in the app but is missing from the Privacy Manifest. ITMS-91053: Missing API declaration - Your app’s code in the “MyApp” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api. I have the following questions: When submitting the app for review, does Apple not consider the PrivacyInfo.xcprivacy of the third-party SDK? What steps should be taken to ensure that Apple reviews the PrivacyInfo.xcprivacy of the third-party SDK?

I am developing an app that uses the Endpoint Security API. I need to mute a few processes like: my own process, xcode, etc' ... However, if the muted processes create child processes, I want these processes to be muted as well. The full process tree under muted processes should be muted. How can that be done? Cant see in docs and can't find an example. If it can't be done, whats the closest thing to that I can implement. Thanks!

I have an app that uses Endpoint security. I have 1 client that registered many AUTH and NOTIFY event types. When I I recive an Endpoint Security message (event) and my handler is called. Which thread does it use? If I have 1 client will it always just use the same 1 thread? If not, can it ever happen that I register 1 client, and he will handle more then 1 event in the same time? regardless of the event type or any thing else

Hello! I am using the eventDidReachThreshold callback in the DeviceActivityMonitor in order to shield a target app after the user has spend x amount of time on it (e.g. x = 5 minutes). Many times this works fine, and I can trigger my shield after the specified threshold has been met. However sometimes, when they leave the target app before the threshold has been reached, the eventDidReachThreshold callback gets called randomly while they are doing something else on their phone (e.g. using a different app, on the Home Screen, phone locked…). From my perspective this does not make sense, since they are not actively spending time on the target app, and that time should not be counted towards the target app’s threshold. And it is also very confusing for the users because they will then find a blocked target app even though they haven’t used their time budget completely. This is not related to the intervalDidStart / intervalDidEnd callbacks, because they are not correlating with the timing of when the eventDidReachThreshold callback is called unexpectedly. Any ideas what this could be related to?

My organization is using mutual TLS authentication for HTTPS, with PIV cards storing the certs. We observe that some OS X devices send only the leaf certs when establishing the mTLS connection, whereas others send the entire chain. We cannot validate the leaf cert without the intermediate cert, so those clients are rejected. What drives the decision whether to send the whole chain, vs the leaf cert only? For more details, and some things we observed. The PIV cards are US DoD CAC cards: https://www.cac.mil/common-access-card/ The client cert chain on the card looks like this: Leaf client cert, CN=LastName.Name Intermediate cert, CN=DOD ID CA-70 "Root" cert, CN=DoD Root CA 6 through 8.: Additional interoperability certs. Our system is set up to trust the "root" cert CN=DoD Root CA 6. Neither the leaf cert, nor other certs in the chain are trusted by Apple Keychain Trust Store by default. We find that most laptops will send the entire chain, 1 through 8, when establishing the mTLS connection with our servers. This allows us to validate them correctly. On a subset of OS X devices, Google Chrome will only send the leaf chain. This happens even when we use exact same PIV card, and exact same PIV reader as on working laptops. Safari will not send any cert at all. We found that if we explicitly add the CN=DoD Root CA 6 to the Apple Trust Store, Google Chrome and Safari will start sending a short chain, containing only certs 1 through 3. This allows the server to validate them. When we remove it from Trust Store, Chrome is back to sending only leaf, but Safari will not even send the leaf. Again, this only happens on some laptops; on most of the laptops, both Safari and Google Chrome will send the entire chain, regardless of whatever is set up in Trust Store. My suspicion is that for some reason, on those laptops, Safari will not send the client certs that OS X doesn't trust. This makes sense, but this is not the behavior we want. We want the same behavior on the working laptops, which is to send the whole chain. All of our laptops are on OS X 14.4

Will an app be rejected after the 1st of May 2024 if it contains a Embedded Dynamic XCFramework that uses a Required Reason API and it does not declare the Required Reason API usage inside its Privacy Manifest? Important note: I am asking about dynamic xcframeworks that are NOT on Apple's list of commonly-used SDKs. I am asking because I'm only getting warnings about missing API declaration for the main app binary and app extensions. I do not get any warnings for the embedded dynamic xcframeworks that i have in my app.

I thought I read somewhere in the privacy manifest documentation that they were not required for app extensions because extensions will inherit the privacy info from their parent apps and SDKs, but now I can't find a reference for that. If that is the case, I don't think it is working correctly, because we are getting warnings about missing API declarations for things that should be covered by an app or SDK manifest from what I can tell.

We submitted an app to TestFlight and received the expected warning email. However, the email did not mention any of the SDK frameworks that were in the app. The email only mentioned the app itself and the app's extensions. We expected to get warnings for our frameworks that used required reason APIs. We also expected to get warnings for frameworks in the "list of commonly used third-party SDKs" Why are the warnings not as expected? Is this because Test Flight is not making the same kind of warning emails that will be created for the App Store?

Morning All, just wanted a little help with my xamarin forms app. When I publish to test flight for a public test build I am always receiving the email about ITMS-91053: Missing API declaration. I have followed the steps and created a PrivacyInfo.xcprivacy in Xcode and I can see it in my xamarin iOS project but I still get the email saying it is missing. Is there something I am missing or ned to reference in the info.plist etc. My looks like the following: `

I noticed that Apple's articles have changed since originally being published. For example, some required reason codes have been added to Describing use of required reason API Since there is no visible modification date or revision date on the page, how can we get notiifications for changes to these pages? I did not find a 'watch' button in them.

Is there an API to query for SIP Protected Paths or someway that this information can be deciphered ? Intent is to mute those paths or a subset for an ES client ?

My app is using Advertising data type to track but it leverages third-party ads SDKs to do so. I add NSPrivacyCollectedDataTypeAdvertisingData and NSPrivacyCollectedDataTypeTracking that is true to my app's manifest file. Those third-party ads SDKs will have their own manifests declaring the values of NSPrivacyTracking and tracking domains. In this case, do I need to set NSPrivacyTracking as true and add domains those SDKs are connecting to the host app's privacy manifest? My guess is no since all manifests are merged in to a single report finally.

Hi all, I create web app laravel with function login with apple. This is any my information app and packet what i'm use : Laravel: 10.x PHP: 8.1 Packages for login: https://socialiteproviders.com/ I'm done with API appleid.apple.com/auth/authorize for auth user with apple ID. Response below : So next step i call to this API : https://appleid.apple.com/auth/token for verify token but response is below : I'm try with postman but response is same that ( invalid_client ). Everything is correct( client_id, team_id, private_key ). I use https://jwt.io/#debugger for test verify token. Signature Verified is result. Can help me for declare what is issue ? what client is invalid ? Thank you so much. P/s : Sorry for my poor English

Hello Apple We have read your guide on https://developer.apple.com/documentation/bundleresources/privacy_manifest_files#4284009 and it is unclear how the NSPrivacyTrackingDomains affects WebView functionality of the app. We have WebView based functionality we use for signup/ login of customers in the app and that can potentially track users. It is stated that If the user has not granted tracking permission through the App Tracking Transparency framework, network requests to these domains fail and your app receives an error. However based on our testing the domains listed in NSPrivacyTrackingDomains have no effect on network requests happening in the WebView if the user declines tracking via the App Tracking Transparency prompt. (e.g pages are loaded, network requests to listed tracking domains are happening) Can you confirm it is the case on what should de done about it? Right now we have a custom implementation on our side that passes the result of the App Tracking Transparency prompt to the WebView instructing it weather it can send requests to tracking domains or not.

As per our code, we have the apps to be shielded whenever the threshold is reached. According to this use-case, our code in DeviceActivityExtension looks something like: override func eventDidReachThreshold(_ event: DeviceActivityEvent.Name, activity: DeviceActivityName) { super.eventDidReachThreshold(event, activity: activity) defaults?.setValue(event.rawValue, forKey: "appLimitEventName") defaults?.setValue(true, forKey: "appLimitReached") defaults?.synchronize() // using darwinNotificationCenter to trigger callback in the application let darwinNotificationCenter = DarwinNotificationsManager.sharedInstance() darwinNotificationCenter.postNotification(withName: "nextAppLimitInitiated") // using Notifications to debug since print doesn't work scheduleNotification(with: "interval threshold reached") } And in our application, we have the shielding logic in place, init() { let darwinNotificationCenter = DarwinNotificationsManager.sharedInstance() darwinNotificationCenter.register(forNotificationName: "nextAppLimitInitiated"){ print("callback received") let appLimitReached = self.defaults?.bool(forKey: "appLimitReached") let appLimitEventName = self.defaults?.string(forKey: "appLimitEventName") if appLimitReached ?? false, appLimitEventName != "" { // this sends the notification when callback is received self.scheduleNotification(with: "init start") self.defaults?.setValue(false, forKey: "appLimitReached") guard var dataArray = self.defaults?.array(forKey: "appLimitdataArray"), !dataArray.isEmpty else { return } let appLimitData = dataArray.first as! NSDictionary let appLimitKey = appLimitData["appLimitId"] as! String let data = self.getSchedule(key: appLimitEventName ?? "") if let appTokens = data?.applicationTokens { for token in appTokens { if !self.applicationTokens.contains(appTokens) { self.applicationTokens.insert(token) } } } self.store.shield.applications = self.applicationTokens self.store.shield.applicationCategories = ShieldSettings.ActivityCategoryPolicy.specific(self.categoryTokens, except: Set()) dataArray.removeFirst() //dataArray.append(appLimitData) self.defaults?.set(dataArray, forKey: "appLimitdataArray") self.initiateMonitoring(initiateAgain: true) self.scheduleNotification(with: "init end") } } } This works as expected for multiple App Limits but only when the device is connected to the Xcode. If we disconnect the device from Xcode/ stop application from Xcode/ try in release mode, the callback is not received from extension to the app/init block. When the device is connected to Xcode, if the apps hit the threshold, they are shielded automatically. But if the device is disconnected/ app is in release mode, the apps are not shielded automatically even after the threshold is reached. It is shielded later only after opening our app once. Please let me know if I'm doing anything wrong in receiving callback or in my shielding logic. If I need to place the shielding logic in the extension, please tell me how I can handle multiple appTokens.

Hello, When you integrate framework linked statically, the usage is that those framework provide a bundle in which they put their PrivacyInfo.xcprivacy file. If you decompress an .ipa file you submit to Apple, you can see this bundle at the root. The problem is that the PrivacyInfo.xcprivacy files inside bundles seem not to be scan by Apple in the privacy process. Thus Apple send us issues about missing privacy. Have you already heard about this problem ? Probably link to what i am saying : Firebase issue #12557 Thank you very much for your feedback !