Email received from Apple - NSPrivacyAccessedAPITypes array missed

Today I received an email from Apple after updated one of my games. According to Apple there is a missing array in my app’s privacy manifest to provide approved reasons for some APIs used by my app’s code. I’ve attached the letter below:

Hello,

We noticed one or more issues with a recent submission for App Store review for the following app:

  • Woodpuzzle - Number Match Game
  • Version 1.4
  • Build 2024.3.270503

Although submission for App Store review was successful, you may want to correct the following issues in your next submission for App Store review. Once you’ve corrected the issues, upload a new binary to App Store Connect.

ITMS-91053: Missing API declaration - Your app’s code in the “Woodpuzzle” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: Describing use of required reason API | Apple Developer Documentation.

ITMS-91053: Missing API declaration - Your app’s code in the “Woodpuzzle” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: Describing use of required reason API | Apple Developer Documentation.

ITMS-91053: Missing API declaration - Your app’s code in the “Woodpuzzle” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: Describing use of required reason API | Apple Developer Documentation.

ITMS-91053: Missing API declaration - Your app’s code in the “Woodpuzzle” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: Describing use of required reason API | Apple Developer Documentation.

Apple Developer Relations

This is a known issue and Vlad is working on it.

2 Likes

Any news on this? It still is showing up and uploading new games and updates only will work until May with this error.

According to GitHub, there is a fix that is being tested now. If I understand correctly, all the plugins need to be updated with privacy information, so I suspect it’s going to be a big push right up to the end.

Thank you very much!

I just updated on May 13 using all the same Solar2D, Xcode and plugin versions as previous builds that triggered the warning email from Apple. The update was accepted and I didn’t get an email from Apple. Speculating about what’s going on at Apple is a foolish, but it appears that they have quietly extended the deadline for compliance.

Until we get a version of Solar2D that addresses Apple’s new requirement, I’m going to be holding my breath every time I update, which is no fun, but everything seems to be working as usual at the moment. (YMMV, etc.)

2 Likes

I added the xcprivacy settings in this version of Solar2D I made, it also includes Xcode 15.3-15.4 support

2 Likes

Thank you @Scott_Harrison
And what about the rest of the API categories?:
NSPrivacyAccessedAPICategoryDiskSpace, NSPrivacyAccessedAPICategorySystemBootTime and NSPrivacyAccessedAPICategoryUserDefaults

You’ll need to make an entry for each API type and then look up the reasons here:

@Scott_Harrison might need to correct the assumptions I’ve made about braces and commas, but I think the xcprivacy portion of your build.settings would end up looking like this:

xcprivacy = {
            NSPrivacyAccessedAPITypes = {
                { NSPrivacyAccessedAPIType = "NSPrivacyAccessedAPICategoryFileTimestamp", NSPrivacyAccessedAPITypeReasons = { "3B52.1"} },
                { NSPrivacyAccessedAPIType = "NSPrivacyAccessedAPICategoryDiskSpace", NSPrivacyAccessedAPITypeReasons = { "E174.1"} },
                { NSPrivacyAccessedAPIType = "NSPrivacyAccessedAPICategorySystemBootTime", NSPrivacyAccessedAPITypeReasons = { "35F9.1"} },
                { NSPrivacyAccessedAPIType = "NSPrivacyAccessedAPICategoryUserDefaults", NSPrivacyAccessedAPITypeReasons = { "CA92.1"} },
            }
        },
2 Likes

Thank you @colinmorgan
Hey @Scott_Harrison, could you please confirm if the structure posted by colinmorgan is correct?

Scott “Hearted” the post, so I think that means it’s correct. :man_shrugging:

Yeah that’s right :slight_smile:

1 Like

We had an email about this back in April, but haven’t had any more despite having lots of submissions since then.
Looking at Apple’s docs, it seems that third party SDKs need their own xcprivacy settings. Presumably it was a 3rd party SDK that caused our warning in the first place rather than our own code, and whichever company that was has now resolved it in an SDK update.
Does that sound right @Scott_Harrison , or have you had to update any of your plugins manually to account for this?

Well that deadline was 6 months ago. I haven’t added the info since then, but have had dozens of submissions accepted without any warnings. Presumably I don’t use any of those APIs, so it’s weird that a single submission in April did trigger the warning. Not going to worry about it if they’re accepting my builds as they are.