Note: I know updating to the latest packages/SDKs is the correct long term solution but that is not currently an option.
I'm encountering issues with App Store Connect not acknowledging my manually created PrivacyInfo.xcprivacy file. Despite following the standard procedure to add the privacy manifest, the same SDK-related issues persist as if the manifest isn't present.
Steps Taken:
Adding the Privacy Manifest in Xcode:
Inserted the following content:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<!-- Global Tracking Settings -->
<key>NSPrivacyTracking</key>
<false/>
<key>NSPrivacyTrackingDomains</key>
<array/>
<!-- Collected Data Types -->
<key>NSPrivacyCollectedDataTypes</key>
<array>
<!-- NSPrivacyCollectedDataTypeOtherDiagnosticData -->
<dict>
<key>NSPrivacyCollectedDataType</key>
<string>NSPrivacyCollectedDataTypeOtherDiagnosticData</string>
<key>NSPrivacyCollectedDataTypeLinked</key>
<false/>
<key>NSPrivacyCollectedDataTypeTracking</key>
<false/>
<key>NSPrivacyCollectedDataTypePurposes</key>
<array>
<!-- From Firestore, Installations, GoogleDataTransport -->
<string>NSPrivacyCollectedDataTypePurposeAnalytics</string>
<!-- From Messaging -->
<string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
</array>
</dict>
<!-- NSPrivacyCollectedDataTypeDeviceID from Messaging -->
<dict>
<key>NSPrivacyCollectedDataType</key>
<string>NSPrivacyCollectedDataTypeDeviceID</string>
<key>NSPrivacyCollectedDataTypeLinked</key>
<false/>
<key>NSPrivacyCollectedDataTypeTracking</key>
<false/>
<key>NSPrivacyCollectedDataTypePurposes</key>
<array>
<string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
</array>
</dict>
<!-- NSPrivacyCollectedDataTypeOtherDataTypes from Messaging and Dynamic Links -->
<dict>
<key>NSPrivacyCollectedDataType</key>
<string>NSPrivacyCollectedDataTypeOtherDataTypes</string>
<key>NSPrivacyCollectedDataTypeLinked</key>
<false/>
<key>NSPrivacyCollectedDataTypeTracking</key>
<false/>
<key>NSPrivacyCollectedDataTypePurposes</key>
<array>
<string>NSPrivacyCollectedDataTypePurposeAnalytics</string>
<string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
</array>
</dict>
</array>
<!-- Accessed API Types -->
<key>NSPrivacyAccessedAPITypes</key>
<array>
<!-- NSPrivacyAccessedAPICategoryFileTimestamp from Dynamic Links and GoogleUtilities -->
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>C617.1</string>
</array>
</dict>
<!-- NSPrivacyAccessedAPICategoryUserDefaults from Firebase Core, Dynamic Links, and GoogleUtilities -->
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>CA92.1</string>
<string>1C8F.1</string>
<string>C56D.1</string>
</array>
</dict>
</array>
</dict>
</plist>
Observations:
Potential Issues Considered:
Request for Assistance:
Has anyone faced similar challenges with manually created privacy manifests not being recognized by App Store Connect? Any insights into ensuring the manifest is correctly formatted and acknowledged would be greatly appreciated.
Note: While updating to the latest SDK versions is the ideal long-term solution, it's not feasible in my current situation.
Email from app store:
Please correct the following issues and upload a new binary to App Store Connect. ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/Capacitor.framework/Capacitor”, which includes Capacitor, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: https://developer.apple.com/support/third-party-SDK-requirements.
Repeated 10 more times for the other SDKs.
Note this is for an Ionic / Capacitor hybrid app but this should not make a difference.
Update:
The later versions of the packages have privacy manifests in their repos, this is what I used to create the main privacy manifest. I could potentially manually add a manifest for each SDK but not sure where to add these. Any suggestions here?
Update: I have no idea why both my questions on this subject have been closed. This is a legitimate technical question with other people interested and responding. Please reopen.
I found a solution that does not involve updating the packages / SDKs. My app has been approved and is in the app store now.
Find all the PrivacyInfo.xcprivacy files for the SDK’s that the rejection email mentions.
Create a combined PrivacyInfo.xcprivacy file from those.
Place the file in ios/App/App folder. Note that you have to add from Xcode and add your target as a resource.
Add a new privacy manifest file in the Pods/Frameworks folder in Xcode 4A) Copy the same privacy manifest as in step 3 into this. 4b) Set the Target Membership to all of the SDKs/Frameworks. e.g. “Capacitor”, “CapacitorApp” Good to go.
If anyone wants more detail let me know.
Of course the recommended solution is to update to the latest packages but if you can’t this is a option.
More info here