Missing API declaration

If you're an iOS (or Flutter like me) app developer, you've probably already encountered a warning from Apple: ITMS-91053: Missing API Declaration.

Why does Apple send letters to developers?

Apple is committed to improving user data protection and requires developers to provide detailed information about how their apps use personal data. The PrivacyInfo.xcprivacy requirement aims to ensure that developers are clear about what data their apps collect and for what purposes that data is used.

Deadline for completing the PrivacyInfo.xcprivacy file

By May 1, 2024, all applications must be updated and must contain a PrivacyInfo.xcprivacy file with correctly completed privacy information.

First, let's update the libraries

Most libraries already include Privacy Manifest. Check for updates to the libraries you use.

Creating and filling out the PrivacyInfo.xcprivacy file

Creating a file

1. File -> New -> File

2. Select an App Privacy template

3. Name the file PrivacyInfo and save

Filling out the file

1. Specify the type of data from the email from Apple (for example, location, contacts, photos, etc.)

2. Find a category in the documentation

3. Describe how this data is used by your application and justify the need to collect this data

Example of my code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
 <key>NSPrivacyTracking</key>
 <false/>
 <key>NSPrivacyTrackingDomains</key>
 <array/>
 <key>NSPrivacyCollectedDataTypes</key>
 <array/>
 <key>NSPrivacyAccessedAPITypes</key>
 <array>
  <dict>
   <key>NSPrivacyAccessedAPIType</key>
   <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
   <key>NSPrivacyAccessedAPITypeReasons</key>
   <array>
    <string>3B52.1</string>
   </array>
  </dict>
  <dict>
   <key>NSPrivacyAccessedAPIType</key>
   <string>Disk space</string>
   <key>NSPrivacyAccessedAPITypeReasons</key>
   <array>
    <string>7D9E.1</string>
   </array>
  </dict>
  <dict>
   <key>NSPrivacyAccessedAPIType</key>
   <string>System boot time</string>
   <key>NSPrivacyAccessedAPITypeReasons</key>
   <array>
    <string>35F9.1</string>
   </array>
  </dict>
  <dict>
   <key>NSPrivacyAccessedAPIType</key>
   <string>User defaults</string>
   <key>NSPrivacyAccessedAPITypeReasons</key>
   <array>
    <string>CA92.1</string>
   </array>
  </dict>
 </array>
</dict>
</plist>

Tips for filling

• Make sure you indicate all the data you collect, as well as the purpose for collecting the data.

• Be honest. This will help avoid problems with application verification.

• If you don't know for what purpose a certain category is used in an application, you can look for specific methods in the code. Marco Eidinger talks about this method in his article.

Conclusion

Don't forget that by May 1, 2024, all applications must be updated to take into account the new privacy requirements and must contain the PrivacyInfo.xcprivacy file. Don't delay updating the file!

If it was interesting and useful, I invite you to my Linkedin.

useful links

Describing use of required reason API.

Privacy manifest files.

WWDC23 Privacy report.

Example of PrivacyInfo.xcprivacy.