Great video, saved me a lot of time! But i have a question: why isn’t the app privacy report on the app store automatically filled in based on the plist file? Do I really need to copy paste everything manually from the Xcode generated pdf?
I believe so at this point. This is all brand new stuff. The idea for the privacy report is to help you fill out your privacy info on the App Store. Before the privacy report you just had to guess what the 3rd party SDKs were doing.
@@seanallen yes, same. It's poorly done by Apple. Only look at the emails they send. It's a wall of text. I really thought my build was broken. In my opinion it causes too much confusion. In the end, it is a good thing, but the message could be delivered a bit more "politely" (sorry not a native speaker) Keep up the good work 💪
Thanks, it took some time dig around and figure of the structure when the notice first popped up, as well as needing to generate the privacy report manually. I thought the plist was be sufficient enough and that the report would be generated automatically. This'll help remove some confusion for some devs
Thanks for sharing all of this valuable informations. I have a question please, it's not clear for me if the privacy Nutrition Label is required in the privacy ma manifest ? Thanks
Thanks so much for the content, as usual. I do have some legacy libraries which are not really maintained, can I still use them by declaring what they are tracking and putting them manually into the privacyInfo? Most of my libraries are ones mentioned by Apple, e.g Firebase, but I do use uncommon ones.
I mention this in the video, but if your app is already on the App Store and is using these libraries, you don't have to do anything. You're grandfathered in. It only applies if you are submitting a brand new app or adding one of those SDKs in an app update.
Thanks for sharing great knowledge Sean. I have this confusion, can you please help, If I have an app and I'm using one of the lib from the list so still I will have to update app with privacy file? OR only if I'm submitting a new app or adding any new lib?
If you are using a required reasons API (like user defaults) then you have to add the privacy manifest no matter what. If you are using a 3rd party SDK that is on that list, the way I read the documentation (as I do in the video), they 3rd party SDKs have to have a privacy manifest when submitting a new app or if you add that SDK as an app update.
Very Nice. I am going to use this as a tutorial to update my pList on my next app update. Thank you for such a nice detailed video. Appreciate it a lot.
We have an app which uses lot of inactive SDKs now(Last updated around 3-4 years ago), and getting email for Required reasons APIs. What should I do if I need to release some app updates?
As I read the documentation, you will need to include a privacy manifest in your app and declare that you are using the required reason API for. You will need to do your best to understand WHAT those 3rd party SDKs is using it for and declare the proper reason.
It should be noted that, although a PIA for developers, this is a good thing and is trying to avoid the use of 3rd party APIs collecting data and avoiding any need to report it to the user, even without the developers knowledge (as well as generally make the Privacy Nutrition labels better).
1 question: I am currently building an app for launching in the App Store. My question is my app sign in /sign up from the backend data fetch by firebase, then how can I fatch these in the future and what will be the alternatives? AppAuth is also in the list. Love from 🇮🇳
You can still use the FirebaseSDK. I assume Firebase is updated often enough that they most likely already have the privacy manifest implemented. You would have to check their repo (like I mention in the video). But if they updated it, you should be fine as long as you're using the latest version of the package.
Im about to launch an app and sometimes I get so much into the bone that I forget to check on those kinds of details. You are a saint for breaking this stuff down, INSTANT SUBSCRIBE :D
You never described how to add third party SDK pod privacy info to the app's privacy.xcprivacy file, in case the third party pod does not have a privacy manifest. Should we just figure out what the SDK does and 'wing it' in the app's .xcprivacy file?
@@seanallen I followed the tutorial step by step. 1. Added Privacy manifest. 2. Added key 'Privacy Accessed API Types' with type 'User Defaults' (Used Key from Apple's website) 3. Added Reason (CA92.1) 4. Submitted the build to appstore After doing these steps I still got the mail from Apple saying - ITMS-91053: Missing API declaration- Your app’s code in the “xyz” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. Am I missing any step here?
@@seanallen I followed the tutorial step by step. 1. Added Privacy manifest. 2. Added key 'Privacy Accessed API Types' with type 'User Defaults' (Used Key from Apple's website) 3. Added Reason (CA92.1) 4. Submitted the build to appstore After doing these steps I still got the mail from Apple saying - ITMS-91053: Missing API declaration- Your app’s code in the “xyz” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. Am I missing any step here?
If the 3rd party SDKs have not included the privacy manifest, can you cover them in your own app's manifest file? For example if a 3rd party is using UserDefaults without the manifest file, can I include its use of UserDefaults in my app's privacy manifest?
Hopefully some day, UA-cam (and other Social Media sites) will realize the people are being manipulated in ways that are distinctly NOT positive and show some actual responsibility 😉
If my app splits and saves video files to the users photos or files do I need to include this? My app does not store or use their media, they just use the app to modify it and then save or share the modified media.
Hello, is it possible to create this file and fill in the data in the project and upload the app to the appstore? Do we not need to send the reported .pdf file to another place?🙄
Just to clarify, this only applies if you are making a new update to your app or creating a new one? i.e. If I have an app currently on the store that uses UserDefaults and requires location updates, do I need to update it with the new privacy manifest file now? Or do I only need to do it when I make an update to the store?
I have 2 app. The 1st app is a framework. I build it in release mode. And "pod install" it for my 2nd app like install Firebase sdk... I only install 1st app(framework) for 2nd app. Not public my 1st app. Should i create privacy manifests file for the 1st app?
@@seanallen thanks, so if I've understood correctly, even though our SDK is not listed by Apple, If we use UserDefaults in our SDK we should provide privacy manifest file.
This is all new, so I'm not 100% sure. But that's how I read it. As you saw, it's a very simple implementation, so it can't hurt to add it to your next update.
I have a question Our apps use alot of 3rd party SDKs. Is it possible to just add all the required reasons in the app's manifest file without having to upgrade the libraries?
Thanks a lot of explaining all this, Sean. I was feeling a bit lost on this topic. On a related note. Is anyone else feeling like iOS development is becoming less fun due to these annoying grunt work? Setting up all the privacy nutrition labels on App Store Connect was tiresome enough. Now I have to do it in a plist AND do it in ASC again? You'd think ASC could simply automate this since we're supplying a damn plist with the app! Knowing how unreasonable and frustrating app reviewing can be, now I might have to face rejections due to the third-party SDKs as well. I haven't even thought about dealing with all the concurrency changes in the upcoming Swift version! I have half a mind to ditch iOS development and switch my stack altogether 😩
It definitely gets more complex every year as Apple updates and builds new things. But I imagine other platforms deal with this as well. The only constant in technology is change.
You want another source other than Apple itself? developer.apple.com/support/third-party-SDK-requirements/#:~:text=SDKs%20that%20require%20a%20privacy%20manifest%20and%20signature&text=Starting%20in%20spring%202024%2C%20you,as%20part%20of%20the%20update.
@@seanallen sorry for the confusion, i still dont understand... what if i have an app that uses those sdk-s (and old app), and i want to release updates, but not adding any of those sdk-s, just to continue using them?
According to that linked documentation, those SDKs only require a privacy manifest if you are submitting a new app to the app store that includes them OR if you are updating an existing app that is adding one of those SDKs.
It's a shame this isn't auto-generated by sniffing out which SDKs and APIs are used. At least make the first version and let us edit it before submission.
I don't think it's true that this only applies if the app is just adding an SDK, or a new app, Apple's email implies differently. The SDKs that use these, that it is warning about, were not added be me. Similar comments can be seen elsewhere in the comment section.
I read that right from Apple's documentation. To clarify, if you (or the 3rd party SDK) are using a "required reasons" API (like user defaults), you have to add the privacy manifest no matter what. The new app or adding an SDK into an app thing only applies to the 3rd party SDKs that are on that list. What does the email you received from Apple say?
Hopefully it will be smart enough to know that if you are collecting Health Data NOT linked to customer, you can't possibly be using it for Product Personalization and will reject your app. 🤣
@@seanallen I sent an update to my application today by watching your video and it was approved without any problems. Thank you for preparing such valuable and useful content.
In other words, a shed load of time spent which will have no impact or value for 99.99% of all users, who don't even read the privacy nutrition labels. Thanks Apple!
Learn more iOS Dev with my Swift, SwiftUI & UIKit courses at seanallen.teachable.com
What if I use user's location and I don't store it. Do I still have to add it in the list?
I was lazy and just waited on video from you to fix this in my projects :)
Thank you!
Glad I could help, Aivars :)
Thanks for breaking this down. Sometimes I have a hard time keeping up with these updates from Apple
It's damn near a full-time job...
I'm an Android dev and dont worry, we are lost too
I develop for android and iOS. I’m a bit masochistic
@@peterpaniccc net MAUI?
thanks Sean, amazing video! There's no content like this on the web, please keep on posting
Thanks, will do!
Great video, saved me a lot of time! But i have a question: why isn’t the app privacy report on the app store automatically filled in based on the plist file? Do I really need to copy paste everything manually from the Xcode generated pdf?
I believe so at this point. This is all brand new stuff. The idea for the privacy report is to help you fill out your privacy info on the App Store. Before the privacy report you just had to guess what the 3rd party SDKs were doing.
Thank you. Awesome content. Unfortunately I watched this after figuring out myself, which was painful
Ah, that sucks. It took me a while to read into this to sort of understand it (some of it is still a little vague)
@@seanallen yes, same. It's poorly done by Apple. Only look at the emails they send. It's a wall of text. I really thought my build was broken. In my opinion it causes too much confusion. In the end, it is a good thing, but the message could be delivered a bit more "politely" (sorry not a native speaker)
Keep up the good work 💪
Thank you for sharing the updates🙌
You bet!
Thanks, it took some time dig around and figure of the structure when the notice first popped up, as well as needing to generate the privacy report manually. I thought the plist was be sufficient enough and that the report would be generated automatically. This'll help remove some confusion for some devs
Great video, thanks. Can you confirm that existing apps are grandfathered in? I've seen conflicting information on this. Thanks!
Thanks for sharing all of this valuable informations. I have a question please, it's not clear for me if the privacy Nutrition Label is required in the privacy ma manifest ? Thanks
Thank you! really useful and a great explanation!
Glad it was helpful!
thank you, I am soon publishing my first iOS app to App Store and this is helpful. Is it required for uploading app in TestFlight also?
This is not required for Test Flight (as far as I know)
thanks for the clarity and explanation! 😀
Glad it was helpful!
Thanks so much for the content, as usual. I do have some legacy libraries which are not really maintained, can I still use them by declaring what they are tracking and putting them manually into the privacyInfo? Most of my libraries are ones mentioned by Apple, e.g Firebase, but I do use uncommon ones.
I mention this in the video, but if your app is already on the App Store and is using these libraries, you don't have to do anything. You're grandfathered in. It only applies if you are submitting a brand new app or adding one of those SDKs in an app update.
Thank you, Sean! Useful as always! 👏
Glad you liked it!
Thanks for sharing great knowledge Sean. I have this confusion, can you please help, If I have an app and I'm using one of the lib from the list so still I will have to update app with privacy file? OR only if I'm submitting a new app or adding any new lib?
If you are using a required reasons API (like user defaults) then you have to add the privacy manifest no matter what. If you are using a 3rd party SDK that is on that list, the way I read the documentation (as I do in the video), they 3rd party SDKs have to have a privacy manifest when submitting a new app or if you add that SDK as an app update.
Very Nice. I am going to use this as a tutorial to update my pList on my next app update. Thank you for such a nice detailed video. Appreciate it a lot.
Happy to help, Nilesh. It was actually quite simple to implement. The tricky part was understanding what's required.
@@seanallen Absolutely. Also I have a question on Deep dish swift. I will DM you on twitter.
Thanks Sean, Nicely explained, I guess signature part is missing that also mandatory for xcframeworks
Yes, 3rd party SDKs that are on that list will need a signature.
We have an app which uses lot of inactive SDKs now(Last updated around 3-4 years ago), and getting email for Required reasons APIs. What should I do if I need to release some app updates?
As I read the documentation, you will need to include a privacy manifest in your app and declare that you are using the required reason API for. You will need to do your best to understand WHAT those 3rd party SDKs is using it for and declare the proper reason.
@@seanallen So I need to add the required reasons API details in my privacy manifest file on behalf of the inactive SDKs?
It should be noted that, although a PIA for developers, this is a good thing and is trying to avoid the use of 3rd party APIs collecting data and avoiding any need to report it to the user, even without the developers knowledge (as well as generally make the Privacy Nutrition labels better).
Exactly.
Thanks for the detail explanation Sean!
Happy to help!
Thank you Sean. Much easeier than Apple docs.
Happy to help
1 question: I am currently building an app for launching in the App Store. My question is my app sign in /sign up from the backend data fetch by firebase, then how can I fatch these in the future and what will be the alternatives? AppAuth is also in the list. Love from 🇮🇳
You can still use the FirebaseSDK. I assume Firebase is updated often enough that they most likely already have the privacy manifest implemented. You would have to check their repo (like I mention in the video). But if they updated it, you should be fine as long as you're using the latest version of the package.
Hi, Is it applicable to MDMs also? or just for store submissions?
Im about to launch an app and sometimes I get so much into the bone that I forget to check on those kinds of details.
You are a saint for breaking this stuff down, INSTANT SUBSCRIBE :D
Happy to help and welcome to the channel :)
You never described how to add third party SDK pod privacy info to the app's privacy.xcprivacy file, in case the third party pod does not have a privacy manifest. Should we just figure out what the SDK does and 'wing it' in the app's .xcprivacy file?
You're a saviour! Thanks for the clarity :)
No worries!
@@seanallen I followed the tutorial step by step.
1. Added Privacy manifest.
2. Added key 'Privacy Accessed API Types' with type 'User Defaults' (Used Key from Apple's website)
3. Added Reason (CA92.1)
4. Submitted the build to appstore
After doing these steps I still got the mail from Apple saying -
ITMS-91053: Missing API declaration- Your app’s code in the “xyz” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults.
Am I missing any step here?
@@seanallen I followed the tutorial step by step.
1. Added Privacy manifest.
2. Added key 'Privacy Accessed API Types' with type 'User Defaults' (Used Key from Apple's website)
3. Added Reason (CA92.1)
4. Submitted the build to appstore
After doing these steps I still got the mail from Apple saying -
ITMS-91053: Missing API declaration- Your app’s code in the “xyz” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults.
Am I missing any step here?
Great overview for the new privacy rules. Apple is trying to confuse us. This breaks it down very clearly.
Happy to help!
If the 3rd party SDKs have not included the privacy manifest, can you cover them in your own app's manifest file? For example if a 3rd party is using UserDefaults without the manifest file, can I include its use of UserDefaults in my app's privacy manifest?
I believe so. Remember, this is all brand new so no one has experience with this yet. But as I read the documentation, I believe that's true.
@@seanallen Thank you for your response, i suppose we have to try and find out. Apple docs were a bit vague
what about if im not colleting any data from the nutricion option what do i put in colletion
thanks
this is super useful, thanks so much!
Glad it was helpful!
@@seanallen 🤫 errorMessage: print("copy paste answer or duplicated") 🥶🥶🥶
Thank you very much. This video was very helpful for me ❤
You're welcome 😊
thx for this material. your news are helpful a lot
Happy to help.
Awesome, thank you for the valuable information.
Glad it was helpful!
Thanks for the info., I would be lost without this...
Glad to help
I added the UserDefaults information for my ap, but I'm not sure how to do the same for the firebase sdk which uses a users name and email... Help!
Thanks so much!! You are amazing ! 💥
Glad it helped!
Super helpful, thank you!!!
Glad it was helpful!
Thanks for sharing Sean, but why so stress-inducing title ?!
The game of UA-cam, my friend.
Hopefully some day, UA-cam (and other Social Media sites) will realize the people are being manipulated in ways that are distinctly NOT positive and show some actual responsibility 😉
If my app splits and saves video files to the users photos or files do I need to include this? My app does not store or use their media, they just use the app to modify it and then save or share the modified media.
Thanks Sean! Very nice.
Glad you liked it!
Hello, is it possible to create this file and fill in the data in the project and upload the app to the appstore? Do we not need to send the reported .pdf file to another place?🙄
Just to clarify, this only applies if you are making a new update to your app or creating a new one? i.e. If I have an app currently on the store that uses UserDefaults and requires location updates, do I need to update it with the new privacy manifest file now? Or do I only need to do it when I make an update to the store?
Right. Your next update will be rejected if you don't have a privacy manifest. But if you never update the app, then you won't have to do anything.
Thank you so much for this!
I have 2 app. The 1st app is a framework. I build it in release mode. And "pod install" it for my 2nd app like install Firebase sdk...
I only install 1st app(framework) for 2nd app. Not public my 1st app.
Should i create privacy manifests file for the 1st app?
what if a third party used Userdefaults? Does the third party SDK should provide privacy manifest too?
As far as I understand, yes. The SDKs should be updating their privacy manifests and if they use UserDefaults, that should be included.
@@seanallen thanks, so if I've understood correctly, even though our SDK is not listed by Apple, If we use UserDefaults in our SDK we should provide privacy manifest file.
This is all new, so I'm not 100% sure. But that's how I read it. As you saw, it's a very simple implementation, so it can't hurt to add it to your next update.
@@seanallen lol no, I've already published it in jan release, now I was wondering whether was is necessary or not
I have a question
Our apps use alot of 3rd party SDKs. Is it possible to just add all the required reasons in the app's manifest file without having to upgrade the libraries?
Thanks a lot of explaining all this, Sean. I was feeling a bit lost on this topic.
On a related note. Is anyone else feeling like iOS development is becoming less fun due to these annoying grunt work? Setting up all the privacy nutrition labels on App Store Connect was tiresome enough. Now I have to do it in a plist AND do it in ASC again? You'd think ASC could simply automate this since we're supplying a damn plist with the app!
Knowing how unreasonable and frustrating app reviewing can be, now I might have to face rejections due to the third-party SDKs as well.
I haven't even thought about dealing with all the concurrency changes in the upcoming Swift version!
I have half a mind to ditch iOS development and switch my stack altogether 😩
It definitely gets more complex every year as Apple updates and builds new things. But I imagine other platforms deal with this as well. The only constant in technology is change.
Thanks Sean!
No worries!
after make the file
should upload the file manifest?
and where?
Thanks a lot!!! 🙌
Happy to help!
Thanks for sharing! 🙌🏻
Happy to help.
Thanks for the info ℹ️ 🙏
No problem 👍
Do you know of any other sources confirming that you’re grandfathered in if you your app is already in the store and uses those SDKs?
You want another source other than Apple itself? developer.apple.com/support/third-party-SDK-requirements/#:~:text=SDKs%20that%20require%20a%20privacy%20manifest%20and%20signature&text=Starting%20in%20spring%202024%2C%20you,as%20part%20of%20the%20update.
@@seanallen sorry for the confusion, i still dont understand... what if i have an app that uses those sdk-s (and old app), and i want to release updates, but not adding any of those sdk-s, just to continue using them?
According to that linked documentation, those SDKs only require a privacy manifest if you are submitting a new app to the app store that includes them OR if you are updating an existing app that is adding one of those SDKs.
So does this replace all the clicking on app store connect that we previously had to do to create the privacy nutrition labels?
No. the privacy report that gets generated is just an aid to help all that clicking be more accurate.
@@seanallen Hopefully Apple makes nutrition labels automatically for us soon.
@@zacdemi That would be ideal!
@@seanallen Ok thanks..
Thanks fro sharing!
You bet!
Cảm ơn Sean! Rất hữu ích
We added facebook sdk to our react native expo app, how should we go about fixing this in react native?
I've never built anything in ReactNative, so I can't say.
Thanks Bud!
thanks a lot!
Happy to help
I did all the things, declaring all privacy in the PrivacyInfo, but it still shows same issue while submitting the app.
Tough to say what's going on without any more info. Are you using one of the SDKs on the list? What required reasons API are you using?
Yes
It's a shame this isn't auto-generated by sniffing out which SDKs and APIs are used. At least make the first version and let us edit it before submission.
I don't think it's true that this only applies if the app is just adding an SDK, or a new app, Apple's email implies differently. The SDKs that use these, that it is warning about, were not added be me. Similar comments can be seen elsewhere in the comment section.
I read that right from Apple's documentation. To clarify, if you (or the 3rd party SDK) are using a "required reasons" API (like user defaults), you have to add the privacy manifest no matter what. The new app or adding an SDK into an app thing only applies to the 3rd party SDKs that are on that list. What does the email you received from Apple say?
thanks
You're welcome!
If App Store Connect can detect what APIs are being used why can’t it generate a manifest automatically?
i'm guessing that's because it's down to the devs to specify what the app is doing, it can't be one size fits all
Yup 👆
@@andreabottino2714 it could just autofill the APIs and let the dev specify the reason
iOS devs need to suffer 😂
Hopefully it will be smart enough to know that if you are collecting Health Data NOT linked to customer, you can't possibly be using it for Product Personalization and will reject your app. 🤣
Lol, oops. I was riffing off the top of my head and didn't put that together 🤣
Another reason I hate Apple as developer, nice video though, Thanks!
Teşekkürler.
I appreciate the generosity! Happy the video was helpful.
@@seanallen I sent an update to my application today by watching your video and it was approved without any problems. Thank you for preparing such valuable and useful content.
I like it. It may be a bit of hassle but this is bringing another layer of safety for everyone. Less liabilities to data protection claims?
In other words, a shed load of time spent which will have no impact or value for 99.99% of all users, who don't even read the privacy nutrition labels. Thanks Apple!
Hello,
First 🎉
damn, I am too late...
Gotta be quick
:pepeuwu:
🫡