Your App Will Get Rejected | New Privacy Rules - 2024
Вставка
- Опубліковано 3 лип 2024
- As of May 1st, 2024 Apple implemented new privacy requirements for all new apps and app updates. These rules require a privacy manifest for popular third party SDKs and your app if you are using a required reason API. UserDefaults is a required reason API so this will affect the vast majority of us.
I show you how to create a privacy manifest in Xcode to fix this issue so can get through app review and get your app on the App Store.
My iOS Dev Courses:
seanallen.teachable.com/
Privacy Updates for App Store Submissions:
developer.apple.com/news/?id=...
Upcoming third-party SDK requirements:
developer.apple.com/support/t...
Describing use of required reason API:
developer.apple.com/documenta...
Describing data use in privacy manifests:
developer.apple.com/documenta...
My Source Code:
seanallen.teachable.com/p/sou...
X (Twitter):
Sean Allen - / seanallen_dev
Hired.com:
hired.com/x/1n01g
Book and learning recommendations that help out the channel if you decide to purchase (Affiliate Links):
Mark Moeyken’s SwiftUI Books:
www.bigmountainstudio.com/a/f...
Paul Hudson's Hacking With Swift:
gumroad.com/a/762098803
RocketSim - Enhance Your Xcode Simulator:
gumroad.com/a/51797971/ftvbh
Objc.io Books (Thinking in SwiftUI & Advanced Swift):
gumroad.com/a/656585843
Timestamps:
0:00 - New App Store Privacy Requirements
0:41 - New 3rd Party SDK Requirements
1:41 - Does this apply to you?
3:06 - What to do about it.
4:45 - Privacy Manifest - User Defaults fix example
5:38 - Required Reasons APIs
8:10 - Your App's Privacy Collection (Health example)
10:39 - Generate Privacy Report in Xcode
#swift #softwaredeveloper #iosdeveloper - Наука та технологія
Learn more iOS Dev with my Swift, SwiftUI & UIKit courses at seanallen.teachable.com
What if I use user's location and I don't store it. Do I still have to add it in the list?
I was lazy and just waited on video from you to fix this in my projects :)
Thank you!
Glad I could help, Aivars :)
Thanks for breaking this down. Sometimes I have a hard time keeping up with these updates from Apple
It's damn near a full-time job...
I'm an Android dev and dont worry, we are lost too
I develop for android and iOS. I’m a bit masochistic
@@peterpaniccc net MAUI?
thanks Sean, amazing video! There's no content like this on the web, please keep on posting
Thanks, will do!
Thank you so much for this!
Thank you for sharing the updates🙌
You bet!
thanks for the clarity and explanation! 😀
Glad it was helpful!
Thank you, Sean! Useful as always! 👏
Glad you liked it!
Thank you! really useful and a great explanation!
Glad it was helpful!
Super helpful, thank you!!!
Glad it was helpful!
Thanks Sean! Very nice.
Glad you liked it!
Thanks for the detail explanation Sean!
Happy to help!
Thanks so much!! You are amazing ! 💥
Glad it helped!
thx for this material. your news are helpful a lot
Happy to help.
Thanks Sean!
No worries!
Thanks for sharing! 🙌🏻
Happy to help.
this is super useful, thanks so much!
Glad it was helpful!
@@seanallen 🤫 errorMessage: print("copy paste answer or duplicated") 🥶🥶🥶
Thank you very much. This video was very helpful for me ❤
You're welcome 😊
Thanks, it took some time dig around and figure of the structure when the notice first popped up, as well as needing to generate the privacy report manually. I thought the plist was be sufficient enough and that the report would be generated automatically. This'll help remove some confusion for some devs
Thanks a lot!!! 🙌
Happy to help!
Thanks Bud!
Thanks for the info ℹ️ 🙏
No problem 👍
You're a saviour! Thanks for the clarity :)
No worries!
@@seanallen I followed the tutorial step by step.
1. Added Privacy manifest.
2. Added key 'Privacy Accessed API Types' with type 'User Defaults' (Used Key from Apple's website)
3. Added Reason (CA92.1)
4. Submitted the build to appstore
After doing these steps I still got the mail from Apple saying -
ITMS-91053: Missing API declaration- Your app’s code in the “xyz” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults.
Am I missing any step here?
@@seanallen I followed the tutorial step by step.
1. Added Privacy manifest.
2. Added key 'Privacy Accessed API Types' with type 'User Defaults' (Used Key from Apple's website)
3. Added Reason (CA92.1)
4. Submitted the build to appstore
After doing these steps I still got the mail from Apple saying -
ITMS-91053: Missing API declaration- Your app’s code in the “xyz” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults.
Am I missing any step here?
Thanks fro sharing!
You bet!
Thank you Sean. Much easeier than Apple docs.
Happy to help
Awesome, thank you for the valuable information.
Glad it was helpful!
Thank you. Awesome content. Unfortunately I watched this after figuring out myself, which was painful
Ah, that sucks. It took me a while to read into this to sort of understand it (some of it is still a little vague)
@@seanallen yes, same. It's poorly done by Apple. Only look at the emails they send. It's a wall of text. I really thought my build was broken. In my opinion it causes too much confusion. In the end, it is a good thing, but the message could be delivered a bit more "politely" (sorry not a native speaker)
Keep up the good work 💪
thanks a lot!
Happy to help
Thanks for the info., I would be lost without this...
Glad to help
Cảm ơn Sean! Rất hữu ích
Very Nice. I am going to use this as a tutorial to update my pList on my next app update. Thank you for such a nice detailed video. Appreciate it a lot.
Happy to help, Nilesh. It was actually quite simple to implement. The tricky part was understanding what's required.
@@seanallen Absolutely. Also I have a question on Deep dish swift. I will DM you on twitter.
Thanks Sean, Nicely explained, I guess signature part is missing that also mandatory for xcframeworks
Yes, 3rd party SDKs that are on that list will need a signature.
Great video, thanks. Can you confirm that existing apps are grandfathered in? I've seen conflicting information on this. Thanks!
Thanks for sharing all of this valuable informations. I have a question please, it's not clear for me if the privacy Nutrition Label is required in the privacy ma manifest ? Thanks
Great video, saved me a lot of time! But i have a question: why isn’t the app privacy report on the app store automatically filled in based on the plist file? Do I really need to copy paste everything manually from the Xcode generated pdf?
I believe so at this point. This is all brand new stuff. The idea for the privacy report is to help you fill out your privacy info on the App Store. Before the privacy report you just had to guess what the 3rd party SDKs were doing.
thanks
You're welcome!
Great overview for the new privacy rules. Apple is trying to confuse us. This breaks it down very clearly.
Happy to help!
Im about to launch an app and sometimes I get so much into the bone that I forget to check on those kinds of details.
You are a saint for breaking this stuff down, INSTANT SUBSCRIBE :D
Happy to help and welcome to the channel :)
Thanks for this video. Somewhat overwhelmed with all this things I have to do for JUST one app. I get it, it's all for privacy but I feel like I'm going to need to put in a check list of all the things that I need to review before I submit an app to the App Store. Or is there such a list?!
Sadly, that's the facts of life as an iOS dev. It gets more complex year after year.
@@seanallen it does!
Of course, in this case, you could not collect user identifiable information 😀
Thanks so much for the content, as usual. I do have some legacy libraries which are not really maintained, can I still use them by declaring what they are tracking and putting them manually into the privacyInfo? Most of my libraries are ones mentioned by Apple, e.g Firebase, but I do use uncommon ones.
I mention this in the video, but if your app is already on the App Store and is using these libraries, you don't have to do anything. You're grandfathered in. It only applies if you are submitting a brand new app or adding one of those SDKs in an app update.
thank you, I am soon publishing my first iOS app to App Store and this is helpful. Is it required for uploading app in TestFlight also?
This is not required for Test Flight (as far as I know)
Thanks for sharing great knowledge Sean. I have this confusion, can you please help, If I have an app and I'm using one of the lib from the list so still I will have to update app with privacy file? OR only if I'm submitting a new app or adding any new lib?
If you are using a required reasons API (like user defaults) then you have to add the privacy manifest no matter what. If you are using a 3rd party SDK that is on that list, the way I read the documentation (as I do in the video), they 3rd party SDKs have to have a privacy manifest when submitting a new app or if you add that SDK as an app update.
Teşekkürler.
I appreciate the generosity! Happy the video was helpful.
@@seanallen I sent an update to my application today by watching your video and it was approved without any problems. Thank you for preparing such valuable and useful content.
Hi, Is it applicable to MDMs also? or just for store submissions?
It should be noted that, although a PIA for developers, this is a good thing and is trying to avoid the use of 3rd party APIs collecting data and avoiding any need to report it to the user, even without the developers knowledge (as well as generally make the Privacy Nutrition labels better).
Exactly.
after make the file
should upload the file manifest?
and where?
Thanks for sharing Sean, but why so stress-inducing title ?!
The game of UA-cam, my friend.
Hopefully some day, UA-cam (and other Social Media sites) will realize the people are being manipulated in ways that are distinctly NOT positive and show some actual responsibility 😉
1 question: I am currently building an app for launching in the App Store. My question is my app sign in /sign up from the backend data fetch by firebase, then how can I fatch these in the future and what will be the alternatives? AppAuth is also in the list. Love from 🇮🇳
You can still use the FirebaseSDK. I assume Firebase is updated often enough that they most likely already have the privacy manifest implemented. You would have to check their repo (like I mention in the video). But if they updated it, you should be fine as long as you're using the latest version of the package.
You never described how to add third party SDK pod privacy info to the app's privacy.xcprivacy file, in case the third party pod does not have a privacy manifest. Should we just figure out what the SDK does and 'wing it' in the app's .xcprivacy file?
Hello, is it possible to create this file and fill in the data in the project and upload the app to the appstore? Do we not need to send the reported .pdf file to another place?🙄
I have 2 app. The 1st app is a framework. I build it in release mode. And "pod install" it for my 2nd app like install Firebase sdk...
I only install 1st app(framework) for 2nd app. Not public my 1st app.
Should i create privacy manifests file for the 1st app?
Just to clarify, this only applies if you are making a new update to your app or creating a new one? i.e. If I have an app currently on the store that uses UserDefaults and requires location updates, do I need to update it with the new privacy manifest file now? Or do I only need to do it when I make an update to the store?
Right. Your next update will be rejected if you don't have a privacy manifest. But if you never update the app, then you won't have to do anything.
Thanks a lot of explaining all this, Sean. I was feeling a bit lost on this topic.
On a related note. Is anyone else feeling like iOS development is becoming less fun due to these annoying grunt work? Setting up all the privacy nutrition labels on App Store Connect was tiresome enough. Now I have to do it in a plist AND do it in ASC again? You'd think ASC could simply automate this since we're supplying a damn plist with the app!
Knowing how unreasonable and frustrating app reviewing can be, now I might have to face rejections due to the third-party SDKs as well.
I haven't even thought about dealing with all the concurrency changes in the upcoming Swift version!
I have half a mind to ditch iOS development and switch my stack altogether 😩
It definitely gets more complex every year as Apple updates and builds new things. But I imagine other platforms deal with this as well. The only constant in technology is change.
If the 3rd party SDKs have not included the privacy manifest, can you cover them in your own app's manifest file? For example if a 3rd party is using UserDefaults without the manifest file, can I include its use of UserDefaults in my app's privacy manifest?
I believe so. Remember, this is all brand new so no one has experience with this yet. But as I read the documentation, I believe that's true.
@@seanallen Thank you for your response, i suppose we have to try and find out. Apple docs were a bit vague
We have an app which uses lot of inactive SDKs now(Last updated around 3-4 years ago), and getting email for Required reasons APIs. What should I do if I need to release some app updates?
As I read the documentation, you will need to include a privacy manifest in your app and declare that you are using the required reason API for. You will need to do your best to understand WHAT those 3rd party SDKs is using it for and declare the proper reason.
@@seanallen So I need to add the required reasons API details in my privacy manifest file on behalf of the inactive SDKs?
Do you know of any other sources confirming that you’re grandfathered in if you your app is already in the store and uses those SDKs?
You want another source other than Apple itself? developer.apple.com/support/third-party-SDK-requirements/#:~:text=SDKs%20that%20require%20a%20privacy%20manifest%20and%20signature&text=Starting%20in%20spring%202024%2C%20you,as%20part%20of%20the%20update.
@@seanallen sorry for the confusion, i still dont understand... what if i have an app that uses those sdk-s (and old app), and i want to release updates, but not adding any of those sdk-s, just to continue using them?
According to that linked documentation, those SDKs only require a privacy manifest if you are submitting a new app to the app store that includes them OR if you are updating an existing app that is adding one of those SDKs.
It's a shame this isn't auto-generated by sniffing out which SDKs and APIs are used. At least make the first version and let us edit it before submission.
We added facebook sdk to our react native expo app, how should we go about fixing this in react native?
I've never built anything in ReactNative, so I can't say.
So does this replace all the clicking on app store connect that we previously had to do to create the privacy nutrition labels?
No. the privacy report that gets generated is just an aid to help all that clicking be more accurate.
@@seanallen Hopefully Apple makes nutrition labels automatically for us soon.
@@zacdemi That would be ideal!
@@seanallen Ok thanks..
I did all the things, declaring all privacy in the PrivacyInfo, but it still shows same issue while submitting the app.
Tough to say what's going on without any more info. Are you using one of the SDKs on the list? What required reasons API are you using?
Yes
I don't think it's true that this only applies if the app is just adding an SDK, or a new app, Apple's email implies differently. The SDKs that use these, that it is warning about, were not added be me. Similar comments can be seen elsewhere in the comment section.
I read that right from Apple's documentation. To clarify, if you (or the 3rd party SDK) are using a "required reasons" API (like user defaults), you have to add the privacy manifest no matter what. The new app or adding an SDK into an app thing only applies to the 3rd party SDKs that are on that list. What does the email you received from Apple say?
Another reason I hate Apple as developer, nice video though, Thanks!
Hello,
what if a third party used Userdefaults? Does the third party SDK should provide privacy manifest too?
As far as I understand, yes. The SDKs should be updating their privacy manifests and if they use UserDefaults, that should be included.
@@seanallen thanks, so if I've understood correctly, even though our SDK is not listed by Apple, If we use UserDefaults in our SDK we should provide privacy manifest file.
This is all new, so I'm not 100% sure. But that's how I read it. As you saw, it's a very simple implementation, so it can't hurt to add it to your next update.
@@seanallen lol no, I've already published it in jan release, now I was wondering whether was is necessary or not
I have a question
Our apps use alot of 3rd party SDKs. Is it possible to just add all the required reasons in the app's manifest file without having to upgrade the libraries?
Hopefully it will be smart enough to know that if you are collecting Health Data NOT linked to customer, you can't possibly be using it for Product Personalization and will reject your app. 🤣
Lol, oops. I was riffing off the top of my head and didn't put that together 🤣
I like it. It may be a bit of hassle but this is bringing another layer of safety for everyone. Less liabilities to data protection claims?
If App Store Connect can detect what APIs are being used why can’t it generate a manifest automatically?
i'm guessing that's because it's down to the devs to specify what the app is doing, it can't be one size fits all
Yup 👆
@@andreabottino2714 it could just autofill the APIs and let the dev specify the reason
iOS devs need to suffer 😂
First 🎉
damn, I am too late...
Gotta be quick
In other words, a shed load of time spent which will have no impact or value for 99.99% of all users, who don't even read the privacy nutrition labels. Thanks Apple!
We have become safer. Only without the IOS applications at all.
:pepeuwu:
🫡