The new Apple App Store review guidelines came into effect on May 1, 2024. If you encounter the following errors during submission for review:
ITMS-91053: Missing API declaration - Your app’s code in the APP NAME file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api
The explanation for the missing relevant API usage instructions in your project.
According to the Apple official documentation, it is now necessary to clearly state the purpose for accessing certain permissions, which include five main categories:
1. File timestamp APIs - Permissions related to reading file system timestamps
2. System boot time APIs - Permissions related to reading system boot time
3. Disk space APIs - Permissions related to reading disk information
4. Active keyboard APIs - Permissions related to reading keyboard information
5. User defaults APIs - Permissions related to reading user preferences
What we need to do is simply add the corresponding key-value pairs to an array. For better understanding, here is an example of the configuration structure for the User defaults permission, written in the form of an array or dictionary/Map, as in most programming languages.
The entire configuration is a JSON object named App Privacy Configuration. Inside the object, the key is called Privacy Accessed API Types, and the value is an array, as shown below:
# The structure in programming language terms
{
Privacy Accessed API Types: [
{
Privacy Accessed API Type: User Defaults,
Privacy Accesed API Reasons: [
"CA92.1: Access info from same app, per documentation"
]
}
]
}
The array value under the Privacy Accessed API Types key contains elements, where each element is a JSON object. This JSON object has two keys:
-
Privacy Accessed API Type - This key specifies the type of permission (referring to the five categories mentioned earlier).
-
Privacy Accessed API Reasons - This key explains the specific reason for using the permission, and its value is an array of strings.
Here’s the key point:
The final solution is as follows:
-
Open Xcode.
-
Go to the top menu: File -> New -> select File….
-
Choose the iOS tab.
-
Select App Privacy and click Next.
-
Make sure to save the file as PrivacyInfo.
After successfully creating the PrivacyInfo file, add the corresponding permission descriptions according to your app’s requirements. Below is an example based on my use of the Disk space APIs and User defaults APIs permissions.
Once you’ve added the necessary details, the final result should resemble the following:
This is the structure to follow when configuring the permissions.