I just received a strange alert from Apple after my app uploaded successfully. Has anyone encountered this before?
The alert mentions that my app lacks API declarations for:
NSPrivacyAccessedAPICategoryFileTimestampNSPrivacyAccessedAPICategorySystemBootTimeNSPrivacyAccessedAPICategoryDiskSpaceNSPrivacyAccessedAPICategoryUserDefaults
Apple stated that I must include a NSPrivacyAccessedAPITypes array in my privacy manifest file. This requirement starts on May 1, 2024, for new app submissions.
I’m puzzled because my app functioned correctly before, and I haven’t modified anything related to privacy APIs. The alert refers to my “Test” file, but I’m unsure what specific code is causing this issue.
Does anyone have advice on how to resolve this? Is it necessary for me to create a privacy manifest file now? What reasons should I use for these API categories?
This is Apple’s new privacy manifest requirement that caught many developers off guard. I went through the same thing last month when updating my productivity app. The confusing part is that these APIs might be used indirectly by third-party libraries or frameworks you’re using, which is why you’re seeing the warning even though you didn’t explicitly call them. You’ll need to create a PrivacyInfo.xcprivacy file in your project root. For each API category Apple flagged, you need to specify the reason code. Most common reasons are CA92.1 for UserDefaults (app functionality), DDA9.1 for DiskSpace (display to user), 35F9.1 for FileTimestamp (app functionality), and C617.1 for SystemBootTime (measuring time). Check your dependencies first though - many popular libraries have already updated their privacy manifests. If you’re using CocoaPods or SPM, updating might resolve some categories automatically. The requirement is mandatory now, so you’ll need to address it before your next submission gets approved.
yeah i got hit with this too couple weeks ago. super annoying cuz apple didnt give much warning. basically your third party sdks are probably using those apis without you knowing it. i had to dig thru all my pods to figure out which ones needed the manifest. firebase was one of the main culprits for me. just add the privacyinfo file and use the reason codes mike mentioned - worked for my app
Had this exact scenario happen with my last app update three months back. The tricky part is Apple’s tooling now scans your entire bundle including static libraries for API usage, so even legacy code or unused frameworks can trigger these warnings. What helped me was running a grep search through my project for the specific API calls - things like fileModificationDate, systemUptime, volumeAvailableCapacity, and NSUserDefaults usage. Often these are buried in utility classes or analytics SDKs you forgot about. For the privacy manifest, I found that most apps can safely use reason codes like 0A2A.1 for file timestamps related to bug reports, 85F4.1 for disk space to prevent crashes, and 8FFB.1 for boot time in crash reporting. The key thing is being accurate about your actual usage rather than guessing, because Apple may audit these declarations later. Also worth noting that if you have multiple targets or extensions, each might need its own privacy manifest depending on what APIs they access.