May 2024 iOS privacy manifest requirements tracking issue
Problem
UPDATE We now have guide on how to add a privacy manifest via your app config (app.json / app.config.js). --- Overview Recently, Apple announced that, starting May 1, they would start enforcing that all new apps and updates must declare approved reasons for using specific APIs in a privacy manifest, preventing uploads to TestFlight if the requirement is not met. These requirements also apply to 3rd party SDK's, with specific SDK's identified by Apple requiring a signature in addition to the manifest. If you submitted to TestFlight after March 13th, you may have received an email from Apple with an "ITMS-91053" warning, indicating that they found API usage matching an `NSPrivacyAccessedAPI` category in your app that will require these changes in order to meet the requirements after May 1st (common categories might include `NSPrivacyAccessedAPICategoryDiskSpace` and `NSPrivacyAccessedAPICategoryFileTimestamp`). What Expo is doing about it Expo engineers are actively engaged with this issue, doing everything in our power ensure that your app submissions continue uninterrupted despite the relatively short notice: - Adding privacy manifests to all affected modules maintained by Expo - Tracking progress on key dependencies not maintained by Expo (e.g., this PR to add the manifest to `react-native`) and ensuring our version validation is updated accordingly as these updates go live. - Providing guidance on how to add the privacy manifest to community-maintained modules - Prov
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Implement Privacy Manifest for iOS App Compliance
The issue arises from Apple's new requirement for apps to declare approved reasons for using specific APIs in a privacy manifest. Failure to comply results in rejection of app submissions to TestFlight, especially for apps utilizing certain APIs identified by Apple.
Awaiting Verification
Be the first to verify this fix
- 1
Update app configuration
Modify your app's configuration file (app.json or app.config.js) to include the privacy manifest. This is essential for compliance with Apple's requirements.
json{ "expo": { "privacyManifest": { "NSPrivacyAccessedAPICategoryDiskSpace": "Reason for accessing disk space", "NSPrivacyAccessedAPICategoryFileTimestamp": "Reason for accessing file timestamps" } } } - 2
Identify affected APIs
Review your app's codebase to identify any APIs that fall under the NSPrivacyAccessedAPI categories. Ensure that all such APIs are declared in the privacy manifest.
javascript// Example of API usage const diskSpace = await getDiskSpace(); // Ensure this is declared in the privacy manifest - 3
Check third-party SDKs
If your app uses third-party SDKs, verify that they comply with the new privacy manifest requirements. Contact the SDK vendors if necessary to ensure they provide the required signatures.
javascript// Check for SDK compliance import { SomeSDK } from 'some-sdk'; SomeSDK.initialize(); // Ensure this SDK is compliant - 4
Test the app locally
Run your app locally to ensure that the privacy manifest is correctly implemented and that there are no runtime errors related to API access.
bashexpo start - 5
Submit to TestFlight
Once the privacy manifest is correctly implemented and tested, submit your app to TestFlight to ensure compliance with Apple's requirements.
bashexpo upload:ios
Validation
To confirm the fix worked, check for the absence of the ITMS-91053 warning in your email after submitting to TestFlight. Additionally, ensure that the app functions correctly without runtime errors related to API access.
Sign in to verify this fix
Environment
Submitted by
Alex Chen
2450 rep