Your App Will Get Rejected | New Privacy Rules

Your App Will Get Rejected | New Privacy Rules - 2024

Рет қаралды 35,248

Күн бұрын

As of May 1st, 2024 Apple implemented new privacy requirements for all new apps and app updates. These rules require a privacy manifest for popular third party SDKs and your app if you are using a required reason API. UserDefaults is a required reason API so this will affect the vast majority of us.
I show you how to create a privacy manifest in Xcode to fix this issue so can get through app review and get your app on the App Store.
My iOS Dev Courses:
seanallen.teachable.com/
Privacy Updates for App Store Submissions:
developer.apple.com/news/?id=...
Upcoming third-party SDK requirements:
developer.apple.com/support/t...
Describing use of required reason API:
developer.apple.com/documenta...
Describing data use in privacy manifests:
developer.apple.com/documenta...
My Source Code:
seanallen.teachable.com/p/sou...
X (Twitter):
Sean Allen - / seanallen_dev
Hired.com:
hired.com/x/1n01g
Book and learning recommendations that help out the channel if you decide to purchase (Affiliate Links):
Mark Moeyken’s SwiftUI Books:
www.bigmountainstudio.com/a/f...
Paul Hudson's Hacking With Swift:
gumroad.com/a/762098803
RocketSim - Enhance Your Xcode Simulator:
gumroad.com/a/51797971/ftvbh
Objc.io Books (Thinking in SwiftUI & Advanced Swift):
gumroad.com/a/656585843
Timestamps:
0:00 - New App Store Privacy Requirements
0:41 - New 3rd Party SDK Requirements
1:41 - Does this apply to you?
3:06 - What to do about it.
4:45 - Privacy Manifest - User Defaults fix example
5:38 - Required Reasons APIs
8:10 - Your App's Privacy Collection (Health example)
10:39 - Generate Privacy Report in Xcode
#swift #softwaredeveloper #iosdeveloper

Пікірлер: 170

@seanallen 3 ай бұрын

Learn more iOS Dev with my Swift, SwiftUI & UIKit courses at seanallen.teachable.com

@K-ti2bb 2 ай бұрын

What if I use user's location and I don't store it. Do I still have to add it in the list?

@AivarsMeijers 3 ай бұрын

I was lazy and just waited on video from you to fix this in my projects :) Thank you!

@seanallen 3 ай бұрын

Glad I could help, Aivars :)

@chmiiller 3 ай бұрын

thanks Sean, amazing video! There's no content like this on the web, please keep on posting

@seanallen 3 ай бұрын

Thanks, will do!

@maestrogoldring1094 3 ай бұрын

Thanks for breaking this down. Sometimes I have a hard time keeping up with these updates from Apple

@seanallen 3 ай бұрын

It's damn near a full-time job...

@dj_256 3 ай бұрын

I'm an Android dev and dont worry, we are lost too

@peterpaniccc 3 ай бұрын

I develop for android and iOS. I’m a bit masochistic

@Paul-uo9sv 2 ай бұрын

@@peterpaniccc net MAUI?

@cider6371 3 ай бұрын

Thanks, it took some time dig around and figure of the structure when the notice first popped up, as well as needing to generate the privacy report manually. I thought the plist was be sufficient enough and that the report would be generated automatically. This'll help remove some confusion for some devs

@AriPace-xz1zj 3 ай бұрын

Great video, thanks. Can you confirm that existing apps are grandfathered in? I've seen conflicting information on this. Thanks!

@samirguerdah7363 3 ай бұрын

Thanks for sharing all of this valuable informations. I have a question please, it's not clear for me if the privacy Nutrition Label is required in the privacy ma manifest ? Thanks

@peterpaniccc 3 ай бұрын

Thank you. Awesome content. Unfortunately I watched this after figuring out myself, which was painful

@seanallen 3 ай бұрын

Ah, that sucks. It took me a while to read into this to sort of understand it (some of it is still a little vague)

@peterpaniccc 3 ай бұрын

@@seanallen yes, same. It's poorly done by Apple. Only look at the emails they send. It's a wall of text. I really thought my build was broken. In my opinion it causes too much confusion. In the end, it is a good thing, but the message could be delivered a bit more "politely" (sorry not a native speaker) Keep up the good work 💪

@manishparihar3361 3 ай бұрын

Thank you for sharing the updates🙌

@seanallen 3 ай бұрын

You bet!

@ilyabiltuev 2 ай бұрын

Thank you, Sean! Useful as always! 👏

@seanallen 2 ай бұрын

Glad you liked it!

@rivforest2395 3 ай бұрын

thanks for the clarity and explanation! 😀

@seanallen 3 ай бұрын

Glad it was helpful!

@karthikm.s.5150 3 ай бұрын

Thank you so much for this!

@alexblaga2297 3 ай бұрын

Thank you! really useful and a great explanation!

@seanallen 3 ай бұрын

Glad it was helpful!

@NguyenThanh-zi2po 3 ай бұрын

I have 2 app. The 1st app is a framework. I build it in release mode. And "pod install" it for my 2nd app like install Firebase sdk... I only install 1st app(framework) for 2nd app. Not public my 1st app. Should i create privacy manifests file for the 1st app?

@mskr1451 3 ай бұрын

Thanks Sean, Nicely explained, I guess signature part is missing that also mandatory for xcframeworks

@seanallen 3 ай бұрын

Yes, 3rd party SDKs that are on that list will need a signature.

@borto_ale 3 ай бұрын

Great video, saved me a lot of time! But i have a question: why isn’t the app privacy report on the app store automatically filled in based on the plist file? Do I really need to copy paste everything manually from the Xcode generated pdf?

@seanallen 3 ай бұрын

I believe so at this point. This is all brand new stuff. The idea for the privacy report is to help you fill out your privacy info on the App Store. Before the privacy report you just had to guess what the 3rd party SDKs were doing.

@VishnuvardhanNasina 3 ай бұрын

Hi, Is it applicable to MDMs also? or just for store submissions?

@chuanpham3541 3 ай бұрын

Super helpful, thank you!!!

@seanallen 3 ай бұрын

Glad it was helpful!

@0xjorgev 3 ай бұрын

Thanks for the detail explanation Sean!

@seanallen 3 ай бұрын

Happy to help!

@salcataudella4517 2 ай бұрын

You never described how to add third party SDK pod privacy info to the app's privacy.xcprivacy file, in case the third party pod does not have a privacy manifest. Should we just figure out what the SDK does and 'wing it' in the app's .xcprivacy file?

@ShinigamiTodesengel 3 ай бұрын

Thank you very much. This video was very helpful for me ❤

@seanallen 3 ай бұрын

You're welcome 😊

@HiteshKumar-qr4kc 3 ай бұрын

Thanks for sharing great knowledge Sean. I have this confusion, can you please help, If I have an app and I'm using one of the lib from the list so still I will have to update app with privacy file? OR only if I'm submitting a new app or adding any new lib?

@seanallen 3 ай бұрын

If you are using a required reasons API (like user defaults) then you have to add the privacy manifest no matter what. If you are using a 3rd party SDK that is on that list, the way I read the documentation (as I do in the video), they 3rd party SDKs have to have a privacy manifest when submitting a new app or if you add that SDK as an app update.

@brianabayne2543 3 ай бұрын

Thanks so much!! You are amazing ! 💥

@seanallen 3 ай бұрын

Glad it helped!

@nileshjdarji 3 ай бұрын

Very Nice. I am going to use this as a tutorial to update my pList on my next app update. Thank you for such a nice detailed video. Appreciate it a lot.

@seanallen 3 ай бұрын

Happy to help, Nilesh. It was actually quite simple to implement. The tricky part was understanding what's required.

@nileshjdarji 3 ай бұрын

@@seanallen Absolutely. Also I have a question on Deep dish swift. I will DM you on twitter.

@etaosin 3 ай бұрын

thx for this material. your news are helpful a lot

@seanallen 3 ай бұрын

Happy to help.

@messidsa1092 3 ай бұрын

after make the file should upload the file manifest? and where?

@captainmichaelj2321 3 ай бұрын

Thanks so much for the content, as usual. I do have some legacy libraries which are not really maintained, can I still use them by declaring what they are tracking and putting them manually into the privacyInfo? Most of my libraries are ones mentioned by Apple, e.g Firebase, but I do use uncommon ones.

@seanallen 3 ай бұрын

I mention this in the video, but if your app is already on the App Store and is using these libraries, you don't have to do anything. You're grandfathered in. It only applies if you are submitting a brand new app or adding one of those SDKs in an app update.

@captaintech8337 2 ай бұрын

Awesome, thank you for the valuable information.

@seanallen 2 ай бұрын

Glad it was helpful!

@azimjondev 3 ай бұрын

Hello, is it possible to create this file and fill in the data in the project and upload the app to the appstore? Do we not need to send the reported .pdf file to another place?🙄

@franksolleveld2909 3 ай бұрын

Thanks Sean! Very nice.

@seanallen 3 ай бұрын

Glad you liked it!

@amor35 3 ай бұрын

Thank you Sean. Much easeier than Apple docs.

@seanallen 3 ай бұрын

Happy to help

@user-pt8ni4ke2i 2 ай бұрын

thank you, I am soon publishing my first iOS app to App Store and this is helpful. Is it required for uploading app in TestFlight also?

@seanallen 2 ай бұрын

This is not required for Test Flight (as far as I know)

@abhishekpednekar211 3 ай бұрын

You're a saviour! Thanks for the clarity :)

@seanallen 3 ай бұрын

No worries!

@abhishekpednekar211 3 ай бұрын

@@seanallen I followed the tutorial step by step. 1. Added Privacy manifest. 2. Added key 'Privacy Accessed API Types' with type 'User Defaults' (Used Key from Apple's website) 3. Added Reason (CA92.1) 4. Submitted the build to appstore After doing these steps I still got the mail from Apple saying - ITMS-91053: Missing API declaration- Your app’s code in the “xyz” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. Am I missing any step here?

@abhishekpednekar211 3 ай бұрын

@liang0 3 ай бұрын

this is super useful, thanks so much!

@seanallen 3 ай бұрын

Glad it was helpful!

@azimjondev 3 ай бұрын

@@seanallen 🤫 errorMessage: print("copy paste answer or duplicated") 🥶🥶🥶

@user-rt8up3fo3m 3 ай бұрын

Thanks for the info., I would be lost without this...

@seanallen 3 ай бұрын

Glad to help

@Nithinkozhikode 3 ай бұрын

Thanks for sharing! 🙌🏻

@seanallen 3 ай бұрын

Happy to help.

@iwillburn 3 ай бұрын

Thanks Bud!

@Plain-snippet 3 ай бұрын

Thanks for the info ℹ️ 🙏

@seanallen 3 ай бұрын

No problem 👍

@MassonLifestyle 3 ай бұрын

Thanks for this video. Somewhat overwhelmed with all this things I have to do for JUST one app. I get it, it's all for privacy but I feel like I'm going to need to put in a check list of all the things that I need to review before I submit an app to the App Store. Or is there such a list?!

@seanallen 3 ай бұрын

Sadly, that's the facts of life as an iOS dev. It gets more complex year after year.

@MassonLifestyle 3 ай бұрын

@@seanallen it does!

@toadlguy 3 ай бұрын

Of course, in this case, you could not collect user identifiable information 😀

@alejandrotevez6302 3 ай бұрын

Im about to launch an app and sometimes I get so much into the bone that I forget to check on those kinds of details. You are a saint for breaking this stuff down, INSTANT SUBSCRIBE :D

@seanallen 3 ай бұрын

Happy to help and welcome to the channel :)

@user-gt2uz9jn7e 3 ай бұрын

Thanks a lot!!! 🙌

@seanallen 3 ай бұрын

Happy to help!

@KanyantaMubanga 3 ай бұрын

Thanks Sean!

@seanallen 3 ай бұрын

No worries!

@sunbrite12 2 ай бұрын

Thanks fro sharing!

@seanallen 2 ай бұрын

You bet!

@dineshvijaykumar4237 3 ай бұрын

Just to clarify, this only applies if you are making a new update to your app or creating a new one? i.e. If I have an app currently on the store that uses UserDefaults and requires location updates, do I need to update it with the new privacy manifest file now? Or do I only need to do it when I make an update to the store?

@seanallen 3 ай бұрын

Right. Your next update will be rejected if you don't have a privacy manifest. But if you never update the app, then you won't have to do anything.

@toadlguy 3 ай бұрын

It should be noted that, although a PIA for developers, this is a good thing and is trying to avoid the use of 3rd party APIs collecting data and avoiding any need to report it to the user, even without the developers knowledge (as well as generally make the Privacy Nutrition labels better).

@seanallen 3 ай бұрын

Exactly.

@vladimirmoor 3 ай бұрын

thanks a lot!

@seanallen 3 ай бұрын

Happy to help

@subinsuresh3234 3 ай бұрын

We have an app which uses lot of inactive SDKs now(Last updated around 3-4 years ago), and getting email for Required reasons APIs. What should I do if I need to release some app updates?

@seanallen 3 ай бұрын

As I read the documentation, you will need to include a privacy manifest in your app and declare that you are using the required reason API for. You will need to do your best to understand WHAT those 3rd party SDKs is using it for and declare the proper reason.

@subinsuresh3234 3 ай бұрын

@@seanallen So I need to add the required reasons API details in my privacy manifest file on behalf of the inactive SDKs?

@software-sage 3 ай бұрын

Great overview for the new privacy rules. Apple is trying to confuse us. This breaks it down very clearly.

@seanallen 3 ай бұрын

Happy to help!

@pritamsarkar7879 3 ай бұрын

1 question: I am currently building an app for launching in the App Store. My question is my app sign in /sign up from the backend data fetch by firebase, then how can I fatch these in the future and what will be the alternatives? AppAuth is also in the list. Love from 🇮🇳

@seanallen 3 ай бұрын

You can still use the FirebaseSDK. I assume Firebase is updated often enough that they most likely already have the privacy manifest implemented. You would have to check their repo (like I mention in the video). But if they updated it, you should be fine as long as you're using the latest version of the package.

@bolloj7250 3 ай бұрын

If the 3rd party SDKs have not included the privacy manifest, can you cover them in your own app's manifest file? For example if a 3rd party is using UserDefaults without the manifest file, can I include its use of UserDefaults in my app's privacy manifest?

@seanallen 3 ай бұрын

I believe so. Remember, this is all brand new so no one has experience with this yet. But as I read the documentation, I believe that's true.

@bolloj7250 3 ай бұрын

@@seanallen Thank you for your response, i suppose we have to try and find out. Apple docs were a bit vague

@RussChannel13 3 ай бұрын

Thanks for sharing Sean, but why so stress-inducing title ?!

@seanallen 3 ай бұрын

The game of KZbin, my friend.

@toadlguy 3 ай бұрын

Hopefully some day, KZbin (and other Social Media sites) will realize the people are being manipulated in ways that are distinctly NOT positive and show some actual responsibility 😉

@masteringreactnative 3 ай бұрын

We added facebook sdk to our react native expo app, how should we go about fixing this in react native?

@seanallen 3 ай бұрын

I've never built anything in ReactNative, so I can't say.

@tokero5199 3 ай бұрын

So does this replace all the clicking on app store connect that we previously had to do to create the privacy nutrition labels?

@seanallen 3 ай бұрын

No. the privacy report that gets generated is just an aid to help all that clicking be more accurate.

@zacdemi 3 ай бұрын

@@seanallen Hopefully Apple makes nutrition labels automatically for us soon.

@seanallen 3 ай бұрын

@@zacdemi That would be ideal!

@tokero5199 3 ай бұрын

@@seanallen Ok thanks..

@khuongduongnguyen4306 2 ай бұрын

Cảm ơn Sean! Rất hữu ích

@Thehappiesthiccup 3 ай бұрын

Do you know of any other sources confirming that you’re grandfathered in if you your app is already in the store and uses those SDKs?

@seanallen 3 ай бұрын

You want another source other than Apple itself? developer.apple.com/support/third-party-SDK-requirements/#:~:text=SDKs%20that%20require%20a%20privacy%20manifest%20and%20signature&text=Starting%20in%20spring%202024%2C%20you,as%20part%20of%20the%20update.

@Danica-jh9jz 3 ай бұрын

@@seanallen sorry for the confusion, i still dont understand... what if i have an app that uses those sdk-s (and old app), and i want to release updates, but not adding any of those sdk-s, just to continue using them?

@seanallen 3 ай бұрын

According to that linked documentation, those SDKs only require a privacy manifest if you are submitting a new app to the app store that includes them OR if you are updating an existing app that is adding one of those SDKs.

@akashgaur-ie2bz 3 ай бұрын

I did all the things, declaring all privacy in the PrivacyInfo, but it still shows same issue while submitting the app.

@seanallen 3 ай бұрын

Tough to say what's going on without any more info. Are you using one of the SDKs on the list? What required reasons API are you using?

@akashgaur-ie2bz 3 ай бұрын

Yes

@devsda1 3 ай бұрын

If App Store Connect can detect what APIs are being used why can’t it generate a manifest automatically?

@andreabottino2714 3 ай бұрын

i'm guessing that's because it's down to the devs to specify what the app is doing, it can't be one size fits all

@seanallen 3 ай бұрын

Yup 👆

@devsda1 3 ай бұрын

@@andreabottino2714 it could just autofill the APIs and let the dev specify the reason

@peterpaniccc 3 ай бұрын

iOS devs need to suffer 😂

@user-mj6wk9pp9f 3 ай бұрын

I don't think it's true that this only applies if the app is just adding an SDK, or a new app, Apple's email implies differently. The SDKs that use these, that it is warning about, were not added be me. Similar comments can be seen elsewhere in the comment section.

@seanallen 3 ай бұрын

I read that right from Apple's documentation. To clarify, if you (or the 3rd party SDK) are using a "required reasons" API (like user defaults), you have to add the privacy manifest no matter what. The new app or adding an SDK into an app thing only applies to the 3rd party SDKs that are on that list. What does the email you received from Apple say?

@isurujn 3 ай бұрын

Thanks a lot of explaining all this, Sean. I was feeling a bit lost on this topic. On a related note. Is anyone else feeling like iOS development is becoming less fun due to these annoying grunt work? Setting up all the privacy nutrition labels on App Store Connect was tiresome enough. Now I have to do it in a plist AND do it in ASC again? You'd think ASC could simply automate this since we're supplying a damn plist with the app! Knowing how unreasonable and frustrating app reviewing can be, now I might have to face rejections due to the third-party SDKs as well. I haven't even thought about dealing with all the concurrency changes in the upcoming Swift version! I have half a mind to ditch iOS development and switch my stack altogether 😩

@seanallen 3 ай бұрын

It definitely gets more complex every year as Apple updates and builds new things. But I imagine other platforms deal with this as well. The only constant in technology is change.

@coffeeL-502 3 ай бұрын

thanks

@seanallen 3 ай бұрын

You're welcome!

@user-sz1ux9sm5c 3 ай бұрын

what if a third party used Userdefaults? Does the third party SDK should provide privacy manifest too?

@seanallen 3 ай бұрын

As far as I understand, yes. The SDKs should be updating their privacy manifests and if they use UserDefaults, that should be included.

@user-sz1ux9sm5c 3 ай бұрын

@@seanallen thanks, so if I've understood correctly, even though our SDK is not listed by Apple, If we use UserDefaults in our SDK we should provide privacy manifest file.

@seanallen 3 ай бұрын

This is all new, so I'm not 100% sure. But that's how I read it. As you saw, it's a very simple implementation, so it can't hurt to add it to your next update.

@user-sz1ux9sm5c 3 ай бұрын

@@seanallen lol no, I've already published it in jan release, now I was wondering whether was is necessary or not

@yashjain1144 3 ай бұрын

I have a question Our apps use alot of 3rd party SDKs. Is it possible to just add all the required reasons in the app's manifest file without having to upgrade the libraries?

@ChristopherCricketWallace 2 ай бұрын

It's a shame this isn't auto-generated by sniffing out which SDKs and APIs are used. At least make the first version and let us edit it before submission.

@msolak48 2 ай бұрын

Teşekkürler.

@seanallen 2 ай бұрын

I appreciate the generosity! Happy the video was helpful.

@msolak48 2 ай бұрын

@@seanallen I sent an update to my application today by watching your video and it was approved without any problems. Thank you for preparing such valuable and useful content.

@toadlguy 3 ай бұрын

Hopefully it will be smart enough to know that if you are collecting Health Data NOT linked to customer, you can't possibly be using it for Product Personalization and will reject your app. 🤣

@seanallen 3 ай бұрын

Lol, oops. I was riffing off the top of my head and didn't put that together 🤣

@Ali_55614 2 ай бұрын

Another reason I hate Apple as developer, nice video though, Thanks!

@samirguerdah7363 3 ай бұрын

Hello,

@andrewebling1961 2 ай бұрын

In other words, a shed load of time spent which will have no impact or value for 99.99% of all users, who don't even read the privacy nutrition labels. Thanks Apple!