As many of us, recently, after submitting the build for TestFlight I have got the email which states:
ITMS-91053: Missing API declaration - Your app’s code in the “MyAppBinaryName” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.
My notice referenced following categories:
* NSPrivacyAccessedAPICategoryUserDefaults
* NSPrivacyAccessedAPICategoryDiskSpace
* NSPrivacyAccessedAPICategorySystemBootTime
* NSPrivacyAccessedAPICategoryFileTimestamp
I have read Apple docs on the topic and understand that the approach here is to add privacy manifest file with respective APIs declarations. That's clear. I have done so for "NSPrivacyAccessedAPICategoryUserDefaults" and it was no longer mentioned in the Apple's info. That was fine and clear.
However, my code doesn't directly use any APIs which were mentioned in https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api which leads me to the questions:
- Should the apps privacy manifest declare (or re-declare) APIs used by dependencies? It doesn't seem reasonable since SDKs has their own manifests...
- As the redeclaring reasons from 3rd party SDKs doesn't seem right to me - how can I find out which APIs in my app code are problematic? Are there any tools available that can do the same validation on my local dev machine?