If you develop a Felgo or Qt app for iOS and upload it to the app store via AppStore Connect, you may face a new Apple warning e-mail these days:
We noticed one or more issues with a recent submission for App Store review for the following app.
Although submission for App Store review was successful, you may want to correct the following issues in your next submission for App Store review. Once you've corrected the issues, upload a new binary to App Store Connect.
ITMS-91053: Missing API declaration - Your app’s code in the “iosproject” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code.
ITMS-91053: Missing API declaration - Your app’s code in the “iosproject” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code.
ITMS-91053: Missing API declaration - Your app’s code in the “iosproject” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code.
ITMS-91053: Missing API declaration - Your app’s code in the “iosproject” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code.
Apple Developer Relations
Without a proper fix, Apple has rejected app submissions to App Store Connect since May 1st.
Why is ITMS-91053 happening?
In an attempt to prevent fingerprinting, Apple recently added a new policy that requires you to provide a specific reason if you are using one of the APIs that Apple identified as a possible backdoor for fingerprinting. Fingerprinting refers to using specific APIs or device signals to uniquely identify a device or user for the purpose of tracking, even though users might not be aware of that.
While you may not use those APIs directly, Qt or any third-party framework integrated into your app may. Read on to learn how to fix the issue.
How to Fix ITMS-91053 in your Qt App
To fix the issue, you must provide a privacy manifest describing how your app uses those APIs.
If you don’t use any additional native functionality (or try to misuse APIs for fingerprinting 😉), you can follow these steps to ensure your app successfully uploads and validates after May 1st.
1. Create a file named PrivacyInfo.xcprivacy in the ios subfolder of your project.
Paste the following content to the file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSPrivacyAccessedAPITypes</key>
<array>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategorySystemBootTime</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>35F9.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>C617.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryDiskSpace</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>E174.1</string>
</array>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>CA92.1</string>
</array>
</dict>
</array>
</dict>
</plist>
The file lists particular APIs (like accessing UserDefaults) and reasons for usage, which are added as string keys (like CA92.1
). You can also open the generated project file in Xcode and review and adapt those with a user-readable string:
Here we see that we may access UserDefaults for the purpose of accessing stored info from the same app.
Please carefully read about the reasons for using the APIs and optionally adapt if you use them in any other way.
2. Deploy and ship the file within your app bundle:
For Felgo 4 and CMake-based projects, add the following lines to your CMakeLists file (replace <TARGET_NAME> with your app’s target name):
if(CMAKE_SYSTEM_NAME STREQUAL "iOS")
# Include PrivacyInfo.xcprivacy file
target_sources(<TARGET_NAME> PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}/ios/PrivacyInfo.xcprivacy")
set_source_files_properties("${CMAKE_CURRENT_SOURCE_DIR}/ios/PrivacyInfo.xcprivacy" PROPERTIES MACOSX_PACKAGE_LOCATION Resources)
endif()
For Felgo 3 and qmake-based projects, add the following lines to your project file:
ios {
# Include PrivacyInfo.xcprivacy file
privacy_info.files = $$PWD/ios/PrivacyInfo.xcprivacy
privacy_info.path =
QMAKE_BUNDLE_DATA += privacy_info
}
3. Optional: Third-Party Frameworks
If you are using a third-party framework, like one shipped with the Felgo Plugins, make sure to provide a privacy manifest file from the third party as well.
That’s it. Build and deploy your application as usual; the errors are gone.
Hint: If you are building for macOS and distributing your application via the app store, you can apply steps similar to those listed above for iOS.
Felgo SDK Update
With Felgo SDK, you are covered with the upcoming 4.2.0 release. We will adapt our project wizards accordingly, so you don’t have to update the project file for your new Felgo projects.
We will also iterate our Felgo Plugins to include the required privacy manifest files for third-party frameworks.
More Information
For more details about this policy, including a list of required reason APIs and approved reasons for usage, you can check out Apple’s documentation here: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api
Please carefully read about the reasons for using the APIs and optionally adapt if you use them in any other way, as described above.
If you have more questions and are looking for iOS and Qt consulting, please contact us here:
More Posts like This
Qt on iOS and the ITMS-90338 Non-Public API usage for __ZN3WTF8pageSizeEv