Invalid privacy manifest

[akirmse]

I just submitted my app for Apple review, and I got the following back. That version of the app includes version 11.1.0 of the Mapbox SDK. Was this already fixed in 11.2.0?

ITMS-91056: Invalid privacy manifest - The PrivacyInfo.xcprivacy file from the following path is invalid: “Frameworks/MapboxCommon.framework/PrivacyInfo.xcprivacy”. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, keys and values in your app’s privacy manifest must be in a valid format. For more details about privacy manifest files, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files.

There were also several references to "ITMS-91053: Missing API declaration", but I can't tell which of these are from Mapbox, and which from other code. But here they are in case they're useful:

ITMS-91053: Missing API declaration - Your app’s code in the “Peakbagger” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “Peakbagger” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “Peakbagger” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “Peakbagger” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

[sebarina]

We received the same Email after submitting a testflight version

[bryanmalaluan]

We also received the same email earlier today

[marcoboerner]

+1 Received an email with the same first paragraph and two warnings, referring to our app for NSPrivacyAccessedAPICategoryFileTimestamp and NSPrivacyAccessedAPICategorySystemBootTime. However, it seems those come from Mapbox or another dependency Mapbox uses.

[persidskiy]

@akirmse Thank you for reporting the issue, we are working on it.

[hexadecy]

I hope it will be backported to v10.

[persidskiy]

@akirmse @bryanmalaluan @marcoboerner Hi, can you try to upload the build again, using the 11.2.0 version?

I've tried to upload the bare bone iOS app using the Maps SDK and don't see any of those errors.

[persidskiy]

Also, do you use the Navigation or Search SDKs?

[akirmse]

It will probably be another week or two before I have a build ready to submit. I don't use the Navigation or Search SDKs.

[cixio]

I've tried to upload the bare bone iOS app using the Maps SDK and don't see any of those errors.

you need to submit for review then you instantly get an email with the messages above.

[james-wag]

It appears the Mapbox frameworks need to add a PrivacyInfo.xcprivacy file to their XCode projects and add the 2 Keys to it explaining what the system boot time and file creation date APIs it's using are for. See https://developer.apple.com/documentation/bundleresources/privacy_manifest_files

[connorpmullins]

Hopping into this comment thread to say that v10 seems to have a PrivacyInfo.xcprivacy file starting with 10.16.1: https://github.com/mapbox/mapbox-maps-ios/releases/tag/v10.16.1

I'm updating to this build for our app now to see if it works. If anyone has already tried to submit with this version, LMK.

[connorpmullins]

No, actually I must be wrong about the root cause. Looking at our MapboxCommon framework, the PrivacyInfo.xcprivacy file is present. The error message specifically states ITMS-91056: Invalid privacy manifest - The PrivacyInfo.xcprivacy file from the following path is invalid: "Frameworks/MapboxCommon.framework/PrivacyInfo.xcprivacy".

So either the file format is incorrect or the path is incorrect, but the file is present. I don't which is more likely.

@persidskiy - I just want to chime in to say that we desperately need v10 support for this as we have 3rd party dependencies that are not yet Mapbox v11 compatible.

[persidskiy]

Hi all, the fix is released in 11.3.0-rc.1. Please, test this out and provide us with the feedback.

The v10 release with the fix is coming next week.

[connorpmullins]

Thank you!! 🙇

[persidskiy]

Hi all, the 10.17.0 with the fix is released.

I am closing the issue. Please reopen if you encounter similar issues.

[JackJBlundell]

For anybody experiencing this using MapboxNavigation, make sure you use 2.18!

MapboxNavigation", "~> 2.18"

To your podfile.

[AndrewGable]

Can anyone link the commit or fix for this? I was having trouble finding it in the release diff.

We are suddenly seeing an "invalid binary" when uploading to App Store Connect and use a bespoke solution that is blocked on updating SDK versions. Thank you 🙏

[mn288]

@persidskiy version 11.2.0 just popped with the same original error today too... care to extend the fix for this version too as we can't yet update to version 11.3.0 with its breaking changes.

[tPiffrader]

@persidskiy How about the Search SDK MapboxSearch ? I am using version 2.0.1 and get this message from apple: ITMS-91064: Invalid tracking information - A PrivacyInfo.xcprivacy file contains invalid tracking information at the following path: “Frameworks/MapboxCoreSearch.framework/PrivacyInfo.xcprivacy”. NSPrivacyTracking must be true if NSPrivacyTrackingDomains isn‘t empty. Keys and values in your app’s privacy manifest must be valid.

[santoso8118]

Hi @JackJBlundell : I am currently using MapboxNavigation version 2.17.0, it's linked to mapbox-maps-ios to 10.16.4 now. Can I just upgrade dependency of mapbox-maps-ios to 10.17.0 without upgrade MapboxNavigation 2.18?

Does MapboxNavigation 2.17.0 compatible with mapbox-maps-ios to 10.17.0 ? If it not compatible. Is there any way to fix this issue in mapbox-maps-ios to 10.16.4?

Thank you!