Guideline 5.1.1
Guideline 5.1.1 - Privacy: Missing Privacy Manifest (PrivacyInfo.xcprivacy)
Low RiskEasy0 Reports
Our Take
Your app is missing a PrivacyInfo.xcprivacy file. Since Spring 2024, Apple requires all apps to include a privacy manifest declaring required reason API usage, tracking status, and collected data types.
Resolution Guide
01
**Create the privacy manifest file** — In Xcode, go to File → New → File → App Privacy. This creates `PrivacyInfo.xcprivacy` in your project. Make sure it's added to your app target (check Target Membership in the File Inspector).
02`UserDefaults` → Category: `NSPrivacyAccessedAPICategoryUserDefaults`, Reason: `CA92.1` (access app-specific data)
**Declare required reason API usage** — Add entries to `NSPrivacyAccessedAPITypes` for each required-reason API your app uses:
- `File timestamp` → Category: `NSPrivacyAccessedAPICategoryFileTimestamp`, Reason: `C617.1` or `DDA9.1`
- `System boot time` → Category: `NSPrivacyAccessedAPICategorySystemBootTime`, Reason: `35F9.1`
- `Disk space` → Category: `NSPrivacyAccessedAPICategoryDiskSpace`, Reason: `E174.1`
03
**Set tracking declaration** — Set `NSPrivacyTracking` to `false` unless your app uses ATT (App Tracking Transparency). If you do track, set to `true` and ensure you call `requestTrackingAuthorization`.
04
**Declare collected data types** — Add entries to `NSPrivacyCollectedDataTypes` listing what data your app collects (location, health, contacts, etc.), whether it's linked to the user, and the purpose of collection.
05
**Verify third-party SDK manifests** — Check that all third-party SDKs (Firebase, Facebook, etc.) ship their own privacy manifests. Update SDKs to latest versions — most major SDKs added manifests in early 2024.
06Add `PrivacyInfo.xcprivacy` as part of initial project setup Review the manifest whenever adding new SDKs or APIs Use Xcode's Privacy Report feature in CI to catch missing declarations
**Test the manifest** — Build and run your app. In Xcode 15+, go to Product → Generate Privacy Report to verify all required-reason APIs are declared.
Prevention:
Community Solutions · 0
Sign in to share your solution.
More Guideline 5 (Legal) rejections
- Guideline 5 - Legal: Remove Watermark Feature
- Guideline 5.1.1 - Data Collection and Storage: Incomplete Privacy Manifest
- Guideline 5.1.1 - Data Collection and Storage: Missing Purpose Strings
- Guideline 5.1.1 - Data Collection and Storage: Privacy Manifest Missing
- Guideline 5.1.1 - Data Collection and Storage: Privacy Nutrition Label Mismatch
- Guideline 5.1.1 - Data Collection and Storage: Privacy Policy