Guideline 5.1.1

Guideline 5.1.1 - Privacy: Missing Privacy Manifest (PrivacyInfo.xcprivacy)

Low RiskEasy0 Reports

Our Take

Your app is missing a PrivacyInfo.xcprivacy file. Since Spring 2024, Apple requires all apps to include a privacy manifest declaring required reason API usage, tracking status, and collected data types.

Resolution Guide

01

**Create the privacy manifest file** — In Xcode, go to File → New → File → App Privacy. This creates `PrivacyInfo.xcprivacy` in your project. Make sure it's added to your app target (check Target Membership in the File Inspector).


02

**Declare required reason API usage** — Add entries to `NSPrivacyAccessedAPITypes` for each required-reason API your app uses:

  • `UserDefaults` → Category: `NSPrivacyAccessedAPICategoryUserDefaults`, Reason: `CA92.1` (access app-specific data)
  • - `File timestamp` → Category: `NSPrivacyAccessedAPICategoryFileTimestamp`, Reason: `C617.1` or `DDA9.1`

    - `System boot time` → Category: `NSPrivacyAccessedAPICategorySystemBootTime`, Reason: `35F9.1`

    - `Disk space` → Category: `NSPrivacyAccessedAPICategoryDiskSpace`, Reason: `E174.1`

    03

    **Set tracking declaration** — Set `NSPrivacyTracking` to `false` unless your app uses ATT (App Tracking Transparency). If you do track, set to `true` and ensure you call `requestTrackingAuthorization`.


    04

    **Declare collected data types** — Add entries to `NSPrivacyCollectedDataTypes` listing what data your app collects (location, health, contacts, etc.), whether it's linked to the user, and the purpose of collection.


    05

    **Verify third-party SDK manifests** — Check that all third-party SDKs (Firebase, Facebook, etc.) ship their own privacy manifests. Update SDKs to latest versions — most major SDKs added manifests in early 2024.


    06

    **Test the manifest** — Build and run your app. In Xcode 15+, go to Product → Generate Privacy Report to verify all required-reason APIs are declared.

    Prevention:

  • Add `PrivacyInfo.xcprivacy` as part of initial project setup
  • Review the manifest whenever adding new SDKs or APIs
  • Use Xcode's Privacy Report feature in CI to catch missing declarations
  • Community Solutions · 0

    Sign in to share your solution.

    More Guideline 5 (Legal) rejections

    View all Guideline 5 rejections