An ITMS-91061: Missing privacy manifest rejection email looks as follows: ITMS-91061: Missing privacy manifest- Your app includes "<path/to/SDK>", which includes , an SDK that was identified in the documentation as a privacy-impacting third-party SDK. Starting February 12, 2025, if a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: https://developer.apple.com/support/third-party-SDK-requirements. Glossary ITMS-91061: Missing privacy manifest: An email that includes the name and path of privacy-impacting SDK(s) with no privacy manifest files in your app bundle. For more information, see https://developer.apple.com/support/third-party-SDK-requirements. : The specified privacy-impacting SDK that doesn't include a privacy manifest file. If you are the developer of the rejected app, gather the name of the SDK from the email you received from Apple, then contact the SDK's provider for an updated version that includes a valid privacy manifest. After receiving an updated version of the SDK, verify the SDK includes a valid privacy manifest file at the expected location. For more information, see Adding a privacy manifest to your app or third-party SDK. If your app includes a privacy manifest file, make sure the file only describes the privacy practices of your app. Do not add the privacy practices of the SDK to your app's privacy manifest. If the email lists multiple SDKs, repeat the above process for all of them. If you are the developer of an SDK listed in the email, publish an updated version of your SDK that includes a privacy manifest file with valid keys and values. Every privacy-impacting SDK must contain a privacy manifest file that only describes its privacy practices. To learn how to add a valid privacy manifest to your SDK, see the Additional resources section below. Additional resources Privacy manifest files Describing data use in privacy manifests Describing use of required reason API Adding a privacy manifest to your app or third-party SDK TN3182: Adding privacy tracking keys to your privacy manifest TN3183: Adding required reason API entries to your privacy manifest TN3184: Adding data collection details to your privacy manifest TN3181: Debugging an invalid privacy manifest

General: Forums topic: Privacy & Security Forums tag: Privacy Developer > Security — This also covers privacy topics. App privacy details on the App Store UIKit > Protecting the User’s Privacy documentation Bundle Resources > Privacy manifest files documentation TN3181 Debugging an invalid privacy manifest technote TN3182 Adding privacy tracking keys to your privacy manifest technote TN3183 Adding required reason API entries to your privacy manifest technote TN3184 Adding data collection details to your privacy manifest technote TN3179 Understanding local network privacy technote Handling ITMS-91061: Missing privacy manifest forums post Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

version: iOS 17+ When requesting Photo Library access on iOS, the system displays a standard permission dialog. I just wanna save a image to user's photo library. Is it possible to replace or customize this system permission popup with a fully custom-designed UI? If customization is not allowed, is the recommended approach to first present a custom explanatory popup or screen and then trigger the system permission dialog?

Hello, I am looking for guidance on how to pre-provision TCC permissions for automated desktop app testing on the macOS 27 beta. We have maintained a CI testing setup by saving snapshots of VMs with pre-configured user TCC databases. This allowed our UI tests to run without being blocked by permission prompts. This included permissions like screen recording, full disk access or apple events. On the macOS 27 beta, this workflow appears completely broken. While the system TCC database seems to function as it used to, the user TCC database has been moved into a ProtectedSystem container. Direct modifications to the user database now seem impossible. Is there any officially supported way to pre-provision user-level TCC permissions on macOS 27 VMs for automated CI environments? Is Apple's intention here that the system DB is the only one that's actually editable (with SIP disabled)? How does Apple recommend CI platforms handle user-level permission prompts in headless or automated VM environments moving forward? Any insights or recommended alternative workflows would be greatly appreciated. Thank you!

so the app is free to download . the first use is free for two days . We want to send a reminder to them via email. some are installing (67%) but not returning to use the free credit. what is the policy on getting the apple id from apple. do we have to ask the user for the id at install and then disclose that its for tracking purposes and to inform about future promo's . the id will not be shared with third parties

With Siri AI and App Intents, we can surface content from apps. Can we add guardrails or configure what Siri can or cannot say when dictating content?

I am developing a navigation application. My goal is for this navigation app to also work in the background and provide the user with real-time directional updates. When apps request access to location services, users see a TCC (Transparency, Consent, and Control) prompt. This prompt allows the user to choose under what conditions the app can access location services (for example: “While Using the App”, “Always”, etc.). If the user selects the “While Using the App” option, can the navigation app still access location in the background and provide directional information to the user? Is something like this technically possible? Does Apple allow this behavior for navigation apps or similar use cases?

I have a swift app which I'm running via a LaunchAgent. It sends a video feed via multicast UDP. While it works if I manually allow via Privacy & Security - Local Network (allowing the app to find devices on local network), I cannot get AllowedEthernetLocalNetworkAddresses to work. I have attempted to do so with my app and with ffmpeg (installed via homebrew). Neither seems to respect the AllowedEthernetLocalNetworkAddresses setting outlined in TN3179: Understanding local network privacy | Apple Developer Documentation. I have attempted allowing 239.0.0.0/8, 224.0.0.0/4, 239.255.0.0/16, 239.255.1.1/32. I see no change after a reboot with any of these values in the array: sudo defaults write com.apple.network.local-network AllowedEthernetLocalNetworkAddresses -array "239.0.0.0/8" This is on macOS 26.5.1, and I am only connected via ethernet. Am I missing a configuration piece? Thanks!

Hello everybody, in my React Native-Expo-Firebase app, I am trying to integrate Sign in with Apple, along with the related token revocation at user deletion. I did succeed in integrating the login, and the app correctly appears in the Apple Id list (the list of apps currently logged with Apple ID). The problem is that, if I select the app and press "Interrupt Apple login usage for this app", the app simply stays there, nothing happens. If I do the same with another app, this works fine. Either if I do this via my iPhone's settings, or via https://account.apple.com/account/manage -> Sign in with Apple, I get the same result, the app cannot be removed. I hope I managed to explain my situation clearly, I'd be happy to provide more info if necessary. Thank you in advance.

Hello Developers, I have ran into a problem while sending mail to apple private relay email. We have built a mobile application where user can sign up through apple and they can sign up using hide-my-email feature. Which provides private relay address for us. Now we want to communicate with them using private relay mail address. The technology we are using to send emails are amazon SES, have done SPF, DMIK, DMARC and added domains in apple identity services for mail communication, passed an SPF check as well. But still mail is not getting delivered what am i doing wrong or apple doesn't support third party apps for sending emails to private relay? Is there any other way to achieve this please let me know Using the same body as attached in image is working fine for rest emails.

As an iOS developer, what should I make sure of so users can clearly see that privacy is considered in my app?

in iOS26.4, after installing the app for the first time, opening the app and clicking on the UITextField input box will trigger the system to pop up the network permission application interface. This issue did not exist before iOS 26.3, only in iOS 26.4. This is a fatal bug where the network permission request box should not pop up when the developer has not called the network related API.

Hello Everyone I'm encountering a problem with the Apple Mail Private. I created a website with the possibility to log in with apple account and apple gives the possibility to privatize the mail address with xxxxx@privaterelay. appleid.com but also blocked the mail come from my server. In the log I get the error: relay=smtp3.privaterelay. appleid.com[17.56.9.14]:25, delay=2.4, delays=0.11/0/1.8/0.48, dsn=5.1.1, status=bounced (host smtp3.privaterelay. appleid.com[17.56.9.14] said: 550 5.1.1 mymail@mail. com: unauthorized sender (in reply to RCPT TO command)) How can I fix it ?

Hi, We've implemented age assurance logic in our app using the DeclaredAgeRange framework to comply with regulations in Brazil (Digital ECA, effective March 17, 2026) and Utah (App Store Accountability Act, effective May 6, 2026). Our implementation calls AgeRangeService.shared.isEligibleForAgeFeatures on app launch to determine whether the current user is subject to age assurance requirements, and proceeds to call requestAgeRange(ageGates:) accordingly. However, after monitoring in production since the Brazil enforcement date, we've consistently observed isEligibleForAgeFeatures returning false for users in regulated regions, with no age range data being returned. What we'd like to clarify: Is isEligibleForAgeFeatures currently returning true for users in Brazil in production (not sandbox)? For Utah — given that HB 498 pushed the developer compliance deadline to May 6, 2027, will isEligibleForAgeFeatures reflect the original May 6, 2026 activation date or the revised 2027 date? Is there a known rollout schedule or gradual activation plan for these regions that would explain why the flag remains false even after the legal enforcement dates have passed? We've seen similar reports from other developers on these forums, so it seems this may be a widespread issue rather than an implementation problem on our end. Any official guidance on the current status of the API in regulated regions would be greatly appreciated. Thanks.

My app needs both Accessibility and Input Monitoring permissions. Accessibility works as expected - calling AXIsProcesstrusted() automatically adds the app to System Settings > Privacy & Security > Accessibility, and the user just needs to toggle it on. Input Monitoring doesn't behave the same way. I'm calling CGRequestListenEventAccess() and creating a CGEvent.tapCreate(.listenOnly), but the app doesn't reliably appear in the Input Monitoring list. The user opens the pane and sees nothing to enable. What I've tried: CGRequestListenEventAccess() — shows the system prompt once per install, but doesn't always add the app to the list CGEvet.tapCreate(tsp: .cgSessionEventTap, place: .headInsertEventTap, options: listenOnly, ...) — returns nil before Accessibility is granted; after Accessibility is granted, the tap succeeds but the app still may not appear in the Input Monitoring list Calling both after Accessibility is confirmed, with a delay before opening the Settings pane The flow: User grants Accessibility (app appears automatically via AXIsProcessTrusted()) App creates a listen-only CGEventTap (succeeds) App opens x-apple.systempreferences:com.apple.preferences.security?Privacy_ListenEvent User sees the Input Monitoring pane but the app is not listed Environment: macOS 15, signed and notarized app, correct bundle ID, Hardened Runtime with com.apple.security.device.audio-input-monitoring entitlement not set (not applicable). Is there an API equivalent to AXIsProcessTrusted() that reliably registers an app in the Input Monitoring list? Or is there a specific entitlement, Info.plist key, or sequence of calls required on macOS 14+/15 to ensure the app appears?

Hi, I'm the developer of Mail Signature (MAS, bundle ID: de.metaflash.mail-signature), a Mac app that uses iCloud Drive to sync email signatures. On macOS Tahoe, when a user denies the iCloud access permission dialog on first launch, there is absolutely no way to reverse that decision through System Settings. Regression from Sequoia: On Sequoia, after denying iCloud access, the app correctly appears under System Settings → Privacy & Security → Files and Folders where the user can toggle access back on. On Tahoe, the app does not appear anywhere in Privacy & Security after denial – not under Files and Folders, not under Apple ID → iCloud, nowhere. Technical details: Affected TCC services: kTCCServiceUbiquity + kTCCServiceLiverpool tccutil reset Ubiquity alone is insufficient Only tccutil reset All triggers the dialog again This suggests both services need to be reset simultaneously Impact: Normal users are permanently locked out with zero recovery path. The only workaround is Terminal: tccutil reset All de.metaflash.mail-signature ...which is completely inaccessible to average consumers. As a MAS developer we have no way to help users programmatically: exec/child_process → sandbox blocked NSUserUnixTask → designed for user-supplied scripts only, not reliable here Apple Events to Terminal → blocked or App Review risk Feedback submitted: FB22746525 Is anyone else seeing this? Would appreciate dups on the Feedback report. Any workaround suggestions from DTS welcome.

In iOS 18, requesting Contacts access via CNContactStore.requestAccess(for:) triggers a two-stage authorization flow: First stage: the standard "Allow / Don't Allow" alert Second stage: a sheet titled "How do you want to share contacts?" with two options — "Select Contacts" and "Share All [N] Contacts" My question is about the second-stage sheet specifically. It does not appear to have a Cancel or Close button, and swipe-down to dismiss does not work on the devices I've tested (iOS 18.x). If a user reaches this second prompt and decides they don't want to choose either option, how are they expected to dismiss it? Is this intentional behavior?

Hi everyone, We are working on an app that requires access to devices on the local network (Bonjour / LAN discovery + direct socket communication). We are currently struggling with the Local Network privacy permission flow introduced by Apple. From our understanding, there is no dedicated public API to explicitly request Local Network permission or to reliably determine the current authorization state before attempting network activity. We have tried several commonly suggested approaches to trigger the permission dialog, including: Bonjour browsing via NWBrowser Publishing/listening with NetService UDP/TCP socket attempts on local subnet NWConnection / NWListener Triggering discovery after app launch and after foreground transitions We already added the required entries in: NSLocalNetworkUsageDescription NSBonjourServices However, the behavior is inconsistent across devices and OS versions: Sometimes the popup appears immediately Sometimes it never appears Sometimes network operations silently fail without callback clarity In some cases callbacks are delayed or ambiguous Reinstalling/resetting permissions changes behavior unpredictably Our main challenges are: What is currently considered the most reliable Apple-approved method to trigger the Local Network permission prompt? Is there any officially recommended way to determine whether permission is: not determined denied granted Is there any reliable callback or state transition API developers should use? Are there known differences between: NWBrowser NetService BSD sockets NWConnection when it comes to triggering the permission dialog? Are there recommended retry/timing patterns to avoid race conditions during app launch? Is Apple planning to introduce a dedicated authorization API similar to: AVAuthorizationStatus CLAuthorizationStatus PHPhotoLibrary.authorizationStatus() Right now it feels difficult to provide a reliable UX because there is no deterministic way to: proactively request access observe authorization state recover gracefully when the prompt does not appear Any guidance, DTS references, WWDC sessions, or recommended implementation patterns would be greatly appreciated. Thanks!

I have an application that is a VOIP application of sorts that needs access to the microphone. I am using the Mac (Designed for iPad) support to not have to do huge amounts of conditional building and support for all the many iOS specific things my app includes. I never get prompted to allow microphone permissions and I never see my app name appear in Privacy & Security -> Microphone permissions setup. So is it that Mac is just a dead end for any form of an application that needs a microphone and is running under Mac (Designed for iPad) compatibility mode? Why doesn't TCC have some mechanism to notice and grant access to mic use?

Hi everyone, We are investigating a possible iOS permission state issue after a device previously installed our app through TestFlight and later installed the production version from the App Store using the same Bundle ID. Environment: Device: iPhone 15 iOS version: 26.2.1 App distribution history: The app was previously installed through TestFlight and later installed from the App Store Permissions involved: Camera / Photos Issue: When the user opens the App Store version of the app and tries to access a feature that requires Camera or Photos permission, the iOS permission prompt does not appear as expected. Also, the app does not appear under: Settings > Privacy & Security > Camera or: Settings > Privacy & Security > Photos Because of this, the user cannot manually enable the permission. Another user on iOS was able to grant the permissions normally, so the issue appears to be isolated to the device that previously used the TestFlight build. Expected behavior: When the App Store version requests Camera or Photos permission, iOS should display the permission prompt, or the app should appear under Settings > Privacy & Security > Camera/Photos so the user can manage the permission manually. Actual behavior: The permission prompt does not appear, and the app does not appear in the corresponding privacy permission list. Possible cause: It seems like the device may be preserving or reusing a stale privacy permission state from the previous TestFlight installation, since both the TestFlight build and the App Store build use the same Bundle ID. Steps to reproduce: Install the app through TestFlight. Open the app and trigger a Camera/Photos permission request. Grant or deny the permission. Stop testing or remove the TestFlight version. Install the production version from the App Store using the same Bundle ID. Open the App Store version. Trigger the same Camera/Photos permission request flow. Go to Settings > Privacy & Security > Camera/Photos. The app does not appear, or the permission prompt does not behave as expected. Workarounds attempted or suggested: Close and reopen the app. Restart the iPhone. Delete and reinstall the app from the App Store. Stop testing the app from TestFlight. Reset Location & Privacy settings. Question: Has anyone experienced a similar issue where iOS does not show the permission prompt or does not list the app under Privacy & Security after switching from a TestFlight build to the App Store version with the same Bundle ID? Is there a recommended way to fully clear the previous TestFlight permission state, or should this be reported as a possible iOS/TestFlight permission state bug?

Apps that try to access the contents of the pasteboard cause a system prompt to appear asking the user "AppName" would like to paste from "OtherAppName" Do you want to allow this? Don't Allow Paste Allow Paste This prompt does not appear if you implement a UIPasteControl and the user taps it to signal intent to paste, but this control cannot be placed into a UIMenu. I read this could be achieved with UIAction.Identifiers like .paste or .newFromPasteboard but the prompt still appears with the following code. What's the trick? override func viewDidLoad() { super.viewDidLoad() title = "TestPaste" view.backgroundColor = .systemBackground let imageView = UIImageView() imageView.translatesAutoresizingMaskIntoConstraints = false imageView.contentMode = .scaleAspectFit imageView.clipsToBounds = true view.addSubview(imageView) NSLayoutConstraint.activate([ imageView.topAnchor.constraint(equalTo: view.topAnchor), imageView.leadingAnchor.constraint(equalTo: view.leadingAnchor), imageView.trailingAnchor.constraint(equalTo: view.trailingAnchor), imageView.bottomAnchor.constraint(equalTo: view.bottomAnchor) ]) navigationItem.rightBarButtonItem = UIBarButtonItem(title: "Add", image: UIImage(systemName: "plus"), menu: UIMenu(children: [ UIAction(identifier: .paste) { _ in imageView.image = UIPasteboard.general.image } ])) }

We use TeamCity as our Continuous Integration (CI) solution to build and run automated tests. These are integration tests executed through our 4D application, which is properly code‑signed and notarized. These CI machines are heavily used and build multiple versions per day, making them critical to our development workflow. However, we are experiencing an issue on some machines: after a certain period of time, network communication through our application stops working, while network communication remains fully functional when using third‑party tools (for example, LDAP clients). Based on our investigation, this issue appears to be related to Local Network Privacy management. We have followed the procedure described in Apple’s Technical Note: TN3179: Understanding local network privacy | Apple Developer Documentation to reset network authorizations, but this has not been sufficient to resolve the issue. In addition, our CI environment requires acknowledging a large number of Local Network access permission prompts. Given that these machines build multiple versions per day and are intended to run unattended, this is not practical in an automated CI context. We have around ten Macs dedicated to running these tests, and manually approving these pop‑ups is not a viable solution.