Can't submit to App Store for review because of NSUserTrackingUsageDescription

[KevinCrossDCL]

I can't submit a new version of my app to the App Store because I get the following message:

Unable to Submit for Review The items below are required to start the review process: Your app contains NSUserTrackingUsageDescription, indicating that it may request permission to track users. To submit for review, update your App Privacy response to indicate that data collected from this app will be used for tracking purposes, or update your app binary and upload a new build. Learn More

To update the app privacy response you have to update the Info.plist which isn't something that's accessible.

https://developer.apple.com/documentation/bundleresources/information_property_list/nsusertrackingusagedescription

The version of Studio I'm using is AGK Studio 2021.06.14 Mac

What can I do? And what AGK functions would trigger this, or is it set by default on any project exported for iOS? I do use GetDeviceID and I'm storing that in an encrypted format in an online database. This is to be able to find users that are using multiple accounts on a single device when they're being a nuisance to others. This is the code, but I've replaced the string that is used to encrypt it with x's.

deviceID$ = Sha512("xxxx" + GetDeviceID() + "xxxx")

I should mention that the issue isn't with uploading for TestFlight. That's fine, The problem is with publishing the app update for general release.

Hopefully we don't have to wait months for a new version of AGK.

[KevinCrossDCL]

I've looked at the App Privacy page on App Store Connect and I'm already stating the data types I do track. These haven't changed in the last year or so. They are User IDs, Device IDs, and other

[KevinCrossDCL]

I found Info.plist by showing package contents of the AGK Studio application, but if I edit it by adding a row for "Privacy - Tracking Usage Description" it breaks AGK Studio and will stop it from opening. Removing the line added in the file will fix AGK Studio, and will allow me to open AGK again. So editing Info.plist doesn't look like something I can do.

[rvanner]

@orvillian Can you take a look into this on Monday please?

[KevinCrossDCL]

Paul mentioned in a comment on another issue that the Mac files that are used as part of the export like the Manifest.xml file (and maybe Info.plist but that wasn't mentioned) can be found in Library/Application Support/AGKStudio/ or Library/Containers

However I don't have either of those folders as shown in this screenshot. I have hidden files shown.

Here's the link to Pauls comment on another issue: https://github.com/TheGameCreators/AGK-Studio/issues/800#issuecomment-831988632

[orvillian]

@KevinCrossDCL You should be able to solve this by updating the App Privacy section. Despite you possibly not needing specific functionality, given AGK references it you need to mention it. Here's how the AGK Player's privacy section looks -

An alternative option is to build your Tier 1 app inside Xcode using the ios_interpreter project and take control of the plist yourself and ensure you do not link to advertising SDKs. This option means you can likely leave your current privacy listing as is.

Longer term we need to look at a better way to control the export process for Tier 1 apps allowing you to specify exactly what is needed.

[KevinCrossDCL]

So I've selected the same data types (see screenshot)

But what do I select for these 3 that are now new in my list:

I'm not comfortable going down the Xcode way so late in development.

Can we please get a guide written and made public on how to set up the privacy settings properly (and clearly) until there's a better solution added to the export. I think it's fair to say that others are going to have the same issue as me, especially if they've already got their apps on the store.

The other thing I've noticed is that I don't have the options when setting all of these privacy settings to say which ones are linked to the user, and which are tracking the user etc. Your original screenshot has 3 groups:

1. Data used to track you
2. Data linked to you
3. Data not linked to you

[orvillian]

@KevinCrossDCL I have attached a screenshot showing all the relevant information for the AGK Player -

Once you have filled everything in it should update to look the same as the AGK Player with the three groups at the top of the page.

[KevinCrossDCL]

@orvillian thank you for your help! The app has now been submitted and waiting for review

[KevinCrossDCL]

Didn't work quite as well as hoped. They're asking me where in the app I'm asking permission to track all of that data. All of that data I'm not in the least bit interested in tracking might I add.

Any ideas on how I should implement this prompt and the wording I should be using. Keeping in mind that it's TGC tracking more data in my app then I care to track myself. I just need to track their device ID, and AdMob are probably tracking stuff with their ads.

I also don't have access to any of the data that I had to say was being tracked to get it through to review!

[orvillian]

@PaulSJ Please can you let us know how to deal with this? Are all apps now going to need to request consent given the tracking string contained in the plist for Tier 1 users?

[KevinCrossDCL]

Any update on this? Don't mean to sound impatient but it seems it's most likely broken for all iOS tier 1 developers

[rvanner]

@KevinCrossDCL We have a development meeting this afternoon and this is one of the items we'll be discussing.

[PaulSJ]

@KevinCrossDCL If you are using AdMob or any of the other ad SDKs then you need to use the RequestConsentAdMob() command to show the App Tracking Transparency permission request.

If you are not using ads then your best bet is probably modifying the Info.plist file to remove the NSUserTrackingUsageDescription row. You mentioned modifying a plist file earlier but I think you were modifying the AGKStudio plist, which doesn't need to change. The one you need to modify is in Resources/media/data/ios/source/AppGameKit Player.app

TGC doesn't track any data, the data types listed above by orvillian are because we include the AdMob, Chartboost, and other SDKs. If you are not using these (by unticking the "Uses Ads" export option) then you can remove them. I didn't realise Apple would also latch on to the presence of the NSUserTrackingUsageDescription field in the plist and demand an explanation. You may be able to get around that by explaining to Apple that it's not really used, but they'll probably just tell you to remove it, which you can do using the instructions above.

We will probably need to modify the export process to remove that field field if the Uses Ads tick box is unticked.

[KevinCrossDCL]

I tried adding the RequestConsentAdMob() code to the app but for iOS it gets stuck in a loop. It works fine on Android. It gets stuck in the "got here 2" loop. I am using AdMob, and AdMob only.

    LoadConsentStatusAdMob("pub-xxxxxxxxxxxxxxxx", constAppMarketingDomain$ + "/privacy-policy")
    while(GetConsentStatusAdMob() < 0)
        print("got here 1")
        Sync()
    endwhile
    if (GetConsentStatusAdMob() = 0) 
        RequestConsentAdMob()
        while(GetConsentStatusAdMob() < 0)
            print("got here 2")
            Sync()
        endwhile
    endif

[orvillian]

@KevinCrossDCL It will be useful to know the return value of GetConsentStatusAdMob when it's stuck in the while loop.

[KevinCrossDCL]

The return value is:

-1 = LoadConsentStatusAdMob is in the process of loading the user consent status, please wait

I've waited for minutes. And tried multiple times. It's continuously stuck in the loop.

[orvillian]

@KevinCrossDCL I take it this is all being tested in your exported app and not the player?

@PaulSJ What might cause this to happen?

[KevinCrossDCL]

Yes exported via TestFlight. I can't get the player to work since updating as it's constantly showing a network error. The player is fine on Android.

[KevinCrossDCL]

If I removed ads from the app (keeping in mind that's about £300-400 a month that I'd lose) and removed all of the extra options I was told to add above to the app privacy section on appstoreconnect.com, except for the one or two I had originally i.e. device identifier, do you think that would work?

I would lose less money if I removed ads from iOS but kept them in on the Android version.

[PaulSJ]

When you call RequestConsentAdMob() you should see a dialog popup asking you to consent, and also a dialog from iOS asking you to grant the App Tracking permission, do either of those appear?

[KevinCrossDCL]

See my messages: https://github.com/TheGameCreators/AGK-Studio/issues/831#issuecomment-874579495 and https://github.com/TheGameCreators/AGK-Studio/issues/831#issuecomment-873931972

It doesn't work on iOS. It gets stuck in a loop returning -1. It works fine on Android. No prompts appear on iOS

[PaulSJ]

The only thing I can see that might cause it to never update is if the consent SDK decides that no consent dialog is required. I've added a check for the next version to trap this case but for now you can modify the check loop like so

    LoadConsentStatusAdMob("pub-xxxxxxxxxxxxxxxx", constAppMarketingDomain$ + "/privacy-policy")
    while(GetConsentStatusAdMob() < 0)
        print("got here 1")
        Sync()
    endwhile
    if (GetConsentStatusAdMob() = 0) 
        RequestConsentAdMob()
        timeout# = Timer() + 2000
        while(GetConsentStatusAdMob() < 0 and Timer() < timeout#)
            print("got here 2")
            Sync()
        endwhile
    endif

[KevinCrossDCL]

I think it should be + 2 and not + 2000. Was going to say it's still stuck in a loop but further print lines added showed me it added 2000 seconds to the Timer() value, and not 2000 milliseconds

[PaulSJ]

Good point, it should be 2

[KevinCrossDCL]

So how do I reset it so that I can see the dialog appear on iOS. Uninstalling the app doesn't reset it. I'd like to know for sure it's working before I resubmit to Apple so that it doesn't get rejected again.

[PaulSJ]

If the consent SDK determines that consent is not required then it will never show for you, but it will appear for other users. I see it in the UK but I don't know what parameters it is using to determine if consent is required.

You could try the AGK Player app to see if it pops up there, it should happen as soon as the app starts. You mentioned getting a network error with the player, to fix that enable the Local Network permission for the app in the device privacy settings.

[KevinCrossDCL]

I see the prompt in the player when I open it. And local network permission is enabled, but still doesn't work.

I notice though that the settings for the player has an "allow tracking" option, but my app doesn't. Could that be why the prompt isn't showing? My app only has Siri & Search, and Notifications.

Uses adverts is checked when exporting an iOS version in AGK Studio

[PaulSJ]

I see the prompt in the player when I open it

Something seems wrong there, if the consent dialog appears in the player but not in the exported app then something must be different between them. I'll see if there are any issues exporting an app with ads.

I notice though that the settings for the player has an "allow tracking" option, but my app doesn't. Could that be why the prompt isn't showing?

It's the other way around, the setting only appears in the settings after the app shows the prompt, which for some reason the exported app isn't doing.

local network permission is enabled, but still doesn't work

Is the player definitely up to date? It should show "Built Jun 11 2021" at the bottom

[KevinCrossDCL]

Yes I'm using the Built Jun 11 2021 (Vulkan) version. I'm not overly fussed about the player not working on iOS as it works on Android. So if it's working for others then I can live without it until a future version

Something seems wrong there, if the consent dialog appears in the player but not in the exported app then something must be different between them. I'll see if there are any issues exporting an app with ads.

Thank you. I will hold off re-submitting it for review.

[KevinCrossDCL]

So I removed ads from the iOS version and updated the app privacy thing to just say device/user data and it got rejected again because I don't have App Tracking Transperency in the app. iOS and AGK can only be published if you have an empty App Privacy template on appstoreconnect.com if you're using tier 1. When do you think a new version of AGK will be available to fix this?

[orvillian]

@KevinCrossDCL I will look into the problem with the export and consent dialog next week and see if it's a simple fix. If I run into problems I can't say for sure how long it will take to resolve it and produce a new version. In the meantime I can offer assistance with how to build your Tier 1 app in Xcode as we might be able to resolve any issues that way. If you want to try that email me directly using orvillian@googlemail.com. Otherwise we'll continue here and see if I can make any progress next week.

[KevinCrossDCL]

Thanks, I may take you up on that offer, but won't bother you on the weekend. Maybe next week.

[KevinCrossDCL]

I want to raise another problem with the Tier 1 iOS export. Removing ads and any tracking from the app seems to still add app transparency to the plist file so can't be submitted for review with a completely empty app privacy on appstoreconnect.

I've had to remove ads and tracking from the app for iOS (that includes no longer saving the device ID), remove the Privacy App Transparency item from the plist file using the Tier 2 packaging process in Xcode, and then delete all items from app privacy on appstoreconnect. It's now waiting for Apple to review.

I do hope they accept it this time.

Edit: Apple approved it. So you can get your tier 1 apps submitted for iOS providing you: remove ads, remove tracking of device ID using GetDeviceID, remove App Transparency from the plist file, package it with the Tier 2 files in Xcode (which is a bit fiddly), and make sure the app privacy settings on appstoreconnect are completely blank/empty.

[KevinCrossDCL]

Now that you're busy working on fixes for the next release can the priority of this be changed to high please?

You can't currently publish to the App Store with Tier 1 in the current version of Studio. You have to go through the Tier 2 process and remove ads and commands like GetDeviceID(), as well as have a blank/empty app privacy on appstoreconnect

[rvanner]

@orvillian What is your view on this issue? Is it something we can consider for this build?

[orvillian]

@rvanner I need to speak to Paul about it and see what options are available.

[orvillian]

@KevinCrossDCL App tracking and advert information is no longer added into the plist as part of the export process in Tier 1 when adverts are disabled. I've done some tests this morning and all looks good. When the build is released please let me know how you get on.

[KevinCrossDCL]

@orvillian I might not be releasing anymore updates to my app and I'll be removing it from both Play Store and App Store in November or December so I probably won't be able to test it when the new release of Studio comes out.

It'll be a long long time before I have another app available for release, but thank you for fixing it. Hopefully the problem has been solved for when someone else updates their iOS app or releases a new one.

[neiltking]

I am having the same issue with the "NSUserTrackingUsageDescription" key causing Apple to deny my app submission. I am using Chartboost but with non-personalised adverts so was hoping I wouldn't need to get user consent for tracking etc. More information is in this thread: https://forum.thegamecreators.com/thread/227948

I've looked for the "NSUserTrackingUsageDescription" key in the info.plist file to remove it, but it doesn't seem to appear in there so I am guessing it is added dynamically when the "Uses Adverts" tickbox is checked on export? I was really hoping not to have to put a barrier to the player by adding a consent screen before the game can be played, especially as the majority of players will simply choose "no" to tracking anyway.

[orvillian]

@neiltking Yes, the tracking info is only added when use adverts is checked.

You may have no other option but to call RequestConsentAdMob (it does work for Chartboost) and let the user choose.

[neiltking]

I gave in and implemented the consent screen. It got rejected by Apple who said I wasn't asking for consent so I explained that the request is made when the app starts for the first time.

The app has been rejected again as they say tracking is taking place before consent is requested. I call RequestConsentAdMob() just after setting up the screen resolution etc. and before I set the Chartboost ID information. Is it possible that the Chartboost library is tracking the user even at this early stage? I just wanted to ask before I argue some more with Apple.

[orvillian]

@neiltking I'm discussing the situation with Paul. Will update you when I know more.

[orvillian]

@neiltking You could always try asking Apple what data is being collected. In the meantime I need to look at the Chartboost library and see what updates are available as it's possible they have made changes recently to comply with Apple's rules.

[neiltking]

Thanks @orvillian. I have posed the question to Apple to see what more info they can provide. I will let you know if I hear anything back.

[neiltking]

No help from Apple. Their reply to me asking what was being reported before I even set the advertising ID was, "Thank you for your message and for helping us understand your concern. If you need additional support, you may use this form to request a call with us to discuss your app's review." So no help there at all. I will use the form tomorrow to try and schedule a call but I don't see how they can help via a phone call if they can't help via their own messaging system.

[neiltking]

I have spoken with Apple today and they say the problem is that the app isn't using Apple's native iOS permission request system. I thought it was (it certainly looks like an Apple screen when it pops up on an iPhone) but their exact words are:

"As we discussed, we noticed that your app indicates you collect data but you do not use iOS native App Tracking Transparency to request the user's permission before tracking their activity. To resolve this issue, it would be appropriate to implement App Tracking Transparency and request permission before collecting data used to track. When you resubmit, indicate in the Review Notes where the permission request is located."

This is the documentation page that they point to for implementing the iOS native permission screen: https://developer.apple.com/documentation/apptrackingtransparency

[orvillian]

@neiltking Looks like we either need to update the AdMob and Chartboost SDK's to the latest versions that will likely sit on top of this API or call it directly.

@PaulSJ Any thoughts on this?

[PaulSJ]

The consent process is handled by a separate SDK from the AdMob and Chartboost SDKs. We use the UMP SDK to request consent which is then picked up by the AdMob and Chartboost SDKs.

The UMP SDK does use Apples Ad Tracking request dialog to request tracking permission, but it does have its own prompt just before to explain why it is asking, so maybe the reviewer is not going through the whole process.

[neiltking]

Thanks @PaulSJ and @orvillian for looking into this. I have resubmitted the app with the explanation and hopefully they understand what is happening. Just out of interest, the attached screenshot is the only one I see when I call the RequestConsentAdMob() function (before setting up the Chartboost ID). Which ever option I choose from this screen, I don't get a second prompt come up.

[PaulSJ]

If you agreed to it once you'll never get asked again, but if you've never seen the Apple dialog afterwards then something else must be wrong