ITMS-91056: Invalid privacy manifest

[techouse]

I just received an email from App Store Connect citing that my app that integrates the OneTrust iOS SDK lacks a privacy manifest

ITMS-91056: Invalid privacy manifest - The PrivacyInfo.xcprivacy file from the following path is invalid: “Frameworks/OTPublishersHeadlessSDK.framework/PrivacyInfo.xcprivacy”. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, keys and values in your app’s privacy manifest must be in a valid format. For more details about privacy manifest files, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files.

[salvatoreboemia]

Me too.

I think in the privacy manifest they missed other mandatory keys or some keys is not filled properly

E.g. from internet

Please fix it

Thanks

[techouse]

I think in the privacy manifest they missed other mandatory keys or some keys is not filled properly

I think it's more likely that Apple suddenly changed their requirements, because the PrivacyInfo.xcprivacy hasn't been changed in ~2mos.

[davidzampier]

It's a new requirement from Apple: https://developer.apple.com/news/?id=3d8a9yyh. This has to be updated by the end of April otherwise it won't be possible to upload new builds to App Store Connect.

[techouse]

I have created a support ticket with OneTrust and got this response

We are currently reviewing the Privacy manifest internally, changes to the Privacy Manifest will be shared in the release notes which you can subscribe to:

https://my.onetrust.com/s/release-notes

I have asked them to update this Github issue once it's resolved.

[harshbytes9026]

I think there is one Privacy Policy manifest available. Please check the exact file here: https://github.com/Zentrust/OTPublishersHeadlessSDK/blob/7bdaaa05c6080d288fe811a809dd137a58f431d4/Sources/OTPublishersHeadlessSDK.xcframework/ios-arm64/OTPublishersHeadlessSDK.framework/PrivacyInfo.xcprivacy

[techouse]

Looks like this's been fixed? https://github.com/Zentrust/OTPublishersHeadlessSDK/commit/7bdaaa05c6080d288fe811a809dd137a58f431d4#diff-34c6167c9255f38c0a7a811cd5fe65c736340930033c28888d85cd73faa0e237

Can someone from OneTrust please confirm?

[bwake2021]

We thought this was fixed. Then we got an email from App Store Connect, yesterday, that the privacy manifest at “Frameworks/OTPublishersHeadlessSDKtvOS.framework/PrivacyInfo.xcprivacy” was invalid.

We found two empty dictionaries in the privacy manifest for 202403.1.3. We're updating to 202404.1.0, which does not have the empty dictionaries. This is not only annoying but expensive.

[techouse]

Same here. What's most annoying is the lack of communication. 😑

[joaosouza-traxretail]

@bwake2021 Hi! Updating to 202404.1.0 fixed your problem when uploading a binary to the App Store? We did and we still see the same error.

[bwake2021]

It did not. We just uploaded a build. App Store Connect reports "Invalid Binary".

[techouse]

@bwake2021 Apple approved mine for release last week with this version and again today (the new rules kicked in 1 May). So you might want to check other dependencies as well.

[bwake2021]

Our problem was a botched merge I made. We'll see if we fixed it, in a bit.

[afrade]

Hi! Is this already fixed? If so, on which version?

I compared from version 202402.1.0 to 202407.1.0, it seems something like a typo: Could it be fixed on my app, just fixing the plist!?

Thanks