New API declarations required by Apple for builds submitted after May 1 2024

[danieldaquino]

I received an email notification from Apple during the last TestFlight submission, where they provide us with a warning about certain API declarations that will become mandatory soon

We should have these ready for any app build submissions that we plan to make after May 1st, 2024

ITMS-91053: Missing API declaration - Your app’s code in the “PlugIns/DamusNotificationService.appex/DamusNotificationService” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “PlugIns/DamusNotificationService.appex/DamusNotificationService” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “damus” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “damus” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

Apple Developer Relations

[danieldaquino]

@alltheseas, we may need to complete this ticket for the 1.8 release if we release after May 1st

[danieldaquino]

Unless we can get 1.8 out before then

[alltheseas]

What is this for? For e.g. DeepL translation API?

[danieldaquino]

What is this for? For e.g. DeepL translation API?

I believe it is just some configuration for the iOS app itself.

The word "API" in this context refers to the APIs that Apple provides to the app itself (Example Apple APIs: Access to a filesystem, Apple Push notifications, access to the iOS photo gallery, and other things like that)

[alltheseas]

Unless we can get 1.8 out before then

Can we get out 1.8 before May 1st @jb55

For now I see just two open tickets, of which I believe one is submitted by Daniel (onboarding limbo during keys creation)

[Semisol]

• NSPrivacyAccessedAPICategoryFileTimestamp: This seems to be used for nostrdb (fstat by LMDB), so C617.1 would apply (checking application files only).
• NSPrivacyAccessedAPICategoryUserDefaults: It seems this is used to store app configuration only not read by other apps, so CA92.1 would apply (storing data for solely use by the current app).

Note: I am not an iOS developer and I might have missed things.

[danieldaquino]

@jb55 @alltheseas: added this to the v1.8 milestone since we will need this to make the 1.8 AppStore release happen

[danieldaquino]

NSPrivacyAccessedAPICategoryFileTimestamp: This seems to be used for nostrdb (fstat by LMDB), so C617.1 would apply (checking application files only). NSPrivacyAccessedAPICategoryUserDefaults: It seems this is used to store app configuration only not read by other apps, so CA92.1 would apply (storing data for solely use by the current app).

Thank you @Semisol for looking into this! I ended up using 1C8F.1 for the UserDefaults (since we also use that info on an extension we use for notifications), but this was helpful!

[danieldaquino]

Sent patch to patches@damus.io (https://groups.google.com/a/damus.io/g/patches/c/dpUjzA3374M)

@jb55, please let me know if you have any questions or concerns. Thank you!

[alltheseas]

@danieldaquino to push