iOS配置隐私清单文件App Privacy Configuration

推送到TestFlight后邮件收到警告信息如下，主要关于新的隐私政策需要补充：

Hello,
We noticed one or more issues with a recent submission for TestFlight review for the following app:
AABBCC
Version 10.10.10
Build 10
Although submission for TestFlight review was successful, you may want to correct the following issues in your next submission for TestFlight review. Once you've corrected the issues, upload a new binary to App Store Connect.
ITMS-91053: Missing API declaration - Your app’s code in the “AABBCC” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.
ITMS-91053: Missing API declaration - Your app’s code in the “AABBCC” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategorySystemBootTime. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.
ITMS-91053: Missing API declaration - Your app’s code in the “AABBCC” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.
ITMS-91053: Missing API declaration - Your app’s code in the “AABBCC” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryDiskSpace. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.
Apple Developer Relations
补充方式：
1、选择SupportingFiles文件夹，然后新建PrivacyInfo文件：

2、搜索框输入priv搜索，选择App Privacy

3、选中SupportingFiles文件夹的PrivacyInfo文件，按照邮件要求的隐私项逐一填写：

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>E174.1</string>
</array>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryDiskSpace</string>
</dict>
<dict>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>C617.1</string>
</array>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
</dict>
<dict>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>C617.1</string>
</array>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategorySystemBootTime</string>
</dict>
<dict>
<key>NSPrivacyAccessedAPIType</key>
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
<key>NSPrivacyAccessedAPITypeReasons</key>
<array>
<string>C617.1</string>
</array>
</dict>
</array>
</plist>

苹果官方链接说明：Describing use of required reason API | Apple Developer Documentation

最近在上架应用时 App Store Connect 总是给我发送邮件说我提交的版本有问题，邮件内容大致如下

Hello,

We noticed one or more issues with a recent submission for App Store review for the following app:

BinDeApp
Version 1.0
Build 1
Although submission for App Store review was successful, you may want to correct the following issues in your next submission for App Store review. Once you've corrected the issues, upload a new binary to App Store Connect.

ITMS-91053: Missing API declaration - Your app’s code in the “PlugIns/FileProvider.appex/FileProvider” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

ITMS-91053: Missing API declaration - Your app’s code in the “client” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryFileTimestamp. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

导致出现这个情况的原因是 Apple 增加了一个 隐私清单文件，最近强制要求上架应用都需要声明所使用的涉及隐私数据相关的 API 都需要说明原因为啥需要使用，并且在 2024 年 5 月 1 日后上架的应用如果不增加 隐私清单文件 将会被拒绝审核。相关链接在这: 描述您的应用程序或第三方 SDK 收集的数据以及其使用 API 所需的原因。

首先我们得在项目中创建这个隐私清单文件，点击文件 -> 创建文件 -> App 隐私（Xcode 需要升级到 v5.3 或以上版本）

IOS AppStore 上架之解决 ITMS-91053: Missing API declaration-天真的小窝

然后根据邮件中提示的不同隐私类型去添加声明项即可，相关文档：

File timestamp APIs（NSPrivacyAccessedAPICategoryFileTimestamp）

System boot time APIs（NSPrivacyAccessedAPICategorySystemBootTime）

User defaults APIs（NSPrivacyAccessedAPICategoryUserDefaults）

IOS AppStore 上架之解决 ITMS-91053: Missing API declaration-天真的小窝

最后，如果在 Xcode 中无法创建隐私清单模版文件的话可以手动创建 PrivacyInfo.xcprivacy 文件到项目目录，然后添加到项目中。相关配置项可以参考如下填写

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>NSPrivacyAccessedAPITypes</key>
	<array>
		<dict>
			<key>NSPrivacyAccessedAPIType</key>
			<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
			<key>NSPrivacyAccessedAPITypeReasons</key>
			<array>
				<string>1C8F.1</string>
			</array>
		</dict>
		<dict>
			<key>NSPrivacyAccessedAPIType</key>
			<string>NSPrivacyAccessedAPICategorySystemBootTime</string>
			<key>NSPrivacyAccessedAPITypeReasons</key>
			<array>
				<string>35F9.1</string>
			</array>
		</dict>
		<dict>
			<key>NSPrivacyAccessedAPIType</key>
			<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
			<key>NSPrivacyAccessedAPITypeReasons</key>
			<array>
				<string>DDA9.1</string>
				<string>3B52.1</string>
			</array>
		</dict>
	</array>
</dict>
</plist>

其中 NSPrivacyAccessedAPITypeReasons 数组中的 string 部分填写，文档中描述项的 ID，例如

User defaults APIs  用户默认 API
The following API for accessing user defaults requires reasons for use. Use the string NSPrivacyAccessedAPICategoryUserDefaults as the value for the NSPrivacyAccessedAPIType key in your NSPrivacyAccessedAPITypes dictionary.
以下用于访问用户默认值的 API 需要使用原因。使用字符串 NSPrivacyAccessedAPICategoryUserDefaults 作为 NSPrivacyAccessedAPITypes 字典中 NSPrivacyAccessedAPIType 键的值。

In your NSPrivacyAccessedAPITypeReasons array, supply the relevant values from the list below.
在您的 NSPrivacyAccessedAPITypeReasons 数组中，提供下面列表中的相关值。

CA92.1
Declare this reason to access user defaults to read and write information that is only accessible to the app itself.
声明此原因以访问用户默认读取和写入只能由应用程序本身访问的信息。

This reason does not permit reading information that was written by other apps or the system, or writing information that can be accessed by other apps.
此原因不允许读取其他应用程序或系统写入的信息，或写入可由其他应用程序访问的信息。

1C8F.1
Declare this reason to access user defaults to read and write information that is only accessible to the apps, app extensions, and App Clips that are members of the same App Group as the app itself.
声明此原因以访问用户默认值以读取和写入仅可由与应用程序本身属于同一应用程序组的成员的应用程序、应用程序扩展和应用程序剪辑访问的信息。

This reason does not permit reading information that was written by apps, app extensions, or App Clips outside the same App Group or by the system. Your app is not responsible if the system provides information from the global domain because a key is not present in your requested domain while your app is attempting to read information that apps, app extensions, or App Clips in your app’s App Group write.
此原因不允许读取由同一应用程序组外部的应用程序、应用程序扩展或应用程序剪辑或系统写入的信息。如果系统提供来自全局域的信息，则您的应用程序不承担责任，因为当您的应用程序尝试读取应用程序的应用程序组中的应用程序、应用程序扩展或应用程序剪辑写入的信息时，您请求的域中不存在密钥。

This reason also does not permit writing information that can be accessed by apps, app extensions, or App Clips outside the same App Group.
此原因也不允许写入可由同一应用程序组外部的应用程序、应用程序扩展或应用程序剪辑访问的信息。

C56D.1
Declare this reason if your third-party SDK is providing a wrapper function around user defaults API(s) for the app to use, and you only access the user defaults APIs when the app calls your wrapper function. This reason may only be declared by third-party SDKs. This reason may not be declared if your third-party SDK was created primarily to wrap required reason API(s).
如果您的第三方 SDK 围绕用户默认 API 提供包装函数供应用程序使用，并且您仅在应用程序调用您的包装函数时才访问用户默认 API，请声明此原因。此原因只能由第三方 SDK 声明。如果您的第三方 SDK 主要是为了包装所需的原因 API 而创建的，则可能不会声明此原因。

Information accessed for this reason, or any derived information, may not be used for your third-party SDK’s own purposes or sent off-device by your third-party SDK.
出于此原因访问的信息或任何派生信息不得用于您的第三方 SDK 自身的目的，也不得由您的第三方 SDK 发送至设备外。

AC6B.1
Declare this reason to access user defaults to read the com.apple.configuration.managed key to retrieve the managed app configuration set by MDM, or to set the com.apple.feedback.managed key to store feedback information to be queried over MDM, as described in the Apple Mobile Device Management Protocol Reference documentation.
声明此原因以访问用户默认读取 com.apple.configuration.managed 键以检索 MDM 设置的托管应用程序配置，或设置 com.apple.feedback.managed 键来存储要通过 MDM 查询的反馈信息，如 Apple 移动设备管理协议参考文档中所述。