--- title: "TN3181: Debugging an invalid privacy manifest" framework: technotes role: article role_heading: Article path: technotes/tn3181-debugging-invalid-privacy-manifest --- # TN3181: Debugging an invalid privacy manifest Identify common configurations that cause unsuccessful privacy manifest validation with the App Store. ## Overview Overview Starting November 12, 2024, apps you submit for review in App Store Connect must contain a valid privacy manifest file. If you upload an app to App Store Connect that contains invalid privacy manifest files, you’ll receive an email that includes the name and path of the invalid files in your app bundle. For example: ITMS-91056: Invalid privacy manifest - The PrivacyInfo.xcprivacy file from the following path is invalid: "PrivacyInfo.xcprivacy". Keys and values in your app's privacy manifests must be valid. For more details about privacy manifest files, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files. An invalid privacy manifest is: A property list file that contains invalid keys or values. An improperly formatted property list file. Review Privacy manifest files to learn about the keys you can include in a privacy manifest. This document lists possible reasons for invalid privacy tracking and accessed API values in your privacy manifest. Validate your privacy manifest to determine why your privacy manifest is malformed. Configure a tracking domain A tracking domain is a string that identifies an internet domain your app or third-party SDK connects to that engages in tracking. You set the value of the NSPrivacyTrackingDomains key to a list of tracking domains in your privacy manifest. The value of the string meets the following requirements: Includes the top-level domain or subdomain. Contains no path and query components. Contains no trailing slash. Possible reason for an invalid tracking value A value for the NSPrivacyTracking key is invalid if the value is any other type than a Boolean. In your privacy manifest, change the type of the key to Boolean. Possible reasons for an invalid tracking domains value A value for the NSPrivacyTrackingDomains key is invalid if the value is any other type than an array of strings. In your privacy manifest, change the type of the key to Array, then add one or more tracking domains to the array. For more information, see Configure a tracking domain. You can create an invalid privacy manifest when you use both NSPrivacyTrackingDomains and NSPrivacyTracking keys as follows: | | | | note: If your app or third-party SDK doesn’t connect, or no longer connects to any tracking domains, remove both NSPrivacyTrackingDomains and NSPrivacyTracking keys from your privacy manifest. Alternatively, set the value of NSPrivacyTracking to false and remove NSPrivacyTrackingDomains from your privacy manifest. Possible reasons for an invalid accessed API type value The following table lists reasons why a value for the NSPrivacyAccessedAPIType key is invalid: | | | Possible reasons for an invalid accessed API type reasons value The following table lists reasons why a value for the NSPrivacyAccessedAPITypeReasons key is invalid: | | | | note: If your app or third-party SDK doesn’t use, or no longer uses a specific required reason API, remove its related dictionary from the NSPrivacyAccessedAPITypes key. If NSPrivacyAccessedAPITypes is empty, remove it from the privacy manifest. Possible reasons for an invalid accessed API types value The following table lists reasons why a value for the NSPrivacyAccessedAPITypes key is invalid: | | | | Validate your privacy manifest file You can use the plutil command to ensure your privacy manifest is a properly formatted plist file. To validate your privacy manifest, run plutil with the -lint option in Terminal: % plutil -lint /path/to/PrivacyInfo.xcprivacy If the privacy manifest is a valid plist, the command prints a message similar to the following: % plutil -lint PrivacyInfo.xcprivacy ~/Documents/SampleApp/PrivacyInfo.xcprivacy: OK If the privacy manifest is malformed, an error message appears in Terminal: % plutil -lint PrivacyInfo.xcprivacy ~/Documents/SampleApp/PrivacyInfo.xcprivacy: Encountered unexpected character `a` on line 8 while looking for close tag To fix the errors, open your privacy manifest in a text editor or Xcode to address them. note: If your privacy manifest is a valid plist, check its keys and values. Your privacy manifest could still be invalid if its keys and values don’t match the values App Store Connect expects. For more information about the keys and values App Store Connect expects, see Privacy manifest files. Revision History 2024-11-12 First published. ## See Also ### Latest - [TN3210: Optimizing your app for iPhone Mirroring](technotes/tn3210-optimizing-your-app-for-iphone-mirroring.md) - [TN3211: Resolving SwiftUI source incompatibilities for State and ContentBuilder](technotes/tn3211-resolving-swiftui-source-incompatibilities-for-state-and-contentbuilder.md) - [TN3212: Adopting gesture recognizers for Sidecar touch support](technotes/tn3212-adopting-gesture-recognizers-for-sidecar-touch-support.md) - [TN3208: Preparing your app’s launch screen to meet App Store requirements](technotes/tn3208-preparing-your-apps-launch-screen-to-meet-app-store-requirements.md) - [TN3205: Low-latency communication with RDMA over Thunderbolt](technotes/tn3205-low-latency-communication-with-rdma-over-thunderbolt.md) - [TN3206: Updating Apple Pay certificates](technotes/tn3206-updating-apple-pay-certificates.md) - [TN3179: Understanding local network privacy](technotes/tn3179-understanding-local-network-privacy.md) - [TN3190: USB audio device design considerations](technotes/tn3190-usb-audio-device-design-considerations.md) - [TN3194: Handling account deletions and revoking tokens for Sign in with Apple](technotes/tn3194-handling-account-deletions-and-revoking-tokens-for-sign-in-with-apple.md) - [TN3193: Managing the on-device foundation model’s context window](technotes/tn3193-managing-the-on-device-foundation-model-s-context-window.md) - [TN3115: Bluetooth State Restoration app relaunch rules](technotes/tn3115-bluetooth-state-restoration-app-relaunch-rules.md) - [TN3192: Migrating your iPad app from the deprecated UIRequiresFullScreen key](technotes/tn3192-migrating-your-app-from-the-deprecated-uirequiresfullscreen-key.md) - [TN3151: Choosing the right networking API](technotes/tn3151-choosing-the-right-networking-api.md) - [TN3111: iOS Wi-Fi API overview](technotes/tn3111-ios-wifi-api-overview.md) - [TN3191: IMAP extensions supported by Mail for iOS, iPadOS, and visionOS](technotes/tn3191-imap-extensions-supported-by-mail.md)