TN3181: Debugging an invalid privacy manifest
Identify common configurations that cause unsuccessful privacy manifest validation with the App Store.
Overview
Starting November 12, 2024, apps you submit for review in App Store Connect must contain a valid privacy manifest file. If you upload an app to App Store Connect that contains invalid privacy manifest files, you’ll receive an email that includes the name and path of the invalid files in your app bundle. For example:
ITMS-91056: Invalid privacy manifest - The PrivacyInfo.xcprivacy file from the following path
is invalid: "PrivacyInfo.xcprivacy". Keys and values in your app's privacy manifests must be
valid. For more details about privacy manifest files, visit:
https://developer.apple.com/documentation/bundleresources/privacy_manifest_files.An invalid privacy manifest is:
A property list file that contains invalid keys or values.
An improperly formatted property list file.
Review Privacy manifest files to learn about the keys you can include in a privacy manifest. This document lists possible reasons for invalid privacy tracking and accessed API values in your privacy manifest. Validate your privacy manifest to determine why your privacy manifest is malformed.
Configure a tracking domain
A tracking domain is a string that identifies an internet domain your app or third-party SDK connects to that engages in tracking. You set the value of the NSPrivacyTrackingDomains key to a list of tracking domains in your privacy manifest. The value of the string meets the following requirements:
Includes the top-level domain or subdomain.
Contains no path and query components.
Contains no trailing slash.
Possible reason for an invalid tracking value
A value for the NSPrivacyTracking key is invalid if the value is any other type than a Boolean. In your privacy manifest, change the type of the key to Boolean.
Possible reasons for an invalid tracking domains value
A value for the NSPrivacyTrackingDomains key is invalid if the value is any other type than an array of strings. In your privacy manifest, change the type of the key to Array, then add one or more tracking domains to the array. For more information, see Configure a tracking domain.
You can create an invalid privacy manifest when you use both NSPrivacyTrackingDomains and NSPrivacyTracking keys as follows:
Reason | Solution |
|---|---|
The value of the | Fill the array with one or more tracking domains your app or third-party SDK connects to. |
The value of the | Confirm you configure each tracking domain in the array as described in Tn3181 Debugging Invalid Privacy Manifest. |
The value of the | Remove the |
Possible reasons for an invalid accessed API type value
The following table lists reasons why a value for the NSPrivacyAccessedAPIType key is invalid:
Reason | Solution |
|---|---|
The value is any other type than a string. | Change the type of the |
The value is an empty string, or a string whose value doesn’t match a category of required reason APIs. | Set the value of the |
Possible reasons for an invalid accessed API type reasons value
The following table lists reasons why a value for the NSPrivacyAccessedAPITypeReasons key is invalid:
Reason | Solution |
|---|---|
The value is any other type than an array of strings. | Change the type of the |
The value is an empty array of strings. | In the dictionary that contains the |
The value is an array of strings, but some entries don’t match the expected values for the | In the dictionary that contains the |
Possible reasons for an invalid accessed API types value
The following table lists reasons why a value for the NSPrivacyAccessedAPITypes key is invalid:
Reason | Solution |
|---|---|
The value is any other type than an array of dictionaries. | Change the type of the |
The value is an empty array of dictionaries. | Create a dictionary that includes information about a required reason API your app or third-party SDK uses, then add the dictionary to the array. Repeat the process for all required reason APIs your app or third-party SDK uses. |
The value is an array of dictionaries, but some of the dictionaries are invalid. | Confirm each dictionary in the array contains a |
Validate your privacy manifest file
You can use the plutil command to ensure your privacy manifest is a properly formatted plist file. To validate your privacy manifest, run plutil with the -lint option in Terminal:
% plutil -lint /path/to/PrivacyInfo.xcprivacyIf the privacy manifest is a valid plist, the command prints a message similar to the following:
% plutil -lint PrivacyInfo.xcprivacy
~/Documents/SampleApp/PrivacyInfo.xcprivacy: OKIf the privacy manifest is malformed, an error message appears in Terminal:
% plutil -lint PrivacyInfo.xcprivacy
~/Documents/SampleApp/PrivacyInfo.xcprivacy: Encountered unexpected character
`a` on line 8 while looking for close tag To fix the errors, open your privacy manifest in a text editor or Xcode to address them.
Revision History
2024-11-12 First published.
See Also
Latest
TN3205: Low-latency communication with RDMA over ThunderboltTN3206: Updating Apple Pay certificatesTN3179: Understanding local network privacyTN3190: USB audio device design considerationsTN3194: Handling account deletions and revoking tokens for Sign in with AppleTN3193: Managing the on-device foundation model’s context windowTN3115: Bluetooth State Restoration app relaunch rulesTN3192: Migrating your iPad app from the deprecated UIRequiresFullScreen keyTN3151: Choosing the right networking APITN3111: iOS Wi-Fi API overviewTN3191: IMAP extensions supported by Mail for iOS, iPadOS, and visionOSTN3134: Network Extension provider deploymentTN3189: Managing Mail background traffic loadTN3187: Migrating to the UIKit scene-based life cycleTN3188: Troubleshooting In-App Purchases availability in the App Store