New App Store Connect warnings for XOJO builds

I’ve started getting a multiple warnings from App Store Connect about API usage when I upload my builds:

**ITMS-91053: Missing API declaration** - Your app’s code in the “Photo Tape” file references one or more APIs that require reasons, including the following API categories: [API BEING ACCESSED]. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit:

The API warnings are specifically for:


They’re definitely not being called by my own declares. Possible causes could be:

  • XOJO’s runtime
  • MBS plugins
  • iOSKit framework
  • IOSDesignExtensions framework

Since this may be an issue for others, perhaps we can figure out the root cause? Or figure out a blanket reason to provide in a privacy manifest.

I’ve been working on an app for two years that’s close to release. If the warnings can’t be made to go away, or we don’t have a sufficient explaination in the privacy manifest, then myself and others may be up a creek.

Apple docs on the API calls that issue warnings:

A possible manifest could look like:

Yes, there is a possibility to track users via things like their free disk space or by reading their user defaults.

These APIs may be in use by Xojo framework, so Xojo may add these automatically for all applications.

I created a PrivacyInfo.xcprivacy resource in Xcode and added it to my XOJO build in a CopyFiles build step, to copy it to the Resources folder.

The binary was uploaded to App Store Connect and I got a successful upload email, rather than the warning email I usually get. For the 4 APIs indicated, these are the reasons I gave:

System Boot Time


Declare this reason to access the system boot time in order to measure the amount of time that has elapsed between events that occurred within the app or to perform calculations to enable timers.

Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception for information about the amount of time that has elapsed between events that occurred within the app, which may be sent off-device.

User Defaults


Declare this reason to access user defaults to read and write information that is only accessible to the app itself.

This reason does not permit reading information that was written by other apps or the system, or writing information that can be accessed by other apps.

File Timestamp


Declare this reason to access the timestamps, size, or other metadata of files inside the app container, app group container, or the app’s CloudKit container.

Disk Space


Declare this reason to check whether there is sufficient disk space to write files, or to check whether the disk space is low so that the app can delete files when the disk space is low. The app must behave differently based on disk space in a way that is observable to users.

Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception that allows the app to avoid downloading files from a server when disk space is insufficient.

These are based on conservative, educated guesses but it would be great if XOJO could clarify, or better yet, provide a default manifest (either now or in future builds)

Yes, there are privacy considerations with these APIs. The main concern is the uninterrupted distribution of non-privacy-violating XOJO apps in the App Store. :upside_down_face:


This becomes difficult in cases like this when Xojo has huge framework of everything and almost nothing conditionally compiled out then you have things like File dates and File size that always would get compiled in I am guessing.

As to explain to Apple why you have it I am not sure how you can :frowning:

Take that file you created and drag it directly into the navigator. The IDE will merge those items into the app’s plist file.

1 Like

What we did when I was there was add generic strings by default and then letting the user change the strings if they actually used the feature.

Thanks; I’ll try dragging it into the project navigator. As it turns out, I just got an email saying that there are still issues, so copying it to the bundle resources didn’t quite work.

(The file itself isn’t a .plist file, it’s a .xcprivacy file, and XOJO doesn’t merge it with the info.plist.)

Trying another test: Dragging “PrivacyInfo.xcprivacy" into the project navigator, and XOJO puts the file where it needs to be when you building the app: At the root of the app bundle.

I created a test app in Xcode and built it. Xcode copies PrivacyInfo.xcprivacy to the same location.

Uploading to App Store Connect again and fingers-crossed. :crossed_fingers:


1 Like

This isn’t a wholy-unheard of problem. iOS apps built with Unity will encounter the same issue:

And if you use C# in Unity, the inclusion of the whole C# framework is a similar issue:

  1. Assess if your native application code uses any of the following APIs:

However, what’s different here is that I haven’t seen a word from XOJO about this and the deadline is approaching quickly. Unity has docs, at least. If there isn’t one already, I’d suggest a blog post, at the very least. :man_shrugging:


1 Like

:top:This worked. No warning more emails from Apple.


You should change the extension of that file to plist and reimport it.

It actually needs to be a separate file called “PrivacyInfo.xcprivacy” and is a new file-based resource type you can create in Xcode.

Apps and third-party SDKs — distributed as XCFrameworks, Swift packages, or Xcode projects — can contain a privacy manifest file, named PrivacyInfo.xcprivacy .

Would you mind sharing that file?
I will include it with iOSDesignExtensions so everyone has easy access to it :slight_smile:


I imagine Xojo may need to add something to the plugin SDK also and or package iOS plugins into something else than dylib, like framework of some sort maybe. Since I am not sude a PrivacyInfo file can be embedded on dylib.

I could share a quick tutorial step-by-step later today, but these are each developer’s privacy declarations to Apple and shouldn’t be copy-and-pasted from one developer to another.

Basically, go to Xcode and make a new privacy manifest file. It’s an option in the New dialog. Then select the entries that correspond to the descriptions I linked above.

Thank you for pointing this out @John_Balestrieri !

For sure we will publish a blog post about it… and find a way to get all this integrated in a further release of Xojo.

1 Like

…and added to Issues, so we can track this a Feature Request for the IDE / iOS: