ITMS-91053: Missing API Declaration – Privacy

by

Have you submitted an iOS app to the App Store only to receive a confusing email from Apple about ITMS-91053: Missing API declaration? Don’t worry—you’re not alone! This error means your app uses certain APIs that require a privacy explanation, and Apple’s new rules, effective May 1, 2024, make this mandatory. In this guide, we’ll break down what ITMS-91053 is, why it happens, and how to fix it by creating a PrivacyInfo.xcprivacy file. By the end, you’ll know exactly how to ensure your app meets Apple’s privacy requirements and sails through App Store review. Let’s get started!

What is ITMS-91053: Missing API Declaration?

Apple introduced stricter privacy guidelines in 2024 to protect user data. The ITMS-91053 error occurs when your app or its third-party libraries use specific APIs—called required reason APIs—without explaining why in a privacy manifest file. These APIs access sensitive data, like user defaults, file timestamps, or disk space, and Apple wants transparency about their usage.

For example, you might see a message like this:

ITMS-91053: Missing API declaration – Your app’s code in the “Runner” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest.

This means your app needs a PrivacyInfo.xcprivacy file to declare why it uses these APIs. Without it, your app could be rejected after May 1, 2024.

Why Does This Matter?

Apple’s goal is to ensure apps are transparent about data usage. By requiring a privacy manifest, they help users trust that apps aren’t misusing sensitive information. Fixing ITMS-91053 is crucial for:

  • App Store Approval: After May 1, 2024, apps without a valid privacy manifest will be rejected.
  • User Trust: Clear privacy declarations build confidence in your app.
  • Compliance: Avoid future headaches by meeting Apple’s guidelines now.

Common APIs Triggering ITMS-91053

The ITMS-91053 error typically involves these API categories:

  • NSPrivacyAccessedAPICategoryUserDefaults: Used to store user preferences (e.g., app settings).
  • NSPrivacyAccessedAPICategoryFileTimestamp: Accesses file creation or modification dates.
  • NSPrivacyAccessedAPICategorySystemBootTime: Checks when the device last restarted.
  • NSPrivacyAccessedAPICategoryDiskSpace: Retrieves available storage information.

These APIs are often used by your app’s code or third-party libraries like Firebase, Alamofire, or Google Mobile Ads. Even if you don’t directly use them, your dependencies might, triggering the error.

Step-by-Step Guide to Fix ITMS-91053

To resolve ITMS-91053, you need to create a PrivacyInfo.xcprivacy file and declare the reasons for using these APIs. Here’s how to do it, explained simply for beginners:

Step 1: Understand the Required Reason APIs

Apple’s documentation lists required reason APIs and approved reasons for their use. Visit Apple’s Privacy Manifest Files documentation to see the full list. Common reasons include:

  • CA92.1 (UserDefaults): For storing and retrieving user preferences.
  • C617.1 (FileTimestamp): For accessing file metadata without user tracking.
  • 35F9.1 (SystemBootTime): For performance optimization or analytics.
  • E174.1 (DiskSpace): For checking storage availability.

Match the APIs listed in the ITMS-91053 email to these reasons.

Step 2: Create a PrivacyInfo.xcprivacy File

  1. Open Xcode: Open your app’s project in Xcode.
  2. Add a New File: Go to File > New > File, choose Property List, and name it PrivacyInfo.xcprivacy.
  3. Add to Your Target: Ensure the file is added to your app’s target under Build Phases > Copy Bundle Resources.
  4. Edit the File: Add the NSPrivacyAccessedAPITypes array to declare the APIs and their reasons. Here’s an example:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>CA92.1</string>
            </array>
        </dict>
        <dict>
            <key>NSPrivacyAccessedAPIType</key>
            <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
            <key>NSPrivacyAccessedAPITypeReasons</key>
            <array>
                <string>C617.1</string>
            </array>
        </dict>
    </array>
</dict>
</plist>

This example declares UserDefaults and FileTimestamp with their approved reasons. Adjust based on the APIs in your ITMS-91053 email.

Step 3: Check Third-Party Libraries

Many ITMS-91053 errors come from third-party SDKs. For example:

  • Firebase or Alamofire might use SystemBootTime.
  • Google Mobile Ads might use DiskSpace.

To fix this:

  • Update Libraries: Check for updates to your SDKs. Many, like Alamofire, now includeSony include privacy manifests.
  • Review Dependencies: If an SDK lacks a privacy manifest, contact the developer or add the necessary declarations yourself.
  • Search for APIs: Look for Swift or Objective-C methods in your code or dependencies that match the API categories in the error. For example, NSUserDefaults methods trigger UserDefaults.

Step 4: Test and Validate

  • Build Locally: Test your app to ensure the privacy manifest doesn’t cause errors.
  • Check for Warnings: Use Xcode’s Privacy Report feature to verify your manifest.
  • Submit to App Store Connect: Upload your app to TestFlight or App Store Connect to confirm the ITMS-91053 error is resolved.

Step 5: Handle Rejections

If your app is rejected with ITMS-91056: Invalid privacy manifest, double-check:

  • The format of your PrivacyInfo.xcprivacy file (use Apple’s template).
  • That all required APIs are declared with valid reasons.
  • That third-party SDKs include their own privacy manifests.

Resubmit after fixing any issues.

Tips to Avoid ITMS-91053 in the Future

  • Stay Updated: Regularly check Apple’s privacy manifest documentation for updates.
  • Audit Dependencies: Use tools like grep to search for required reason APIs in your code and libraries.
  • Use Modern SDKs: Ensure all third-party libraries are up-to-date and include privacy manifests.
  • Document Everything: Keep a record of all APIs your app uses to simplify future updates.

Common Mistakes to Avoid

  • Ignoring Third-Party SDKs: Many ITMS-91053 errors come from outdated libraries. Always check for updates.
  • Incorrect Reasons: Using the wrong reason code (e.g., CA92.1 instead of C617.1) can lead to ITMS-91056 errors.
  • Missing APIs: Forgetting to declare an API used by your code or an SDK will trigger ITMS-91053.
  • Improper File Setup: Ensure PrivacyInfo.xcprivacy is correctly named and added to your target.

Tools to Help You

  • Xcode: Use the built-in Privacy Report feature to identify required reason APIs.
  • Apple’s Documentation: Refer to Apple’s guide for approved reasons.
  • Dependency Checkers: Tools like CocoaPods or Swift Package Manager can help identify outdated SDKs.

Conclusion

Fixing ITMS-91053: Missing API declaration is straightforward once you understand Apple’s privacy manifest requirements. By creating a PrivacyInfo.xcprivacy file, declaring the reasons for using required reason APIs, and ensuring your third-party libraries are up-to-date, you can ensure smooth App Store submissions. Don’t wait until the May 1, 2024, deadline—start now to avoid rejections and keep your app compliant. Have questions or need help? Share your experience in the comments, and let’s tackle ITMS-91053 together!

FAQs

What is ITMS-91053: Missing API declaration?

ITMS-91053 is an App Store warning that your app uses APIs like UserDefaults or FileTimestamp without a privacy manifest explaining why. Starting May 1, 2024, a PrivacyInfo.xcprivacy file is required.

How do I create a PrivacyInfo.xcprivacy file to fix ITMS-91053?

In Xcode, create a new Property List file named PrivacyInfo.xcprivacy, add it to your app’s target, and list the APIs (e.g., NSPrivacyAccessedAPICategoryUserDefaults) with approved reasons like CA92.1.

Why does my app get ITMS-91053 if I don’t use these APIs directly?

Third-party SDKs like Firebase or Google Mobile Ads may use APIs like SystemBootTime or DiskSpace. Update these SDKs or add their API declarations to your privacy manifest.

What happens if I ignore ITMS-91053?

Until May 1, 2024, it’s a warning, but after that, apps without a valid privacy manifest will be rejected by App Store Connect.

How can I check if my PrivacyInfo.xcprivacy file is correct?

Use Xcode’s Privacy Report feature to validate your manifest, and test submissions via TestFlight to catch issues like ITMS-91056: Invalid privacy manifest.

Leave a Comment