Handling Privacy Manifest Requirements with Outdated Firebase and Angular Version

Ionic Framework ionic-v3
1

Hi,

I’ve been caught off guard by the new privacy manifest requirements, which are asking for 11 declarations—mostly related to Firebase.

Unfortunately, my app is somewhat outdated, as I haven’t had time to update all the dependencies. I’m currently using:

  • Ionic 5
  • Capacitor 5.0.0
  • Angular 12
  • Firebase 8.2.5
  • AngularFire 6.1.5

I see two possible options:

  1. Upgrade to Firebase 10.22.0, which includes the privacy manifest. However, this would also require upgrading to AngularFire 16.0.0 and Angular 16, introducing a large number of breaking changes that could be difficult to manage in a short time frame. Not to mention having to retest everything as we just completed testing.
  2. Manually create a privacy manifest or use a tool to generate one. Would it be possible to copy the Firebase 10.22.0 manifest contents into my own manually created file and find the info needed to manually create this for the other SDKs?

I’m on a tight deadline and have very limited time to resolve this. Any advice would be greatly appreciated!

SDKS listed by App Store

Frameworks/Capacitor.framework/Capacitor
Frameworks/Cordova.framework/Cordova
Frameworks/FBLPromises.framework/FBLPromises
Frameworks/FirebaseCore.framework/FirebaseCore
Frameworks/FirebaseCoreDiagnostics.framework/FirebaseCoreDiagnostics
Frameworks/FirebaseDynamicLinks.framework/FirebaseDynamicLinks
Frameworks/FirebaseInstallations.framework/FirebaseInstallations
Frameworks/FirebaseMessaging.framework/FirebaseMessaging
Frameworks/GoogleDataTransport.framework/GoogleDataTransport
Frameworks/GoogleUtilities.framework/GoogleUtilities
Frameworks/nanopb.framework/nanopb

Cheers,

2

For Capacitor you’ll have to update to 5.7.4 or newer

If your problem is with the native Firebase SDK, why the AngularFire version matters? isn’t that just the javascript framework?

3

Thanks for the response.
Yep looking to update to Capacitor 5.7.4 initially as that is an easy update.

You raise an interesting point with Firebase native vs JS, I’m not really sure how to connect them to know which SDKs listed by the app store relate to which packages in my project.

If I am not updating Firebase to 10.22.0 I will need to manually create a privacy manifest to cover all those SDKs, correct?

For example how would I find the correct info to add to the privacy manifest for Frameworks/FirebaseMessaging.framework/FirebaseMessaging or Frameworks/FBLPromises.framework/FBLPromises?

I can’t even find the text “FBLPromises” in my project. I guess I’ll need to search the native project in Xcode?

One option might be to create a new project and install the latest versions of all of these packages that automatically generate a privacy manifest and then copy that manifest to my project…

"@angular/fire": "^6.1.5",
"@capacitor-community/fcm": "^5.0.2",
"@capacitor-community/firebase-analytics": "^5.0.1",
"@capacitor-community/stripe": "^5.2.0",
"@capacitor/android": "^5.4.2",
"@capacitor/app": "^5.0.6",
"@capacitor/core": "^5.4.2",
"@capacitor/device": "^5.0.6",
"@capacitor/ios": "^5.4.2",
"@capacitor/keyboard": "^5.0.6",
"@capacitor/network": "^5.0.6",
"@capacitor/push-notifications": "^5.1.0",
"@capacitor/screen-orientation": "^5.0.7",
"@capacitor/splash-screen": "^5.0.6",
"@capacitor/status-bar": "^5.0.6",
"@pantrist/capacitor-firebase-dynamic-links": "^5.0.1",
"es6-promise-plugin": "^4.2.2",
"firebase": "^8.2.5",

devDependencies:
"@firebase/testing": "^0.20.11",
4

Update:
I have manually created a privacy manifest file (PrivacyInfo.xcprivacy) but I am getting exactly the same issues for the same packages from App Store Connect.
Is it not recognizing the privacy manifest or is it incorrectly formated?

I added the privacy manifest in Xcode like so:

  1. Selected my App/App folder in the project navigator
  2. Selected File → New → File from the menu.
  3. Selected App Privacy File type under Resources.
  4. Checked my app target in the Targets list.
  5. Clicked Create. This created a PrivacyInfo.xcprivacy file next to the Info.plist file.
  6. Copied my manually created PrivacyInfo.xcprivacy content into this file in VSCode.

When I generate a Privacy Report from the organizer it seems to work.

PrivacyInfo.xcprivacy:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <!-- Global Tracking Settings -->
    <key>NSPrivacyTracking</key>
    <false/>
    <key>NSPrivacyTrackingDomains</key>
    <array/>
    
    <!-- Collected Data Types -->
    <key>NSPrivacyCollectedDataTypes</key>
    <array>
      <!-- NSPrivacyCollectedDataTypeOtherDiagnosticData -->
      <dict>
        <key>NSPrivacyCollectedDataType</key>
        <string>NSPrivacyCollectedDataTypeOtherDiagnosticData</string>
        <key>NSPrivacyCollectedDataTypeLinked</key>
        <false/>
        <key>NSPrivacyCollectedDataTypeTracking</key>
        <false/>
        <key>NSPrivacyCollectedDataTypePurposes</key>
        <array>
          <!-- From Firestore, Installations, GoogleDataTransport -->
          <string>NSPrivacyCollectedDataTypePurposeAnalytics</string>
          <!-- From Messaging -->
          <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
        </array>
      </dict>
      <!-- NSPrivacyCollectedDataTypeDeviceID from Messaging -->
      <dict>
        <key>NSPrivacyCollectedDataType</key>
        <string>NSPrivacyCollectedDataTypeDeviceID</string>
        <key>NSPrivacyCollectedDataTypeLinked</key>
        <false/>
        <key>NSPrivacyCollectedDataTypeTracking</key>
        <false/>
        <key>NSPrivacyCollectedDataTypePurposes</key>
        <array>
          <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
        </array>
      </dict>
      <!-- NSPrivacyCollectedDataTypeOtherDataTypes from Messaging and Dynamic Links -->
      <dict>
        <key>NSPrivacyCollectedDataType</key>
        <string>NSPrivacyCollectedDataTypeOtherDataTypes</string>
        <key>NSPrivacyCollectedDataTypeLinked</key>
        <false/>
        <key>NSPrivacyCollectedDataTypeTracking</key>
        <false/>
        <key>NSPrivacyCollectedDataTypePurposes</key>
        <array>
          <string>NSPrivacyCollectedDataTypePurposeAnalytics</string>
          <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
        </array>
      </dict>
    </array>
    
    <!-- Accessed API Types -->
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
      <!-- NSPrivacyAccessedAPICategoryFileTimestamp from Dynamic Links and GoogleUtilities -->
      <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
          <string>C617.1</string>
        </array>
      </dict>
      <!-- NSPrivacyAccessedAPICategoryUserDefaults from Firebase Core, Dynamic Links, and GoogleUtilities -->
      <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
          <string>CA92.1</string>
          <string>1C8F.1</string>
          <string>C56D.1</string>
        </array>
      </dict>
    </array>
  </dict>
</plist>

Email:

Please correct the following issues and upload a new binary to App Store Connect.

ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/Capacitor.framework/Capacitor”, which includes Capacitor, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: Page Not Found - Apple Developer

ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/Cordova.framework/Cordova”, which includes Cordova, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: Page Not Found - Apple Developer

ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/FBLPromises.framework/FBLPromises”, which includes FBLPromises, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: Page Not Found - Apple Developer

ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/FirebaseCore.framework/FirebaseCore”, which includes FirebaseCore, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: Page Not Found - Apple Developer

ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/FirebaseCoreDiagnostics.framework/FirebaseCoreDiagnostics”, which includes FirebaseCoreDiagnostics, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: Page Not Found - Apple Developer

ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/FirebaseDynamicLinks.framework/FirebaseDynamicLinks”, which includes FirebaseDynamicLinks, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: Page Not Found - Apple Developer

ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/FirebaseInstallations.framework/FirebaseInstallations”, which includes FirebaseInstallations, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: Page Not Found - Apple Developer

ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/FirebaseMessaging.framework/FirebaseMessaging”, which includes FirebaseMessaging, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: Page Not Found - Apple Developer

ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/GoogleDataTransport.framework/GoogleDataTransport”, which includes GoogleDataTransport, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: Page Not Found - Apple Developer

ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/GoogleUtilities.framework/GoogleUtilities”, which includes GoogleUtilities, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: Page Not Found - Apple Developer

ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/nanopb.framework/nanopb”, which includes nanopb, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: Page Not Found - Apple Developer

5

So GPT seems to think that each SDK needs its own file which means manually creating a manifest is a waste of time.

Anyone have any experience with this?

It looks like as of 12 Feb 2025 all SDKs require their own privacy manifest and signature.

Therefore it seems the manually creating a master privacy manifest is no longer possible and updating all packages / SDKs is the only option.

The rejection means that Apple isn’t recognizing your app’s combined privacy manifest as fulfilling the requirement—each third‑party SDK must include its own privacy manifest file inside its framework bundle.

What’s happening?
Apple’s guidelines require that every commonly used third‑party SDK (such as Capacitor, Cordova, FirebaseCore, etc.) embeds a PrivacyInfo.xcprivacy file in its own bundle. Adding one combined file at the app level (even if it covers all SDKs) isn’t sufficient. The error messages indicate that these frameworks don’t have their own embedded privacy manifests.

6

If upgrading is too complex, manually creating the privacy manifest could be a good temporary fix. Extract the necessary info from Firebase 10.22.0 and other SDKs. Upgrading later might be easier long-term. Hope this helps!

1 Like
7

Thanks for the response. I have done this but still getting the same errors.

Do I need to add a privacy manifest for each SDK as well?
Where would I add these if so.

Seems like this is saying I need to add multiple privacy manifests not just a single main one.

8

Hi @wekas, I have the same issue after looking around (AI didn’t help). I found out that the plugin needs to have privacyInfo.xcprivacy file to work. So you will need to update the npm packages to the versions which support the change. I opened the fix for @capacitor-community/fcm to update the cocopod version, which supports the privacyInfo.

9

I found a solution that does not involve updating the packages / SDKs.
My app has been approved and is in the app store now.

  1. Find all the PrivacyInfo.xcprivacy files for the SDK’s that the rejection email mentions.
  2. Create a combined PrivacyInfo.xcprivacy file from those. See example in post below.
  3. Place the file in ios/App/App folder. Note that you have to add from Xcode and add your target as a resource.
  4. Add a new privacy manifest file in the Pods/Frameworks folder in Xcode see example in post below.
    4a) Copy the same privacy manifest as in step 3 into this.
    4b) Set the Target Membership to all of the SDKs/Frameworks. e.g. “Capacitor”, “CapacitorApp”

Good to go.

If anyone wants more detail let me know.

Of course the recommended solution is to update to the latest packages but if you can’t this is a option.

2 Likes
10

Sounds great that you already find out the way of fix this issue.
I’m trying too. I’m struggling on the step 1. I don’t find anywhere the PrivacyInfo files for GTMAppAuth and GoogleSignIn SDKs
Any clue where I can get this files?

11

@iujajai I did not have those ones but here are where mine were.
I actually used a freelancer that specialises in this so if you are stuck pm me and I can pass on their details if you like. They are affordable and know what they are doing.

  1. Capacitor.framework/Capacitor
    capacitor/ios/Capacitor/Capacitor/PrivacyInfo.xcprivacy at 5f092970e33da1ec896efc4e2a5ae3fb77fca658 · ionic-team/capacitor · GitHub
  2. Cordova.framework/Cordova
    cordova-ios/templates/project/App/PrivacyInfo.xcprivacy at 5cf4d943d9767bbf69b3ba3ae0e2f2037f0da7bb · apache/cordova-ios · GitHub
  3. FBLPromises.framework/FBLPromises
    promises/Sources/FBLPromises/Resources/PrivacyInfo.xcprivacy at d6d659a6cbdd4108788781d178a72fd34ce07e6e · google/promises · GitHub
  4. FirebaseCore.framework/FirebaseCore
    firebase-ios-sdk/FirebaseCore/Sources/Resources/PrivacyInfo.xcprivacy at b888e1e35f1b07d737d6d4be1b02d96b530a9a77 · firebase/firebase-ios-sdk · GitHub
  5. FirebaseCoreDiagnostics.framework/FirebaseCoreDiagnostics
  6. FirebaseDynamicLinks.framework/FirebaseDynamicLinks
    firebase-ios-sdk/FirebaseDynamicLinks/Sources/Resources/PrivacyInfo.xcprivacy at b888e1e35f1b07d737d6d4be1b02d96b530a9a77 · firebase/firebase-ios-sdk · GitHub
  7. FirebaseInstallations.framework/FirebaseInstallations
    firebase-ios-sdk/FirebaseInstallations/Source/Library/Resources/PrivacyInfo.xcprivacy at b888e1e35f1b07d737d6d4be1b02d96b530a9a77 · firebase/firebase-ios-sdk · GitHub
  8. FirebaseMessaging.framework/FirebaseMessaging
    firebase-ios-sdk/FirebaseMessaging/Sources/Resources/PrivacyInfo.xcprivacy at b888e1e35f1b07d737d6d4be1b02d96b530a9a77 · firebase/firebase-ios-sdk · GitHub
  9. GoogleDataTransport.framework/GoogleDataTransport
    GoogleDataTransport/GoogleDataTransport/Resources/PrivacyInfo.xcprivacy at c6afba69ca5a5dd956de23303c6a77599c404324 · google/GoogleDataTransport · GitHub
  10. GoogleUtilities.framework/GoogleUtilities
    GoogleUtilities/GoogleUtilities/Privacy/Resources/PrivacyInfo.xcprivacy at ba8e711dc052d88063038ccc60539d00dadcd697 · google/GoogleUtilities · GitHub
  11. nanopb.framework/nanopb
    nanopb/spm_resources/PrivacyInfo.xcprivacy at fc7d53c3fea3ce04af5b98234feaa1c7400f73d6 · nanopb/nanopb · GitHub

Resulting PrivacyInfo.xcprivacy:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>NSPrivacyAccessedAPITypes</key>
    <array>
      <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
          <string>CA92.1</string>
          <string>C56D.1</string>
        </array>
      </dict>
      <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
          <string>C617.1</string>
        </array>
      </dict>
      <dict>
        <key>NSPrivacyAccessedAPIType</key>
        <string>NSPrivacyAccessedAPICategorySystemBootTime</string>
        <key>NSPrivacyAccessedAPITypeReasons</key>
        <array>
          <string>3D61.1</string>
        </array>
      </dict>
    </array><key>NSPrivacyCollectedDataTypes</key><array></array>
  </dict>
</plist>
13

I had the same issue and managed to solve most of them by creating the privacy file manually for the problematic PODs.
However, this final one is really weird “Frameworks/Cordova.framework/Cordova”
I do not find this POD/Framework.
How did you manage to resolve this particular one?
Thanks.

14

I did not do it myself but see #2 in my list above. Does that help?

15

I managed to include the privacy file via Build Phases of Pods project. I am attaching the screenshot.

Screenshot 2025-02-26 at 09.29.47
Screenshot 2025-02-26 at 09.29.47397×194 6.11 KB

thanks a lot for your reply.

16

Did you get it approved?

17

Hello. Can you help me with step 4 - my project has this structure

Screenshot 2025-02-26 at 15.37.51
Screenshot 2025-02-26 at 15.37.51512×418 32 KB

Where exactly should i put PrivacyInfo file? Should I create Framework folder inside App/Pods or I should add it in Pods project(seems wierd since I’m not pushing that project to review)?

18

Note that this image is not mine and from a Flutter project.
Put it in ios/App/App and Pods/Frameworks

image
image187×642 77.1 KB

19

Thanks a lot, it fixed my problem :slight_smile:

1 Like
20

I keep getting Multiple commands produce PrivacyInfo.xcprivacy

When copying PrivacyInfo.xcprivacy file to two places as suggested

21

@smarttask Try removing all privacy files and adding again.
I got that once when adding them to multiple locations but adding to pods/frameworks in Xcode should not count as a duplicate.