"Missing API declaration" warning from Apple

[gnprice]

After I uploaded today's v0.0.13 release to TestFlight for our iOS beta users, we got an email from Apple with the following warning:

Although submission for TestFlight review was successful, you may want to correct the following issues in your next submission for TestFlight review. Once you've corrected the issues, upload a new binary to App Store Connect.

ITMS-91053: Missing API declaration - Your app’s code in the “Runner” file references one or more APIs that require reasons, including the following API categories: NSPrivacyAccessedAPICategoryUserDefaults. While no action is required at this time, starting May 1, 2024, when you upload a new app or app update, you must include a NSPrivacyAccessedAPITypes array in your app’s privacy manifest to provide approved reasons for these APIs used by your app’s code. For more details about this policy, including a list of required reason APIs and approved reasons for usage, visit: https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api.

Apple Developer Relations

So we'll need to resolve that in the next few weeks, by 2024-05-01, in order to continue publishing betas for iOS whenever we like.

Whatever "one or more APIs" they're referring to must be something in one of our dependencies, because we have zero Swift or Objective-C code of our own so far. Following links a bit: the relevant section is here, and the only API in that category is UserDefaults. I don't know offhand which of our dependencies might use that; it might be in code we never invoke.

It seems like Apple has just recently started sending these warnings. We didn't get one for the v0.0.12 release, just three weeks ago, and we don't have any new dependencies since then. Threads like flutter/flutter#145269 also suggest that many people just started getting these circa 2024-03-16, a little over two weeks ago.

To handle this:

• The first step is to upgrade all our dependencies. That might resolve the issue — there's a way for dependencies to provide these privacy manifests (to be aggregated into the app's manifest), and it sounds like a lot of plugins have just recently added them. Which makes sense given that these warnings just started going out to the developers using the plugins.

• If that doesn't resolve it: the plugins may nevertheless have the privacy manifests, as they don't always get automatically aggregated. Detailed steps to take are at Determine how to handle privacy manifests in packages flutter/flutter#131940 (comment) ; see also update at Determine how to handle privacy manifests in packages flutter/flutter#131940 (comment) .

• If that doesn't resolve it, that'll mean some plugin is missing a privacy manifest it needs. At that point it's a debugging problem. The general approach needed is described here; some examples inspecting binary dependencies with nm | grep are here and in the comments after it.

Useful threads in the Flutter tracker include:

• Determine how to handle privacy manifests in packages flutter/flutter#131940
• Flutter iOS documentation to address "ITMS-91053: Missing API declaration" flutter/flutter#145269

[gnprice]

We just got the same email from Apple today, after I sent v0.0.14 to TestFlight. So this issue is still present after #628.

It's likely that we're affected here by the same App Store Connect bug discussed at zulip/zulip-mobile#5859 . In that case, the workaround for now is to include our own privacy manifest compiled manually.